Facebook – Risk Oversight Committee (2018)
Outcome: 11.55% of all shares; 45% of non-insider shares
Resolved: Shareholders request Facebook’s Board issue a report discussing the merits of establishing a Risk Oversight Board Committee (at reasonable cost, within a reasonable time, and omit confidential and proprietary information).
According to an article published by The Conference Board in the Harvard Law School Forum on Corporate Governance and Financial Regulation:
A risk committee fosters an integrated, enterprise-wide approach to identifying and managing risk and provides an impetus toward improving the quality of risk reporting and monitoring, both for management and the board. This approach can assist the board in focusing on the “big picture.” A risk committee can also provide greater support for company executives who are given broad risk management responsibilities, resulting in a stronger focus at the board level on the adequacy of resources allocated to risk management. Finally, it allows the audit committee and other board committees to focus on their respective core responsibilities.
Facebook’s technological advances and scale appear to be significantly challenging the ability to understand its impact on society and may be creating numerous financial risks which could present material challenges to the company and its shareholders. Events illustrating this include, to name just a few:
• Research linking Facebook to depression and other mental health issues;
• Since 2011, Facebook has been operating under a 20 year Federal Trade Commission settlement agreement regarding user privacy practices;
• Investigations into Russian meddling in U.S. elections and its role in proliferating “fake news”;
• Media coverage which demonstrated that its systems enabled advertisers to target users with offensive terms and other unintended consequences of its products;
• Concerns over censorship in Myanmar and India;
• Growing public and policy attention to the anti-competitive implications of platform monopolies;
• Smugglers reportedly using Facebook to broadcast the abuse and torture of migrants to extort ransom money from their families;
• Criticism from the Congressional Black Caucus over diversity and race relations; and
• The purported use of Facebook as a platform to incite terrorism.
Each of these individual cases may be addressable in a “whack-a-mole” fashion. However, they illustrate the growing concern that Facebook’s Board lacks a strategic approach to risk. Unintended consequences seem to emerge daily, and indicate that the Board needs to have strong governance and risk oversight mechanisms to address these challenges and provide a “big picture” perspective.
Facebook’s Board has chosen not to establish a separate Risk Oversight Committee. Instead, according to Facebook’s Audit Committee Charter, the Audit Committee, “will discuss with the Company’s management the Company’s major financial risk and enterprise exposures and the steps management has taken to monitor and control such exposures, including the Company’s procedures and any related policies with respect to risk assessment and risk management.” This is standard boilerplate language, which does not capture the particular challenges faced by Facebook.
Given the importance of better Board risk oversight, we believe the Board should establish a separate Risk Oversight Committee, especially given the numerous other and important responsibilities of the Audit Committee.