DOCUMENT TSC-2026/B33 · BLOG POST 33 · ENTERPRISE INNOVATION · REV. 01
FILED UNDER Enterprise· Board· Commerce Strategy

The board conversation
on commerce: what
directors need to
understand in 2026.

Commerce strategy used to be an operational question. It's now a board-level risk. Most directors don't have the frame to evaluate it, and management teams presenting to them often don't either.

Author
Taylor Sicard
Published
May 2026
Read
13 min · ~3,200 words
Ring
III · Enterprise Innovation
About the author
Taylor Sicard

Advises management teams at Fortune 500 companies including Nike, Coca-Cola, Hallmark, and P&G on commerce strategy, and has briefed boards on the commerce risk landscape. Has also been the DTC operator that enterprise boards are asked to evaluate, which gives the board conversation a different kind of texture.

Full background →
Key takeaways

Commerce risk belongs on every board's standing agenda by 2026. Platform dependency, the DTC challenger threat, first-party data erosion, and AI-native buying behavior are trajectory-level questions with three to five-year consequences. Most S&P 500 boards have no governance framework for any of them, even where direct consumer relationships determine growth.

  • Boards have frameworks for financial, cyber, regulatory, and succession risk, but rarely for commerce risk.
  • The pace of platform and channel change has outrun the typical board cadence.
  • Directors need specific questions and metrics to put commerce risk on the agenda.
Source: Taylor Sicard, Taylor Sicard Consulting · Updated June 2026

Commerce risk belongs in every board's standing agenda by 2026. Platform dependency, DTC challenger threat, first-party data erosion, and AI-native buying behavior are trajectory-level questions with 3 to 5-year consequences. Most S&P 500 boards have no governance framework for any of them, even in companies where direct consumer relationships determine long-term growth. This post gives directors the questions and metrics to change that.

The average board has detailed oversight frameworks for financial risk, cybersecurity risk, regulatory risk, and executive succession. It frequently has no comparable framework for commerce risk, even in companies where the ability to reach consumers directly, build lasting customer relationships, and adapt to channel shifts determines the long-term growth trajectory of the business.

This is changing, but slowly. The pace of change in commerce, platform evolution, channel fragmentation, the emergence of AI-native buying behaviors, the acceleration of DTC challengers, is faster than most governance frameworks can absorb. Management teams presenting commerce updates to boards often compound this problem by presenting metrics that are comfortable to report rather than the ones that would actually allow a board to evaluate the company's position.

I have briefed boards on the commerce risk landscape and advised the management teams presenting to them. The conversation fails in both directions: directors without a commerce framework asking the wrong questions or none at all, and management teams without a clear model for what good governance of commerce looks like. This post is an attempt to fix both sides of that conversation.

Commerce used to be
operational. It became
strategic. Now it's a risk.

The elevation of commerce from operational to strategic to risk-level concern happened in roughly three phases. Pre-2015, commerce was largely a channel management question: how do we show up in retail, and how do we manage the transition to e-commerce? Boards didn't need a framework beyond "is e-commerce growing as a share of revenue?"

From 2015 to 2022, commerce became a strategic question: which platform do we build on, how do we build a direct channel, how do we respond to DTC challengers taking share? Boards started asking about DTC strategy and digital investment levels, but governance frameworks lagged behind the decisions being made.

Now, commerce is a risk in the governance sense, a domain where the wrong decisions, made at the wrong time, can cause irreversible damage to the company's competitive position. Platform dependency risk (what happens if the platform that drives 40% of digital revenue changes its algorithm or economics?). Customer data risk (what is the long-term competitive consequence of not owning the customer relationship directly?). Challenger brand risk (which competitors are compounding in ways that will be expensive to reverse in three years?). AI commerce risk (how is AI-native buying behavior changing customer acquisition, and is the company positioned to benefit from it?)

These are not operational questions the management team can handle below the board level. They are trajectory-level questions whose consequences will be visible (or invisible) on a 3–5 year timeframe. That is exactly the timeframe board governance is designed to monitor.

The questions boards
should be asking, and
usually aren't.

