The Importance of a Board Compliance Committee
It is not every day that I can report on a new governance innovation which is being rapidly embraced and implemented by companies. It may be one of the most significant corporate governance developments in the last five years, almost matching the empowerment of independent compliance officers.
A few years ago the percentage of companies reporting the creation of a compliance committee was around 20 percent. That number is increasing as more companies are realizing the importance of separating the board compliance oversight from the audit committee to a separate compliance committee.
In the governance world, we are on the threshold of a new and important phenomena – the empowered compliance committee.
The old model of layering compliance on top of the audit committee’s responsibility is a relic of the past when financial certifications and accuracy was the focus of compliance in the Sarbanes-Oxley world. In the last ten years, Sarbanes-Oxley is one of many new risks which have emerged in the global economy. To address these risks, a specialized compliance committee is the first and most important step in building a true culture of compliance.
The composition of the compliance committee is important. It should include a majority of independent directors to provide an objective view of the company’s compliance experts. One of the directors should have familiarity with compliance functions and understand the role of compliance in overall corporate governance.
The charter of the compliance committee should address several issues: (1) how should the company address overall risk management?; (2) how should the compliance program be designed and operate?; and (3) what steps should the board and the company take to communicate and build a corporate culture of ethics?
A compliance committee has responsibilities which exceed those of other committees. The government and compliance professionals have emphasized the need for regular reporting and review of compliance activities. With the direct reporting authority, a chief compliance officer should communicate on a regular basis, more often than once a quarter to the compliance committee. As a result, the compliance committee should plan on meeting more than four times a year.
The reporting protocol between the chief compliance officer and the compliance committee should take into account the need to address specific issues and risks which may come up during the year. As a result, reporting and communications should occur more often and provide more detail.
Senior management should be in the loop on all of these communications but the essential point has to be preserved – the chief compliance officer has a duty and a responsibility to report directly to the compliance committee on any significant issue which is identified by the chief compliance officer.
This is the “new frontier” of compliance, building a new and effective reporting and supervision structure which reflects the two new most significant players in the compliance arena – the empower chief compliance officer and the empowered board compliance committee.