Teaching the Board How to Oversee and Monitor the Compliance Function
I have never let my schooling interfere with my education – Mark Twain (unverified).
Everything has its limit–iron ore cannot be educated into gold. – Mark Twain (verified)
Board members believe they know what they need to know. That is why they were asked to serve on the board. Unfortunately, like many issues today, confidence does not mean competency.
Corporate boards are increasing their focus on compliance issues. Unless a board member has prior experience in the field, the board has to be trained on compliance and has to “learn” how to oversee and monitor compliance issues. As I use the term “board,” the focus is on the specific board committee responsible for oversight of the compliance function.
The Chief Compliance Officer has an important role in this process. The CCO has to recognize the importance of the “teaching” moment. Every piece of compliance information has to be subject to a test – “what is the importance of this information” to oversight and monitoring of a company’s compliance program.
For example, a board should be provided with important information about ongoing internal investigations. First, the board should be briefed on important investigations that are ongoing or being resolved. A briefing as to the status of each investigation is important for the board to know as it plans for public announcement of a settlement with the government or other important reputational issues.
A second part of the presentation should be dedicated to outlining how the company’s internal investigation system is functioning and what issues are being investigated. In this area, the CCO should explain the numbers of complaints, investigations and time to resolution. A detailed list of categories and the number of investigations involving each of the issues should be presented. The time to resolution is important as well in order to demonstrate that complaints are being addressed quickly and efficiently.
This is a simple example but demonstrates the types of issues and the details that should be given to the board.
Aside from internal investigations, a CCO should educate the board on the importance of corporate culture, while addressing overall culture and specific culture monitoring tasks that may be in progress or ready to be reported.
Depending on the nature of the company’s risks, a CCO should keep the board informed on compliance initiatives like third-party risk management strategies, periodic assessments and audit results, training and awareness strategies, and other issues. An honest and open line of communications must be established from the beginning. In other words, a report to the board should outline important issues but include within it the basis for the report, how the information was examined and reviewed, and then offer to the board additional and more specific information, if needed.
A formula for educating is important, starting first with a basic outline of the program elements that need to be presented to the board. Based on these elements, the CCO should make sure that he or she designs reports and provides information about each of these elements so that the CCO can explain why the information is relevant and how the information can be used to monitor the compliance program.
Charts and graphs, along with numbers and metrics, are all important parts of the oversight and monitoring process. While the colors and the graphs may provide a sense of comfort to a CCO reporting to the board, there has to be qualitative discussions as well. For example, reporting on focus groups, or risk discussions with business units can be valuable presentations that provide important insights into the company’s operations. Number of individuals trained and certified is important monitor but there is much more to the full scope of a company’s ethics and compliance program, especially relating to culture, that should be the primary focus of a board reporting system.
Michael,
I agree with much of what you are saying in this blog. It is important to educate the board of the programme’s performance and show them metrics. These most likely will trigger discussion and it is important that that takes place in the presence of the COO, who is the Subject Matter Expert. For instance, one issue that always comes up, is the question whether an increase in whistleblowing is a good sign (people feel confident to speak up and know they can feel safe when doing so) or bad (there is more incidents to going on than in the past). The COO can answer those questions with his/her deep knowledge.
What I would be most careful with, is to apprise the Board of ongoing investigations, unless they are significant as a DoJ request for information. The Board must be aware of those from day one, of course. Other investigations need to be kept on a need to know basis (and the CEO doesn’t need to know until the COO is certain of the facts). Then we can discuss implications and benefit from the Board’s insights. But until the facts are known most cases are best managed very tightly as any indication that somebody is being investigated will leave that employee with a stigma. And that is unfair, as they are innocent unless proven to be guilty