The Great Transfer of Risk: Why Boards May Become America’s New Regulators 

As governance norms fray and risk migrates from public institutions to private enterprises, boards may become the new guardians of accountability.

John Adams famously wrote in the Massachusetts Constitution, “A government of laws, and not of men.”

That line, now almost 250 years old, defined the American experiment. The rule of law, not the rule of personality, preference, or passion, was to be the cornerstone of trust in public life.

Today, that cornerstone is under subtle but significant strain. This is not caused by lawlessness in the streets or chaos in the courts; instead, it is due to the erosion of structures that once contained and allocated risk.

As government oversight evolves and long-standing systems of regulation loosen, risk does not vanish; it migrates, moving from government to markets, from public institutions to private companies, and ultimately from management to boards.

This is not an argument for more or less regulation but rather for recognizing where risk goes when oversight diminishes and how that shift will redefine the board’s role in safeguarding enterprise value and public trust.

If artificial intelligence is the headline disruption, the transfer of risk is the deeper structural shift.

The Fracturing of Governance Trust

Nowhere is this shift more visible than in the growing competition among states for corporate domicile. Delaware has long dominated US incorporations, but Texas and Nevada are increasingly positioning themselves as alternatives by offering different liability standards and governance frameworks for directors and officers.

Scholars have long debated whether this interstate competition produces a “race to the top” or a “race to the bottom” in corporate governance. What appears to be efficiency may also introduce fragmentation, and when the rules of the game differ by state, investors must decide whether the underlying protections remain consistent.

The trust premium that underpins the cost of capital—the notion that American governance is consistent and credible—cannot be taken for granted. If it weakens, valuation and access to capital will follow.

This legal fragmentation is mirrored at the macrolevel by the erosion of confidence in the US dollar itself. Years of unchecked deficits, political brinkmanship over debt ceilings, and its use as a tool of sanctions policy have prompted questions about America’s fiscal discipline. The dollar has long been more than currency; it is shorthand for the credibility of US governance. If that slips, the cost of capital rises and the global “safe haven” assumption begins to crumble.

Layered atop this is growing judicial volatility, creating an unpredictable legal landscape in which precedent no longer guarantees protection. Compliance, once a safe harbor, is now merely the starting line. As outcomes become less predictable, boards face litigation risk born of uncertainty, not wrongdoing.

Directors are now governing in an era where precedent no longer predicts outcome.

Operational Risk Without a Backstop

These macrofissures are being mirrored inside the enterprise. The same migration of risk, from system to company, is unfolding across core corporate functions.

Innovation risk has shifted from national policy to private enterprise. As immigration policy tightens, the United States is quietly losing the engine that powered a century of invention. Companies must now cultivate internally what public policy once supplied.

Innovation doesn’t stop when borders close; it just moves to where they are open.

Workforce health has also become a boardroom concern. As health-care access challenges grow, employers are absorbing the economic and human cost of an overextended workforce. Absenteeism, burnout, and safety incidents are now material business risks. The health of the workforce has become a line item in enterprise risk management.

Cybersecurity has followed a similar path. As regulatory oversight becomes less predictable, accountability is increasingly driven by insurers, investors, and plaintiffs’ lawyers. Cyberbreach coverage is shrinking, exclusions are growing, and the question after every incident is the same: Where was the board? Cyber risk isn’t a technology issue anymore; it is a governance competency.

Meanwhile, as climate and sustainability regulatory requirements evolve, market forces are stepping in. Banks, investors, and major customers are embedding sustainability requirements directly into contracts and capital access. The question for boards is no longer: Are we compliant? Instead, it is: Are we still investable?

And as workplace protections weaken, culture itself has become the final guardrail. Rules can compel compliance, but culture governs behavior in the gray areas where rules fall silent. When regulators retreat, boards must ensure that internal values do not retreat as well. In the absence of external oversight, culture becomes the system that determines how power is exercised inside the enterprise.

Global Fractures, Local Consequences

The same dynamics are visible globally. Conflicting digital and data laws have turned cross-border compliance into a labyrinth. Where governments fail to align, multinational companies are forced to arbitrate the conflict themselves. Global data once moved frictionlessly; now every border is a risk event.

Financial deregulation adds another layer of complexity. The relaxation of oversight over regional banks and nonbank lenders reintroduces systemic risk channels long thought contained. Companies must now stress-test liquidity and counterparty exposure, tasks that once belonged to regulators.

Despite risks multiplying, insurance capacity is shrinking. From pandemics and cyberbreaches to director and officer liability, exclusions are expanding. Corporations are entering an era of self-insurance, forced to hold more risk internally as volatility grows.

The Political and Reputational Vacuum

Perhaps the most subtle transfer of all is occurring in the realm of leadership and legitimacy. As public institutions retreat from moral authority, stakeholders increasingly expect corporations to fill the void and define social norms on various issues, including democracy and inclusion.

Boards must decide when and how to speak, and when restraint serves the company better than expression. The danger is not engagement but rather inconsistency, walking the line between saying too much in some moments and too little in others. In an era of deregulation, companies have become the de facto adults in the room.

The New Board Mandate

Across these dimensions—economic, operational, legal, and moral—the pattern is unmistakable. Risk is being repriced and reassigned in real time.

The challenge for US boards is not navigating more regulation; it is managing the vacuum that follows. As institutional trust fragments, corporate governance may become one of the remaining mechanisms of accountability.

Boards are becoming the new regulators, not because they want to be but because someone has to.

The test ahead is whether directors can anticipate, absorb, and allocate risks that were once the domain of government without losing the strategic focus that drives enterprise value. That, more than any technology, is what will define effective governance going forward.

The views expressed in this article are the author's own and do not represent the perspective of NACD.