The Compliance Revolution and Improving Board Oversight
We all know there has been a sea change in the compliance profession. No longer are compliance professionals relegated to the backwater of corporate governance. Instead, they are now front and center and being asked to design and implement effective systems to detect and prevent violations of a code of conduct and the law.
The compliance profession should give itself a big pat on the back, They have elevated themselves to a firm position in the governance landscape. The US Sentencing Guidelines, the Department of Justice, the SEC, the FCPA Guidance, HHS Guidance, Federal Acquisition Regulations, and many other federal and state government agencies all cite the importance of ethics and compliance programs.
There is one significant omission. Aside from a brief reference to “tone-at-the-top,” there is very little guidance on the role of a critical player – the corporate board of directors. This glaring omission has to be addressed.
There are basically four ways this will occur.
First, the courts may reexamine general legal standards, referred through shorthand as the Caremark standard to define the standard of care for corporate boards. The Wal-Mart shareholder suit against the Wal-Mart board may ultimately shake up the Caremark world and courts may define additional monitoring and oversight responsibilities for corporate boards.
Second, federal prosecutors, regulatory agencies and other executive policymakers may step in to prosecute a corporation for the deficient performance of a corporate board, or individual members. In doing so, the Department of Justice may seek board reforms as part of a deferred prosecution agreement.
Third, corporate governance professional associations, regulatory agencies such as the SEC, and academic researchers may push for new governance models and best practices to elevate the performance of corporate boards.
This is nothing new. There are many sources for best practices. Corporate boards have been inundated with new and reasonable expectations as to their performance. That trend is bound to continue and may lead to additional efforts to define and improve corporate board performance.
Fourth and finally, Congress may step in yet again, in response to a financial crisis of some sort – akin to the Sarbanes-Oxley and Dodd-Frank measures. In this scenario, Congress could mandate various ethics and compliance program requirements, along with improvements to corporate board performance. It is how Congress handles the financial crisis of the day.
At the heart of the problem is deficient board performance. In every FCPA case, the question to ask yourselves is simple – What was the corporate board doing? In the case of BizJet in 2012, the corporate board not only knew about the entire bribery scheme, it failed to say or do anything when it was informed prior to the scheme being executed. I know BizJet is an unusual case but it begs the following questions for all boards:
What actions has the board taken to ensure that the company has an effective ethics and compliance program?
This is a broad question but there are many follow up questions that need to be answered.
- What are the risks that the board focuses on when overseeing the company’s ethics and compliance program?
- Can each board member cite the top 5 risks the company faces, the markets in which these risks are present, and how the ethics and compliance program mitigates those risks?
- How much information does the board receive about the company’s ethics and compliance program?
- What type of information does the board receive from senior management about the compliance program?
- How engaged is the board on the issue of ethics and compliance?
- What kind of relationship does the board have with the chief compliance officer?
- Does the full board meet with the CCO at least annually to review the ethics and compliance program?
- How often does the Audit/Compliance Committee meet with the CCO? How robust is the reporting relationship?
- What areas of the ethics and compliance program need to be improved? What is the timetable for improving the program?
- Does the board receive ethics and compliance training? When was the last time the board was trained?
All of these questions are meant to scratch the surface on board performance and oversight of the ethics and compliance program. There are many other issues that need to be examined when evaluating a board’s response to ethics and compliance issues. Until these issues are defined and standards for performance are raised, we will continue to ask the same question when a company gets into trouble – “Where was the board and why didn’t it act?”