Managing Risk in These Heady Days of Enforcement
We all tend to become focused on the details of anti-corruption enforcement and compliance. But for Board members and senior management, the focus has to be more holistic – some people like fancy terms such as “risk governance,” but common sense defines it as a “holistic” approach to compliance.
We all know the risks and the impact that enforcement actions can have on a company – the government extracts its pound of flesh, the media reports it and shareholders with the trial lawyers bar launch a multitude of shareholder suits against the Board and senior management.
The financial crisis changed the rules of the game. Risk management is the new mantra for corporate boards and governance experts. That is why I have recommended that clients consider creating new Compliance Committees. For too long, the work of the Audit Committee has been growing and the ability of such committees to carry out their duties faithfully has been stretched to the limits.
The SEC and the US Sentencing Commission have suggested new efforts in this area and created new incentives for companies to step up to the plate on compliance. The holistic approach prevents stovepipe compliance programs, maximizes use of compliance resources across various disciplines and creates cost efficiencies.
Directors have a duty of care and a duty of loyalty. They need maximum information in order to make decisions. Risk is one important component of such informed decision making. In order to protect the business judgment of the Board, risk factors have to be identified and considered. No longer can a board delegate such issues to senior management and depend on senior management to resolve and even sweep such issues away or under a rug. The 2006 case of Stone v. Ritter affirmed and expanded the concept of loyalty to include oversight liability, requiring companies to ensure the adequate flow of information to the Board as part of a duty of loyalty.
Corporate managers now face increasing risk worldwide as regulators enforce new rules and requirements. Regulators are starting to address risk management and governance as an important part of regulatory oversight. In the United States, the SEC has imposed new proxy disclosure rules to require companies to include information on the role of the board in overseeing risk management.
To improve governance using a holistic approach, companies need to identify convergence and reduce inefficient duplicative policies and procedures in order to increase efficiencies and address each potential risk. Procedures for anti-corruption review of activities may also provide a vehicle by which to comply ith export and other trade laws. Decision-making can be enhanced at every level.
Companies need to begin this holistic examination, especially when trying to maximize compliance resources and benefits. One step back may be needed in order to take two steps forward.