11 September 2025

Strategic risk management in the Board: obligation, opportunity, and value driver

  • Articles
  • Legal
  • Governance / ESG

In a world of growing uncertainty and rapid change, companies are more than ever required to not only manage risks operationally, but also to control them strategically. The board of directors plays a central role in this—as a supervisory body and as an active driver of corporate resilience and sustainable success.

  • Dr. Alex Enzler

    Legal Partner

  • Dr. Balz Hösly

    Legal Partner

  • Adrian Peyer

    Legal Partner

This article highlights why strategic risk management is one of the core tasks of every board of directors, what legal principles apply, and how effective governance, compliance, and risk culture can be established.

I. The responsibility of the board of directors: Legal basis

According to Art. 716a of the Swiss Code of Obligations (CO), risk management is one of the non-transferable tasks of the board of directors. This duty is not only formal in nature – it is an expression of active and forward-looking corporate governance. The duty of care and loyalty (Art. 717 CO) obliges board members to identify potential risks and take measures to manage them. Since January 1, 2023, Art. 717a CO also requires the immediate disclosure of any conflicts of interest.

The board of directors is not only responsible for defining the risk policy and strategy, but also for reviewing it annually and monitoring its implementation by management. This makes risk management a continuous governance process – rather than a one-off checkpoint.

II. What is risk? – From black swan to risk matrix

Risk refers to an uncertain potential development that could jeopardize the achievement of business objectives – strategically, operationally, or financially. The distinction between known, unknown, and unconscious risks is by no means theoretical: it is precisely the "unknown unknowns" that pose the greatest challenge.

Effective risk management is based on a structured process:

  • Identification: What risks exist – internally and externally?
  • Assessment: How likely is it that they will occur, and how high would the damage be?
  • Action planning: avoid, mitigate, transfer, or consciously bear identified risks.
  • Monitoring: early warning indicators and regular evaluation.

Risk matrices help to make risks comparable and set the right priorities – for both SMEs and large companies.

III. Corporate governance and ESG – more than just a set of rules

Good corporate governance is not an end in itself, but a means of strengthening corporate value and social acceptance. The Swiss Code of Best Practice for Corporate Governance (2023) emphasizes the principle of sustainable corporate governance and calls for clear rules on responsibilities, transparency, control mechanisms, and a balanced relationship between management and supervision.

ESG (environmental, social, governance) issues in particular are no longer optional, but have become an integral part of corporate governance.

IV. Compliance and reputation protection – the underestimated lever

Compliance is not a minor issue, but part of the board of directors' supervisory duties. An effective internal compliance program (ICP) requires:

  • a clear "tone at the top" (exemplified by the board of directors),
  • documented processes and responsibilities,
  • adequate resources,
  • ongoing training, and
  • integration into the risk management system.

Failure to comply quickly leads to reputational damage—a risk that, according to the Allianz Risk Barometer 2025, is one of the greatest risks facing companies.

V. Risk culture – the foundation

Effective risk management is based not only on structures, but above all on a lived risk culture – a shared attitude toward responsibility, transparency, and dealing with uncertainty. The board of directors also has a central management responsibility here: according to section 12 of the Swiss Code of Best Practice, it must regularly report on the culture within the company.

A strong risk culture leads to:

  • more stable decision-making processes,
  • greater stakeholder confidence,
  • lower transaction costs, and
  • more resilient organizations.

VI. Recommendations for boards of directors

  1. Embed governance, risk, and compliance management as a strategic management task—not just as a mandatory exercise.
  2. Create an up-to-date risk matrix – with a focus on the most significant top risks.
  3. Promote a culture of integrity – by setting an example and communicating effectively.
  4. Strengthen your compliance structure – with clear responsibilities, processes, and a culture that leads by example.
  5. Establish an active and integrated ESG strategy – sustainability is no longer just an image factor, but a value driver.
  6. Get regular reports and check in on the current status of GRC and ESG implementation (at least once a year).

Conclusion

Strategic risk management is not only a legal requirement, but also key to sustainable corporate governance. It combines values, responsibility, and value creation. A committed and informed board of directors can thus not only mitigate risks, but also exploit opportunities.

The MME offer: Pragmatic GRC health check for your SME

Where does your company stand? Where do risks lurk? And how can pragmatic measures have a big impact?

We would be happy to work with you to analyze how your governance, risk, and compliance structures are set up—in a practical, efficient, and measured manner.

Contact us for an individual GRC health check for your company.


Click here to learn more about our expertise:
Back