At Northwestern Law’s 44th Annual Ray Garrett Jr. Corporate & Securities Law Institute, Erik Gerding, Director of the SEC’s Division of Corporation Finance, discussed the Securities and Exchange Commission’s final rules relating to cybersecurity risk management, strategy, governance, and incident disclosure (the “Final Rules”). The Final Rules require public companies to timely report material cybersecurity

The Securities and Exchange Commission (the “SEC”) has adopted new rules that require public companies to disclose substantial information about the material impacts of climate-related risks on their business, financial condition, and governance (the “Final Rules”).  The SEC says that “climate-related risks, their impacts, and a public company’s response to those risks can significantly affect

Generative AI (i.e., AI creating original content using machine learning and neural networks) has captivated people everywhere, producing a range of responses from doomsday warnings of machines rendering humans extinct to rosy dreams where machines possess magical properties. In corporate boardrooms, however, a more sober conversation is occurring. It seeks a practical understanding of

From employee protection to consumer safety, risk management is a central daily duty of corporate management and has become top of the oversight agenda for corporate boards. While managers remain in charge of day-to-day risk management, the board’s oversight role has expanded so much that directors benefit from thinking broadly and deeply about how they

In a win for corporate boards and vindication of directors at McDonald’s Corporation, the Delaware Chancery Court in McDonald’s II dismissed all shareholder claims that directors violated their oversight duties amid a toxic corporate culture. Four takeaways from Vice Chancellor Laster’s opinion offer valuable guidance for corporate directors in today’s volatile world.  Read more

Historically, directors have been protected from personal liability in connection with risk management by the high standard set in the seminal 1996 Caremark case. In recent years, however, courts have held that certain plaintiffs have pled facts sufficient to avoid dismissal of suits seeking to hold directors liable for failing to discharge their oversight duties.