Compliance Committee Best Practices
It is important for every company to have a Compliance Committee at the Board level. While only about one-third of all companies have a Compliance Committee, I expect more companies to move compliance obligations from their Audit Committees to newly-established Compliance Committees. As compliance becomes a higher priority, a separate Compliance Committee will enhance a company’s overall compliance performance.
In almost every significant FCPA enforcement action, the company’s compliance program and its professionals are isolated or ineffective. A compliance program malfunctions when the audit or compliance committee ignores its responsibilities or has no support from the Board or senior management. It is important to assess regularly the performance of the audit or compliance committee to ensure that compliance is never relegated to the back burner of management.
To be effective, a Compliance Committee has to follow several best practices:
1. Membership – the Compliance Committee should consist of at least three independent directors. The head of the Compliance Committee should be a director who has experience and commitment to the issues. It is too important a position to leave to unqualified or disinterested directors.
2. Responsibilities – a strong compliance statement should be included in the written charter with the purpose of enhancing internal control systems, improving monitoring and oversight, and increasing disclosures and quality of internal and external reporting.
3. Meetings – The Compliance Committee should meet at least every quarter. However, senior management should report regularly to Compliance Committee members who must be vigilant in monitoring overall compliance programs.
4. Information – The Compliance Committee should demand information, as needed, to carry out its responsibilities. It should review compliance programs, data and overall performance so that it can hold senior managers accountable and help support compliance efforts at the management level.
5. Reliance on Outside Professionals – If needed, the Compliance Committee should employ outside compliance professionals, auditors, attorneys and consultants, in order to ensure that the compliance program is working well.
At a minimum, the Compliance Committee should review and approve all compliance policies; review compliance reports, implementation and performance each quarter; ensure that regular audits are performed and reviewed with appropriate benchmarks; and review internal reporting and training programs.