Questions and Insights for Board Consideration in Q1 2025

Under the new administration, boards should prepare for potential uncertainty and turbulence in the first half of the year. The initial 100 days of the Trump administration are expected to shed light on key governmental policies and their potential impact on your operational landscape.

The economy will remain a central concern, with inflation, interest rates and geopolitical instability among the most pressing risks. Drawing on the extensive experience of our national professional practice team and the executives we serve, our team at Weaver has identified critical topics to include in your board meeting agendas. These focus areas are designed to help you navigate evolving corporate strategies and emerging risks.

How are we aligning our climate governance framework with regulatory requirements and stakeholder expectations?

Climate governance refers to the processes by which an organization directs, manages and monitors its climate-related risks and opportunities. It matters because boards have a fiduciary duty to evaluate how climate change impacts investor and stakeholder information, the organization’s reputation and brand, and whether climate change can drive innovation for a competitive advantage. Also, by providing clear climate-related information, organizations can make more informed investment and operational decisions.

While several climate governance frameworks exist, each should be tailored to an organization’s specific operating environment. The alignment and governance structure will be determined based on the laws and regulations to which the organization must comply, such as:

• International level: Treaties (e.g., Paris Agreement) with evaluation and reporting under the Corporate Sustainability Reporting Directive, EU Taxonomy Regulation, etc.
• National level: National climate action plans like the nationally determined contributions (NDCs), along with regulatory agencies and policies.
• State and city level: Policies that legislate climate action, such as net zero and/or clean energy goals, cap and trade programs, as well as carbon tax systems.
• Local level: Community initiatives and urban planning, in addition to local adaptation and mitigation projects.
• Private sector and civil society: Corporate sustainability initiatives, as well as advocacy and public awareness campaigns.

If your company is subject to climate regulation and/or disclosure requirements, the following sample framework can help understand which key components should be included in the climate governance framework:

1. Define the vision and goals of the framework: Determining the organization’s purpose for climate governance.
2. Overarching principles: Effective climate governance is underpinned by several overarching principles that guide decision-making and ensure the framework’s success. These principles emphasize transparency, accountability and a proactive approach to addressing climate-related risks and opportunities. Double materiality is an emerging framework that addresses the financial impact of climate risk on the business as well its impacts on the environment.
3. Climate policy scope: The climate policy scope outlines the areas of focus when developing and implementing climate-related initiatives. Defining the scope helps with clarity, consistency and effective management of climate-related risks and opportunities across the company.
4. Financing and resource allocation: A strong climate governance framework requires adequate financial resources and effective allocation across the organization. This section of the framework outlines the mechanisms to secure funding, prioritize resource allocation and track financial performance of climate-related initiatives.
5. Monitoring and reporting: Effective climate governance necessitates a robust system for monitoring and reporting, including metrics and data sharing.
6. Stakeholder engagement and collaboration: Successful climate action requires collaboration and engagement with a diverse range of stakeholders, including investors, customers, suppliers, employees and the broader community. Whether it be public participation, private sector collaboration or other initiatives and alliances, deliberate strategies are important to maximize engagement.
7. Climate governance framework implementation: Effective implementation requires a structured approach and a roadmap that delineates clear roles and responsibilities, developing action plans and ensuring ongoing review for continuous improvement. Steps such as stakeholder mapping, action plan development and performing a baseline assessment can all support effective implementation.

How are we mitigating risks related to data governance and ensuring due care for customer data protection?

Effective board oversight of data privacy requires having sufficient understanding of relevant legal and regulatory frameworks, as well as data management practices. This means asking insightful questions about data security, ensuring the company has effective controls to comply with regulatory requirements and helping guide the company to make smart decisions that protect customer privacy. Boards must also be equipped to ensure management has assessed the adequacy of its data protection controls in light if its data privacy risks.

As a result, effective governance in this area requires ongoing dialogue between the board, management and data privacy experts to ensure the company is prepared for the challenges and opportunities in the data privacy landscape. Boards should prioritize the following in 2025 related to data privacy and global data regulation and be asking the questions below:

• Do we have a detailed inventory of the data we have access to, collect, use or transmit?
  • Have we considered both structured (e.g., databases) and unstructured (e.g., shared network storage drives) data repositories?
• Do we monitor updates to regulations like the General Data Protection Regulation (GDPR-EU), California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA) and others?
• Do we have data minimization policies to collect, store and process only necessary data to reduce risks, as well as ethical frameworks in place for our systems, especially when processing personal data?
• Have we assessed the risk of cyber breaches impacting customer data and non-compliance with regulatory requirements, and do we have monitoring controls and incident response plans in place that are tested?
• Are there clear, user-friendly privacy policies that enable consumers rights like access, deletion and consent withdrawal?
• Are privacy and cybersecurity experts on the board or accessible to provide specialized insights, and is the board and management regularly trained and updated on data privacy controls and risks?
• Are there policies and controls in place that address the growing requirements for data localization in jurisdictions like China, India and Russia?
• Are we preparing for upcoming AI-specific regulations, which are often intertwined with data privacy (e.g., the EU AI Act)?

What strategies have we implemented to reduce vulnerabilities and increase the resiliency of our supply chains?

