The average S&P 500 board has detailed oversight frameworks for financial risk, cybersecurity risk, regulatory risk, and executive succession. It frequently has no comparable framework for commerce risk — even in companies where the ability to reach consumers directly, build lasting customer relationships, and adapt to channel shifts determines the long-term growth trajectory of the business.
This is changing, but slowly. The pace of change in commerce — platform evolution, channel fragmentation, the emergence of AI-native buying behaviors, the acceleration of DTC challengers — is faster than most governance frameworks can absorb. Management teams presenting commerce updates to boards often compound this problem by presenting metrics that are comfortable to report rather than the ones that would actually allow a board to evaluate the company's position.
I've briefed boards on the commerce risk landscape and advised the management teams presenting to them. The conversation fails in both directions: directors without a commerce framework asking the wrong questions or none at all; management teams without a clear model for what good governance of commerce looks like, presenting outputs rather than strategy. This post is an attempt to fix both sides of that conversation.
Commerce used to be
operational. It became
strategic. Now it's a risk.
The elevation of commerce from operational to strategic to risk-level concern happened in roughly three phases. Pre-2015, commerce was largely a channel management question: how do we show up in retail, and how do we manage the transition to e-commerce? Boards didn't need a framework beyond "is e-commerce growing as a share of revenue?"
From 2015 to 2022, commerce became a strategic question: which platform do we build on, how do we build a direct channel, how do we respond to DTC challengers taking share? Boards started asking about DTC strategy and digital investment levels, but governance frameworks lagged behind the decisions being made.
Now, commerce is a risk in the governance sense — a domain where the wrong decisions, made at the wrong time, can cause irreversible damage to the company's competitive position. Platform dependency risk (what happens if the platform that drives 40% of digital revenue changes its algorithm or economics?). Customer data risk (what is the long-term competitive consequence of not owning the customer relationship directly?). Challenger brand risk (which competitors are compounding in ways that will be expensive to reverse in three years?). AI commerce risk (how is AI-native buying behavior changing customer acquisition, and is the company positioned to benefit from it?)
These are not operational questions the management team can handle below the board level. They are trajectory-level questions whose consequences will be visible — or invisible — on a 3–5 year timeframe. That is exactly the timeframe board governance is designed to monitor.
The questions boards
should be asking — and
usually aren't.
The metrics that matter
at board level — versus the
ones management often presents.
| What Gets Presented | What the Board Should Be Asking For | Why It Matters More |
|---|---|---|
Digital Revenue Growth % |
Direct Channel Revenue % of Total, trend over 4 quarters | Growth in a rented channel builds the retailer's data asset, not the company's |
Website Traffic / Sessions |
Customer Acquisition Cost, direct channel; LTV/CAC ratio | Traffic without economics is a vanity metric; the board needs to know if the direct channel earns its keep |
Social Media Followers/Engagement |
First-party list size (email + SMS), growth rate, engagement rate | Followers are rented; first-party lists are owned — this is the actual data asset question |
NPS Score (aggregate) |
Repeat Purchase Rate, cohort retention at 90/180/365 days | NPS describes sentiment; cohort retention describes customer behavior — the board governs behavior |
Technology Roadmap Summary |
Platform dependency map + contingency for top 3 dependencies | Boards govern risk; platform dependencies are concentration risks that require governance |
How to evaluate the
platform question without
getting lost in the technology.
Board members without a technology background are often reluctant to engage substantively with platform and infrastructure questions — they don't want to appear technically naive, and the management team rarely presents the question in terms that enable a governance-level conversation. The result: significant platform decisions — replatforming the commerce stack, major integrations, AI tooling investments — get ratified by boards without meaningful scrutiny.
The governance question is not technical. It is: what is the platform dependency this decision creates, what is the cost to exit if the dependency becomes a problem, and is the company building toward a more or less diversified architecture than it has today? A board member asking these questions isn't pretending to be a CTO. They are asking the same governance questions they would ask about any significant long-term commitment with exit costs.
"The board doesn't need to evaluate the technology. It needs to evaluate the strategic dependency the technology creates — the same way it evaluates any other dependency."