Question 01
What percentage of our revenue comes through channels where we own the customer relationship directly?
This is the first-party data question dressed as a channel question. A company that is 70% wholesale has outsourced the customer relationship to its retail partners. The board should understand this number, the trend, and the 5-year plan for it, not as a digital strategy question, but as a data moat question with long-term competitive implications.
Question 02
Who are the three DTC challengers in each of our core categories, and what is the current assessment of their threat level?
Most management teams know who the challengers are. Boards rarely ask for a systematic assessment. The board should expect a quarterly update that includes a scored threat assessment, the recommended response for each, and the current state of any response in progress, not a slide that lists brands and their Instagram follower counts.
Question 03
What is our single largest platform dependency, and what is the contingency if that platform materially changes its economics?
The company whose digital commerce is 40% dependent on Amazon, or 30% dependent on a specific social platform, has a concentration risk that belongs in the same governance conversation as supplier concentration or geographic concentration. Boards rarely ask about it in those terms.
Question 04
What is the customer acquisition cost trend in our direct channel, and how does it compare to two years ago?
Rising CAC without a corresponding increase in LTV is the canary in the direct channel coal mine. A board that knows the CAC trend has an early warning signal for channel deterioration. A board that only sees topline revenue from the direct channel sees the symptom long after the underlying dynamic has set in.

The metrics that matter
at board level, versus the
ones management often presents.

FIG. 01, COMMERCE METRICS: BOARD-LEVEL VS. COMMONLY PRESENTEDGOVERNANCE FRAMEWORK · 2026
What Gets Presented What the Board Should Be Asking For Why It Matters More
Digital Revenue Growth %
Direct Channel Revenue % of Total, trend over 4 quarters Growth in a rented channel builds the retailer's data asset, not the company's
Website Traffic / Sessions
Customer Acquisition Cost, direct channel; LTV/CAC ratio Traffic without economics is a vanity metric; the board needs to know if the direct channel earns its keep
Social Media Followers/Engagement
First-party list size (email + SMS), growth rate, engagement rate Followers are rented; first-party lists are owned, this is the actual data asset question
NPS Score (aggregate)
Repeat Purchase Rate, cohort retention at 90/180/365 days NPS describes sentiment; cohort retention describes customer behavior, the board governs behavior
Technology Roadmap Summary
Platform dependency map + contingency for top 3 dependencies Boards govern risk; platform dependencies are concentration risks that require governance

How to evaluate the
platform question without
getting lost in the technology.

Board members without a technology background are often reluctant to engage substantively with platform and infrastructure questions, they don't want to appear technically naive, and the management team rarely presents the question in terms that enable a governance-level conversation. The result: significant platform decisions, replatforming the commerce stack, major integrations, AI tooling investments, get ratified by boards without meaningful scrutiny.

The governance question is not technical. It is: what is the platform dependency this decision creates, what is the cost to exit if the dependency becomes a problem, and is the company building toward a more or less diversified architecture than it has today? A board member asking these questions isn't pretending to be a CTO. They are asking the same governance questions they would ask about any significant long-term commitment with exit costs.

"The board doesn't need to evaluate the technology. It needs to evaluate the strategic dependency the technology creates, the same way it evaluates any other dependency."

The specific questions a board should ask before ratifying major platform decisions: What is the estimated cost and timeline to exit this platform if required in 3 years? What customer data will we own versus the platform at the end of the contract? What AI capabilities does this platform's roadmap include, and how does that affect our competitive position in channels that are moving toward AI-native purchasing?

DTC challenger risk belongs
in governance, not just
competitive intelligence.

Most enterprise companies have some form of competitive intelligence function that monitors DTC challengers. It produces reports. The reports inform strategy discussions. The board occasionally hears about the most prominent challengers on a competitive landscape slide. That is monitoring. It is not governance. Turning that monitoring into a real category defense function means reading the early signals while the strategic options are still open.

Governance requires: a defined framework for assessing challenger threat level (not just revenue and funding), explicit decision rights for the three possible responses (compete, acquire, ignore), a mechanism for escalating a challenger from the monitoring queue to an active response decision within a defined timeframe, and board-level awareness of any challenger that has crossed the threshold where the acquisition window is closing. Management that brings a challenger acquisition proposal to the board after the company has grown to $80M in revenue and has institutional investors on its cap table is bringing a preventable problem, the acquisition opportunity existed at $15M, when the challenger was invisible to the board.

M&A as a commerce strategy:
what the board needs before
approving.

DTC acquisitions have become a standard commerce strategy for enterprise brands. The thesis is sound in principle, acquire a brand with proven consumer demand, proven direct channel economics, and a customer relationship the acquirer couldn't build from scratch. The execution record is poor in practice, as described elsewhere in this series. The board is the last institutional checkpoint before an acquisition closes, and board approval is often based on a presentation that tells the financial story well and the integration story superficially.

