Bringing the Board and the C-Suite into the Fold: Promoting a Culture of Compliance
Compliance cynics have sometimes commented that when a company gets into trouble because of misconduct by the Board of Directors or C-Suite officials that the company’s response is to increase training of mid and lower level managers and employees.
It is a cynical comment but there is some truth underlying the suggestion. Compliance programs are designed, implemented and monitored under the supervision of the Board and senior executives. In doing so, the compliance perspective focuses on getting the message out, making sure the culture is communicated throughout the organization.
Training and other communications avenues are used to promote the importance of compliance, the availability of reporting mechanisms, the swift and sure responses to any violations and the even handing out of disciplinary actions by violators inside the company. It is important to spread the message and make sure it resonates throughout the company.
In carrying out this mission, however, compliance programs often overlook an important constituency: the Board of Directors and the C-Suite. Little attention is paid to these important actors despite the fact that the impact of a violation of the compliance program at their level could be disastrous.
This issue was the topic of a Rand Symposium held earlier this year at which a talented group of compliance professionals, government attorneys, Board Members, in-house counsel, Delaware and federal judges participated in a broad discussion on C-Suite and Board compliance. A report is available (here).
In even the most basic requirements, compliance officers will turn a blind eye or omit to schedule the Board and the C-Suite for participation in basic compliance requirements. Take a look in your company and see if the Board undergoes regular compliance training. Do C-Suite personnel have to sign annual certifications of compliance with the code of ethics?
If your Board or C-Suite is subject to the full panoply of compliance requirements, that is an important first step in building a compliance program with credibility. If the Board and the C-Suite do not attend annual live training programs and regular online training events, there is a fundamental disconnect, a credibility gap inside the company.
The Board and the C-Suite need to set an example for the rest of the company. They cannot be excused from basic requirements of the compliance program. If anything, they should set an example by embracing the requirements, demonstrating their commitment to following policies and procedures and doing so in a way which can be publicized in the company to the benefit of the company’s culture of compliance.
There is nothing more damaging to a compliance program than one that is disparate in its requirements, its treatment and its overall message. For example, if disciplinary actions are meted out in an uneven fashion among similarly situated managers to the detriment of mid-level managers, you can rest assured that whatever culture of compliance there is will be quickly decimated as more managers and employees learn about these results.
Companies have to be built on a foundation of fairness and integrity. When this foundation is gone, the company’s culture will be lost. The Board of Directors and the C-Suite have to understand that they are not above the fray or the requirements of other employees in the company. They are subject to the same requirements contained in a code of conduct and a compliance program.
Compliance officers cannot shirk their responsibility. They cannot avoid the difficult conversation with the CEO and other C-Suite officials requiring them to undergo training and to execute required certifications. A same message has to be communicated to the Board of Directors. The CCO has to carry that message and carry out some difficult conversations with these company officials to make sure that they comply.