The specific questions a board should ask before ratifying major platform decisions: What is the estimated cost and timeline to exit this platform if required in 3 years? What customer data will we own versus the platform at the end of the contract? What AI capabilities does this platform's roadmap include, and how does that affect our competitive position in channels that are moving toward AI-native purchasing?
DTC challenger risk belongs
in governance, not just
competitive intelligence.
Most enterprise companies have some form of competitive intelligence function that monitors DTC challengers. It produces reports. The reports inform strategy discussions. The board occasionally hears about the most prominent challengers on a competitive landscape slide. That is monitoring. It is not governance.
Governance requires: a defined framework for assessing challenger threat level (not just revenue and funding), explicit decision rights for the three possible responses (compete, acquire, ignore), a mechanism for escalating a challenger from the monitoring queue to an active response decision within a defined timeframe, and board-level awareness of any challenger that has crossed the threshold where the acquisition window is closing. Management that brings a challenger acquisition proposal to the board after the company has grown to $80M in revenue and has institutional investors on its cap table is bringing a preventable problem — the acquisition opportunity existed at $15M, when the challenger was invisible to the board.
M&A as a commerce strategy:
what the board needs before
approving.
DTC acquisitions have become a standard commerce strategy for enterprise brands. The thesis is sound in principle — acquire a brand with proven consumer demand, proven direct channel economics, and a customer relationship the acquirer couldn't build from scratch. The execution record is poor in practice, as described elsewhere in this series. The board is the last institutional checkpoint before an acquisition closes, and board approval is often based on a presentation that tells the financial story well and the integration story superficially.
Before approving any DTC acquisition, the board should require a specific integration plan that addresses the four most common sources of post-acquisition value destruction: talent retention structure (not just an earnout, but explicit authority preservation for the brand's leadership), brand autonomy framework (which decisions stay with the brand, which require parent approval), technology migration timeline (the plan for avoiding the tech integration that disrupts the brand's customer experience during the integration period), and a defined integration success scorecard with an 18-month measurement horizon rather than a quarterly P&L assessment.
Before approving any DTC acquisition, the board should ask management one direct question: "What is the mechanism by which this brand earns consumer attention and loyalty, and does this integration plan preserve that mechanism?"
If management cannot answer this question specifically — not generically ("we plan to preserve the brand voice") but specifically ("the brand's growth is driven by the founder's organic social presence and the creative team's 48-hour content cycle, and here is how we are preserving both") — the integration plan is not complete enough to approve.
What good board oversight
of commerce looks like
in practice.
Good board oversight of commerce is not deep technical knowledge or active management of strategy. It's the governance function applied to the right questions, on the right cadence, with the right information. In practice, it looks like this:
Quarterly commerce risk update: a standing agenda item that covers channel dependency metrics, challenger threat scorecard (updated quarterly with the framework described in B31), first-party data health, and any active acquisition targets or competitive response programs in progress. Not a marketing update. A risk update.
Annual platform/infrastructure review: a review of the company's major platform dependencies, the exit cost and timeline for each, and the AI commerce roadmap — with explicit board discussion about which dependencies are acceptable and which require mitigation.
Pre-approval acquisition briefing: for any commerce acquisition, a specific briefing on the integration plan that addresses the four value-destruction risk areas (talent, brand, technology, reporting) before the financial approval discussion.
Commerce-fluent board representation: at least one director with direct operating experience in consumer commerce — not a board advisor who "worked with digital companies," but someone who has operated a consumer brand at meaningful scale and understands what the key indicators actually mean. The audit committee analogy is apt: just as boards are expected to have financial expertise, boards of consumer companies should have commerce expertise.
The board conversation on commerce is failing on both sides — directors who lack the framework to govern it, and management teams that have learned to present it in ways that avoid the scrutiny the decisions deserve. The fix isn't complicated: a defined framework, the right metrics, the right cadence, and at least one person in the room who has actually run a consumer business at scale.
Preparing a board conversation on commerce?
I advise management teams on how to bring commerce strategy to the board effectively — and have briefed boards directly on the commerce risk landscape. If you're preparing for a board presentation or trying to build a governance framework for commerce, the form takes two minutes.
Start the conversation More about Taylor →