Before approving any DTC acquisition, the board should require a specific integration plan that addresses the four most common sources of post-acquisition value destruction: talent retention structure (not just an earnout, but explicit authority preservation for the brand's leadership), brand autonomy framework (which decisions stay with the brand, which require parent approval), technology migration timeline (the plan for avoiding the tech integration that disrupts the brand's customer experience during the integration period), and a defined integration success scorecard with an 18-month measurement horizon rather than a quarterly P&L assessment.

The Integration Question the Board Should Always Ask

Before approving any DTC acquisition, the board should ask management one direct question: "What is the mechanism by which this brand earns consumer attention and loyalty, and does this integration plan preserve that mechanism?"

If management cannot answer this question specifically (not generically ("we plan to preserve the brand voice") but specifically ("the brand's growth is driven by the founder's organic social presence and the creative team's 48-hour content cycle, and here is how we are preserving both")) the integration plan is not complete enough to approve.

What good board oversight
of commerce looks like
in practice.

Good board oversight of commerce is not deep technical knowledge or active management of strategy. It's the governance function applied to the right questions, on the right cadence, with the right information. In practice, it looks like this:

Quarterly commerce risk update: a standing agenda item that covers channel dependency metrics, challenger threat scorecard (updated quarterly with the framework described in B31), first-party data health, and any active acquisition targets or competitive response programs in progress. Not a marketing update. A risk update.

Annual platform/infrastructure review: a review of the company's major platform dependencies, the exit cost and timeline for each, and the AI commerce roadmap, with explicit board discussion about which dependencies are acceptable and which require mitigation.

Pre-approval acquisition briefing: for any commerce acquisition, a specific briefing on the integration plan that addresses the four value-destruction risk areas (talent, brand, technology, reporting) before the financial approval discussion.

Commerce-fluent board representation: at least one director with direct operating experience in consumer commerce, not a board advisor who "worked with digital companies," but someone who has operated a consumer brand at meaningful scale and understands what the key indicators actually mean. The audit committee analogy is apt: just as boards are expected to have financial expertise, boards of consumer companies should have commerce expertise.

The AI commerce question
boards need to add
to the framework.

Commerce boards are beginning to ask about AI. Most of the questions are wrong. They tend to focus on internal efficiency: are we using AI in our operations, is marketing using AI tools, what is the AI roadmap? These are legitimate management questions. They are not the board-level risk question.

The board-level AI commerce risk question is: how is AI-native buying behavior changing the customer acquisition model, and is our company positioned to benefit or lose from that shift? Specifically: is our product and brand information appearing in AI-generated shopping recommendations, what share of our traffic now originates from AI referral rather than search, and are we building the content and structured data infrastructure that AI buying assistants can use to recommend our products?

The brands that are winning in AI-referred commerce are not necessarily the ones with the biggest marketing budgets. They are the ones whose product information is structured in ways AI can synthesize, whose review profile is strong across multiple touchpoints, and whose content answers the questions buyers are asking AI assistants. This is a governance-level question because the companies that fall behind in AI commerce visibility are facing the same kind of irreversible compounding that Google SEO disadvantage created, just faster. For the detailed mechanics, I covered what AI-referred traffic looks like in actual Shopify data in AI-referred traffic and Shopify conversion data.

The board question to add to the quarterly commerce risk update: what percentage of new customer acquisition came through AI referral in the last quarter, what is the trend, and what is the plan to increase it? Most management teams cannot answer this question yet. That is the problem.

Frequently
asked
questions.

