In today’s rapidly changing business landscape, new technologies have become essential. The digital revolution, built on data-driven innovations, has permanently shifted how businesses collect, analyze, and utilize information. This transformation comes with significant challenges. As companies navigate the digital landscape, they must address cybersecurity, privacy, and ethical considerations alongside legal requirements.
In our recent paper, we examine whether corporate boards effectively integrate digital technology matters into their monitoring function. To explore this, we first discuss the board’s duty of oversight in general and concerning digital matters, considering the legal regimes in the United States (Delaware) and the Netherlands. Subsequently, we analyze the oversight role and expertise of (non-executive) directors in the Netherlands based on exploratory empirical assessment of the biographies of such directors using natural language processing techniques. Our findings indicate that a majority of Dutch (non-executive) boards possess varying degrees of digital savviness. Moreover, it appears there are only limited, if any, established practices for ensuring the presence of this expertise at the board level.
Board Oversight Duties in General
As digital systems become more integral to business, boards face new challenges. This raises the question of whether current corporate governance frameworks are equipped to guide boards in the proper direction to ensure that directors possess the necessary expertise to oversee and monitor their respective companies.
To address the issue, we first explore the legal aspects of the board’s duty of oversight. In the US, boards have a key role in overseeing and monitoring the management of a company, as stated in section 141(a) of the Delaware General Corporation Law. Typically, the board delegates day-to-day management to top executives while retaining oversight responsibilities. The board’s oversight function is crucial for monitoring management and includes overseeing the risk management system. US practice is generally comparable to the Dutch one, with the nuance that in the two-tier board system dominant in the Netherlands, day-to-day management (including setting up and implementing the risk management system) is carried out by the executive board, whereas monitoring this process falls upon the supervisory board.
The oversight function in the US was addressed in the well-known Caremark case, where it was held that liability arises from sustained or systematic failures to exercise oversight. Subsequent cases have revealed various failures in corporate risk management structures, including the misallocation of responsibilities, lack of relevant expertise among board members, and placing risk management tasks solely within the audit committee.
Digital Matters: Where to Organize Expert Oversight at the Board Level?
The role of the audit committee merits some further discussion with a view to digital technology matters. Audit committees, though helpful for financial matters, may not be well-suited for non-financial risk management tasks. Indeed, audit committees often comprise financially focused members who may lack the necessary skills for addressing non-financial risks. Therefore, some authors have previously suggested re-allocating risk management responsibilities among board committees to optimize talent and time allocation, arguing that board committees other than the audit committee may be better suited for holistic enterprise risk management.
Others have recommended establishing a specialized technology committee at the board level. These committees should ensure the suitability of information and control systems, validate the use of data security tools, and oversee management’s execution of strategies. Adding a technology committee as a complement to the audit committee can optimally make use of the specialization of board members and committees, but integrating and allocating these tasks across the board’s committee structure remains essential. Some companies have responded to the call for technology committees, as shown by the 2021 US Board Index by Spencer Stuart.
Another potential solution would be to impose additional expertise requirements on audit committees. This can be achieved, for instance, through applicable corporate governance codes. However, our study shows that, with the exception of the King IV Report for South Africa, which explicitly addresses technology governance and security, several corporate governance codes lack detailed criteria regarding board members’ roles and expertise in relation to digital matters. The Dutch Corporate Governance Code 2022, for example, recognizes the importance of technology but lacks specific requirements for digital expertise. Other corporate governance codes, such as the UK Corporate Governance Code, German Kodex, and French Afep-Medef Code, do not mention technology or cybersecurity.
Assessing the Digital Savviness of Dutch Boards: Our Exploratory Empirical Analysis
There is a growing body of literature that assesses the technological expertise of boards. One notable study by Weill et al. analyzed the biographies of directors from over 40,000 US companies to identify “digital-savvy” boards. The authors defined digital-savvy directors as those who understand how digital technologies impact a company’s success. Only 24% of the boards in the dataset met this threshold, with significant variations across sectors.
In our research, we adopted this methodology and analyzed the biographies of 213 board members, including both executive and supervisory board members. We gathered information about the directors of the largest Dutch listed companies and excluded those without a registered seat or corporate headquarters in the Netherlands. Subsequently, we employed two natural language processing (NLP) methods to analyze the biographies involved.
First, we applied unsupervised topic modeling (employing the Latent Dirichlet Allocation (LDA) algorithm from the topicmodels package in R). This involves categorizing documents (in this case, biographies) into topics based on the words used. Each biography is considered a mixture of topics. For example, if we have two topics in our model, we might determine that Director X’s biography is 80% related to topic 1 and 20% related to topic 2. The topic modeling results revealed two topics related to digital technology expertise, one of which appeared to pertain directly to digital savviness, while the other was more focused on engineering and industry.
Second, we employed a list of keywords to classify directors as savvy or not, following the approach of Weill et al., using a subset of the same keywords used in this study (which were obtained through surveys, interviews, analysis of chair and CEO letters, and recent director biographies), and supplemented those with our own.
The Findings: The Glass is Either Half-Empty or Half-Full
Based on the analysis, 37% of the directors in the sample were likely to be digital-savvy according to either of the two research methods. However, only six board members were identified as digital-savvy by both methods, suggesting that each method captures a distinct set of digital-savvy directors. A manual review supported that these 42 identified board members possessed technological expertise.
We also compared the results to Weill et al.’s threshold of at least three digital-savvy board members to consider the entire board as digital-savvy. Out of the 20 companies in the sample, seven met this definition, with four of them having five digital-savvy board members. Also, six companies did not have any digital-savvy board members at all, although two of them had separate risk committees. Notably, one of these two companies had a Chief Technology Officer (CTO) who operated immediately below the board and who could be considered digital-savvy.
When considering supervisory boards, we found that 65% of the companies had at least one digital-savvy supervisory board member. These members were often affiliated with audit committees or risk, technology, digital, or strategy committees. At the same time, this finding also entails that 35% of the sampled companies lacked a digital-savvy supervisory board member.
Towards More and Better-Organized Digital-Savvy Directors
Boardroom expertise in digital matters is not only desirable but also increasingly necessary. Our findings highlight the varying levels of digital savviness among board members of large Dutch companies, despite the importance of having a knowledgeable board to navigate technological advancements.
Moreover, our findings demonstrate the feasibility of attracting digital-savvy directors. However, in the Netherlands, there are not yet any established practices for ensuring the presence of this expertise at the board level. It remains to be seen, and future research could explore whether this knowledge should be organized via the audit committee or in a different manner, for instance, via a separate body. Indeed, the search for optimal private ordering is still ongoing.
Anne Lafarre is an Associate Professor at Tilburg Law School, the Netherlands and program director of the Bachelor Data Science (together with Eindhoven University of Technology, the Netherlands).
Titiaan Keijzer is a lawyer at De Brauw Blackstone Westbroek, the Netherlands and a Senior Fellow at Erasmus University Rotterdam.
This post was adapted from their paper, “Board’s Digital Oversight and Expertise: Initial Findings from the Netherlands,” available on SSRN.