TOP OF MIND: What directors are thinking (James Lam, director, E*Trade & RiskLens)

Risk oversight has always been one of the most critical responsibilities for corporate directors. Today, organizations face global conflicts, economic uncertainties and disruptive technologies. In an environment often described as VUCA (volatile, uncertain, complex, and ambiguous), directors are elevating their expectations. In a recent NACD poll, 62% of directors viewed disruptive risks as “much more important” than five years ago. However, only 19% of directors expressed confidence in management’s ability to address such risks. We need to close that gap.

What are disruptive risks? An animal metaphor of black swans, grey rhinos, and white elephants can be useful. Black swans are “unknown unknowns” that are highly improbable and difficult to predict, such as the 9/11 attack and the 2008 financial crisis. Gray rhinos are “known unknowns” that are observable but often ignored due to uncertainties about their timing and impact. For example, artificial intelligence and cybersecurity have been around for decades. White elephants are “known knowns” or big issues that are extant but difficult to acknowledge and manage. Examples include irrational CEO behavior and sexual harassment cases that ushered in the #MeToo movement. All three can be considered atypical, disruptive risks that can have a major impact on an organization’s business performance and reputation.

How should directors help management navigate disruptive risks? Recommendations to consider include: (1) incorporating disruptive risks into the board agenda, (2) ensuring fundamental enterprise risk management (ERM) practices are effective, (3) advocating for scenario analysis and contingency planning, (4) improving board-level risk metrics and reporting, and (5) strengthening board culture and governance. The end goal is to capture disruptive risks as part of a robust ERM program.

In a VUCA world, we directors need to think more broadly about risk oversight including focused discussions with management about disruptive risks, negative and positive scenarios, early-warning indicators, and action plans that can help our companies turn uncertainty into a business advantage.

Note: For more information, see the 2018 NACD Blue Ribbon Commission Report and the January/February 2019 NACD Directorship magazine cover story available at

James Lam is the president of James Lam & Associates and a director of E*TRADE Financial, where he chairs the risk oversight committee. He is also an independent director of RiskLens, Inc., a cyber risk quantification company. Previously he served as president of ERisk, partner of Oliver Wyman, and chief risk officer of Fidelity Investments. Lam was named to the NACD Directorship 100 in 2017 and 2018, Directors & Boards “Directors to Watch,” Treasury & Risk “100 Most Influential People in Finance” three times, and GARP inaugural “Risk Manager of the Year.” He is a best-selling author of three ERM books published by Wiley. Lam is certified by the Software Engineering Institute of Carnegie Mellon in Cybersecurity Oversight.

(This is an ongoing feature of Directors & Boards. To be considered as a subject for “Top of Mind”, contact Eve Tahmincioglu at


Other related articles