What makes commerce a board-level risk in 2026?
Commerce decisions now have 3 to 5-year consequences that are difficult to reverse.
Platform dependency choices, DTC challenger responses, and first-party data strategies made (or deferred) today shape the competitive position a company arrives at in 2028 and 2029. Those are trajectory-level decisions with governance implications. The speed of the current commerce cycle, driven by AI and social commerce, has compressed the window for course correction. A board that sees the symptom in quarterly revenue has often missed the governance moment by two years. The parallel to cybersecurity governance is direct: boards added cybersecurity oversight before breaches were routine, because the consequences of being behind were irreversible. Commerce deserves the same logic.
What is the single most important question a board should ask about commerce?
What percentage of revenue flows through channels where we own the customer relationship directly?
This is the first-party data question in channel terms. A company where 70% of revenue flows through wholesale or third-party marketplaces has outsourced its customer relationship to intermediaries. Every sale in those channels builds the retailer's data asset and customer knowledge, not the brand's. The board needs to know this number, its trend, and the strategic plan for changing it, framed as a competitive moat question rather than a digital strategy question. The companies that lose to DTC challengers over the next decade do so primarily because the challenger built a direct customer relationship while the incumbent sold through channels that prevented it. This is the governance question that maps to that outcome.
How should a board evaluate a DTC acquisition?
Require an integration plan that specifically addresses the four most common sources of value destruction.
Talent retention structure, brand autonomy framework, technology migration timeline, and an 18-month measurement scorecard rather than quarterly P&L assessment. Most acquisition presentations that reach boards do the financial story well and the integration story superficially. The financial model always works on paper. It is the integration execution that determines whether the acquisition delivers or destroys value. A board that approves an acquisition without a specific answer to "how does this brand maintain its customer relationship quality through this integration" has missed the governance function it is there to provide. The deeper analysis of where these integrations fail is in what holding companies get wrong when they acquire DTC brands.
How often should a board review commerce risk?
Quarterly for the standing risk update; annually for the platform and infrastructure review.
The quarterly commerce risk update should be a standing agenda item covering channel dependency metrics, challenger threat scorecard, first-party data health, and any active acquisition or competitive response in progress. The annual platform review covers major dependencies, exit costs, and the AI commerce roadmap. This cadence matches the speed at which meaningful changes happen. A company that reviews commerce strategy annually is governing a domain that moves quarterly. By the time the board sees an annual update, the decision window on the risks that matter has often already closed.
What background should at least one board director have in commerce?
Direct operating experience running a consumer brand at meaningful scale.
Not advisory experience, not board experience at consumer companies, not "worked with digital companies." The distinction matters because the indicators that actually predict problems are not visible in a P&L without the operating experience to interpret them. CAC trends, first-party data quality, cohort retention behavior, platform dependency concentration: these require someone in the room who has lived these questions at scale, not someone who has read about them. The audit committee analogy holds: boards are expected to have financial expertise for financial oversight. Consumer company boards should hold the same standard for commerce expertise. The broader case for why DTC operating experience translates directly to board-level insight is in what DTC operators know that enterprise teams don't.
+ + + + + + + +

The board conversation on commerce is failing on both sides: directors who lack the framework to govern it, and management teams that have learned to present it in ways that avoid the scrutiny the decisions deserve. The fix is not complicated. A defined framework, the right metrics, the right cadence, and at least one person in the room who has actually run a consumer business at scale.

For the management team preparing the commerce update, the most important shift is from reporting outputs (revenue, traffic, social engagement) to reporting risk indicators (platform dependency, first-party data health, challenger threat level, AI acquisition share). For the board, the most important shift is treating commerce oversight with the same governance rigor applied to financial and cybersecurity risk. The consequences of doing it poorly are just as permanent.

Fixing the board conversation on commerce takes someone who has sat on both sides of the table. The enterprise innovation practice is where that work gets done. The form takes two minutes: start the conversation.

  Work with Taylor  ·  Enterprise Innovation

Preparing a board conversation on commerce?

I advise management teams on how to bring commerce strategy to the board effectively, and have briefed boards directly on the commerce risk landscape. If you're preparing for a board presentation or trying to build a governance framework for commerce, the form takes two minutes.

Start a conversation More about Taylor →

Questions I keep
getting asked.

What makes commerce a board-level risk in 2026?
Commerce decisions now have 3 to 5-year consequences that are difficult to reverse. Platform dependency choices, DTC challenger responses, and first-party data strategies made today shape competitive position in 2028 and 2029. The speed of the current commerce cycle, driven by AI and social commerce, has compressed the window for course correction, making this a governance-level issue rather than purely an operational one.
What is the most important commerce question a board should ask?
What percentage of revenue flows through channels where we own the customer relationship directly? A company where 70% of revenue flows through wholesale or third-party marketplaces has outsourced its customer relationship to intermediaries. The board needs this number, its trend, and the strategic plan for changing it, framed as a competitive moat question.
How should a board evaluate a DTC acquisition?
Require an integration plan that specifically addresses four value-destruction risks: talent retention structure, brand autonomy framework, technology migration timeline, and an 18-month measurement scorecard rather than quarterly P&L assessment. Most acquisition presentations do the financial story well and the integration story superficially.
How often should a board review commerce risk?
Quarterly for the standing commerce risk update covering channel dependency metrics, challenger threat scorecard, first-party data health, and active acquisition or competitive response programs. Annually for the platform and infrastructure review covering major dependencies, exit costs, and the AI commerce roadmap.
What background should a board director have in commerce?
Direct operating experience running a consumer brand at meaningful scale. Not advisory experience or board experience at consumer companies. The distinction matters because the indicators that predict problems require someone who has lived these questions at scale to interpret: CAC trends, first-party data quality, cohort retention behavior, and platform dependency concentration.