Shifting geopolitical landscapes combined with disruptions like pandemics and higher frequency of natural disasters have exposed significant vulnerabilities in traditional supply chains. Also, based on recent experience, it has been found that current supply chains are overly concentrated on certain vendors. Building resiliency means being proactive to find alternative sourcing options. This must include robust risk management strategies and a strong emphasis on collaboration and transparency across the entire supply chain ecosystem. During 2025, boards should consider the following questions to identify vulnerabilities and to ensure there is a strategic approach to supply chain resiliency:

• Have we evaluated bringing supply chains closer to core markets to reduce dependency on long global supply lines?
• Are predictive analytics and other technologies being leveraged to foresee disruptions, simulate scenarios and increase traceability and transparency?
• To reduce our carbon footprint, are transportation and production processes optimized to meet regulatory and stakeholder expectations?
• Do we have strong long-term partnerships with key suppliers to ensure continuity and prioritization during shortages?
• Where necessary, have we engaged with governments and industry groups to stay informed on trade policies, tariffs and regulatory changes?
• Have we explored collaborative logistics or to share warehousing and transportation resources on inventory and supplies?
• Do we hold critical inventory for essential products to buffer against disruptions?
• Are opportunities in emerging markets evaluated that might offer new supply chain hubs?
• Is there communication with customers and other stakeholders about supply chain challenges and solutions?

How are we monitoring and adapting to the evolving antitrust regulations in key markets?

Antitrust lawsuits are in the news more frequently than in the past, and these laws are rapidly evolving. This presents an emerging risk that boards should be monitoring to understand the potential impact of regulatory changes on the company’s operations, strategic direction and legal exposure.

The questions below can help boards identify areas where there could be antitrust vulnerabilities:

Environment:

• Are we subject to heightened scrutiny in our industry, particularly in major markets such as the U.S., E.U., China or India, due to stricter antitrust enforcement trends?

Compliance & Governance:

• Do we have robust and up-to-date antitrust compliance policies?
• Is there regular antitrust training for employees, management and directors to recognize and avoid potential violations?
• Is the compliance program monitored and audited?
• Do we file pre-merger notifications with regulators to ensure required filings and approvals are completed, particularly in multi-jurisdictional transactions?
• Have we considered gatekeeper rules (designed to control the influence of large, dominant companies) in key operating jurisdictions?
• Do we ensure that collaborations on sustainability or ESG goals comply with competition laws?
• Is the impact of AI-driven tools on competition, such as pricing algorithms or market segmentation, monitored to evaluate our market power?
• Does the board actively monitor antitrust risks as part of overall corporate governance?
• Do we take measures to adapt to evolving interpretations of consumer harm beyond price effects, including innovation and quality?

Business Relationships:

• Do we monitor for potential price-fixing and other anti-competitive behavior to ensure no agreements (explicit or implicit) exist that may restrict competition?
• Do we monitor for exclusivity agreements that could raise concerns about reducing competition?
• Is there an evaluation done as to whether acquiring or collaborating with competitors raises dominance or market concentration concerns?
• Is there open dialogue with shareholders, partners and consumers about competition-related practices to foster transparency?
• Is there a robust strategy established to handle antitrust investigations or lawsuits, including retaining external counsel?

What is our strategy to safeguard the company’s intellectual property against piracy and infringement?

The implications of IP protection go beyond the immediate need for security — they extend into preserving brand integrity, fostering innovation and avoiding costly legal disputes. Without a clear strategy in place, companies risk losing valuable market share, exposing sensitive information and facing challenges in enforcing their rights globally.

• Have we taken comprehensive legal steps to protect our IP by securing patents for our inventions, copyrights for original works like software and designs, trademarks for our brand identifiers and legal safeguards for our trade secrets such as algorithms and client lists?
• Do we use encryption and other measures to safeguard our digital assets, such as software code or proprietary documents, from unauthorized access?
• Are our digital security controls tested regularly to identify and address vulnerabilities?
• Do we require employees, contractors and business partners to sign NDAs to prevent the sharing of sensitive information?
• Are we using AI-powered tools to monitor the web, marketplaces and dark web for IP infringement?
• Do we utilize predictive analytics to anticipate market shifts and align our IP strategy with future trends?
• Should we consider IP insurance to cover potential litigation costs and financial losses from IP theft?
• Are we continuously investing in R&D to stay ahead of competitors and counterfeiters?
• Are we assessing the IP protection measures of our suppliers, partners and vendors to ensure they align with our standards?
• Do we provide regular training to employees on the importance of IP protection and the best practices to prevent leaks?
• Do we have a clear incident response plan in place for IP breaches, including steps for containment, investigation and remediation?
• Are we keeping our security technologies up to date to protect against the latest threats?
• Are we actively monitoring competitors and market trends to identify potential IP threats or opportunities?
• Do we conduct regular IP audits to ensure all our assets are properly documented and protected?

Weaver offers information and insights to help you ask the right questions and determine appropriate plans of action based on emerging trends. Subscribe to our monthly insights for articles and information to help you review your organization’s operations and prepare for change in an uncertain world. Contact us for information about these areas of board governance.

©2025