Historically, directors have been protected from personal liability in connection with risk management by the high standard set in the seminal 1996 Caremark case. In recent years, however, courts have held that certain plaintiffs have pled facts sufficient to avoid dismissal of suits seeking to hold directors liable for failing to discharge their oversight duties. In addition, the staff of the Securities and Exchange Commission has recently made written requests to some public companies regarding their disclosure of risk oversight. In this article, we provide background on these developments and identify five steps that directors may want to consider as they develop risk governance frameworks. Read more on the Columbia Law School Blue Sky Blog >>