Four Critical Questions for Assessing Compliance Communications with the Board of Directors
If you want to know how well an ethics and compliance program is doing, the best indicator is to review the communications between the Chief Compliance Officer and the Board of Directors, usually the Audit Committee.
There are four critical questions that need to be asked:
1. How often does the CCO report to the Audit/Compliance Committee?
2. Does the CCO report to the Board in person (possibly accompanied by the Chief Internal Auditor and/or General Counsel)?
3. Does the CCO report lead to a meaningful dialogue between the CCO and the Board?
4. Does the CCO maintain regular informal communications/meetings with the Chair of the Audit/Compliance Committee?
I do not mean to simplify a complex area but there are certain basic requirements that correspond with a company committee to ethics and compliance.
At a minimum, the CCO has to report to the Board in person, and in writing, every quarter. Once a year the CCO should also meet and report to the full Board.
If a CCO does not meet with the Board, and only has the “ability” to do so if necessary, the exclusion of the CCO from the Board is an important indicator of a company’s weak commitment to ethics and compliance.
Corporate boards are in danger of isolation or as some might say – a dark place good for growing mushrooms. Corporate boards have a responsibility to bring in light – senior managers who can report to them, provide information, and most importantly, engage in a dialogue on specific issues.
CCOs sometime report with other key officials, including the Chief Auditor and/or the General Counsel. There is nothing wrong with coordinated reports since some of the issues may overlap. If one is excluded from the other’s report, that can be another warning sign of weak corporate governance.
The most important indicator of a company’s commitment to ethics and compliance is the quality and amount of dialogue between the CCO and the Audit/Compliance Committee. This is where the rubber meets the road.
The Audit/Compliance Committee has to gather sufficient information, ask important questions, and understand the status of the ethics and compliance program, as well as the quality of the program. Too often, corporate boards take information from the CCO on faith and fail to follow up or even ask basic questions.
If the CCO’s presentation to the Audit/Compliance Committee is general and filled with platitudes of accomplishments and goals which are on target of being met, you can rest assured that the board has little understanding nor commitment to making sure that the compliance program is working effectively.
CCOs need to maintain contact with the Audit/Compliance Chair. They need to be able to pick up the phone, talk to the Chair, and should regularly communicate to the Chair. Similarly, the Chair needs to be able to reach out to the CCO and ask questions. Some CCOs schedule regular informal meetings (e.g. lunch, breakfast) with the Audit/Compliance Chair to discuss ongoing issues and keep the Chairperson fully informed.
When reviewing a company’s commitment to ethics and compliance, these straightforward issues provide very reliable indicators of the overall health of an ethics and compliance program.