Teaching the Board How to Oversee and Monitor the Compliance Function
I have never let my schooling interfere with my education – Mark Twain (unverified).
Everything has its limit–iron ore cannot be educated into gold. – Mark Twain (verified)
Board members believe they know what they need to know. That is why they were asked to serve on the board. Unfortunately, like many issues today, confidence does not mean competency.
Corporate boards are increasing their focus on compliance issues. Unless a board member has prior experience in the field, the board has to be trained on compliance and has to “learn” how to oversee and monitor compliance issues. As I use the term “board,” the focus is on the specific board committee responsible for oversight of the compliance function.
The Chief Compliance Officer has an important role in this process. The CCO has to recognize the importance of the “teaching” moment. Every piece of compliance information has to be subject to a test – “what is the importance of this information” to oversight and monitoring of a company’s compliance program.
For example, a board should be provided with important information about ongoing internal investigations. First, the board should be briefed on important investigations that are ongoing or being resolved. A briefing as to the status of each investigation is important for the board to know as it plans for public announcement of a settlement with the government or other important reputational issues.
A second part of the presentation should be dedicated to outlining how the company’s internal investigation system is functioning and what issues are being investigated. In this area, the CCO should explain the numbers of complaints, investigations and time to resolution. A detailed list of categories and the number of investigations involving each of the issues should be presented. The time to resolution is important as well in order to demonstrate that complaints are being addressed quickly and efficiently.
This is a simple example but demonstrates the types of issues and the details that should be given to the board.
Aside from internal investigations, a CCO should educate the board on the importance of corporate culture, while addressing overall culture and specific culture monitoring tasks that may be in progress or ready to be reported.
Depending on the nature of the company’s risks, a CCO should keep the board informed on compliance initiatives like third-party risk management strategies, periodic assessments and audit results, training and awareness strategies, and other issues. An honest and open line of communications must be established from the beginning. In other words, a report to the board should outline important issues but include within it the basis for the report, how the information was examined and reviewed, and then offer to the board additional and more specific information, if needed.
A formula for educating is important, starting first with a basic outline of the program elements that need to be presented to the board. Based on these elements, the CCO should make sure that he or she designs reports and provides information about each of these elements so that the CCO can explain why the information is relevant and how the information can be used to monitor the compliance program.
Charts and graphs, along with numbers and metrics, are all important parts of the oversight and monitoring process. While the colors and the graphs may provide a sense of comfort to a CCO reporting to the board, there has to be qualitative discussions as well. For example, reporting on focus groups, or risk discussions with business units can be valuable presentations that provide important insights into the company’s operations. Number of individuals trained and certified is important monitor but there is much more to the full scope of a company’s ethics and compliance program, especially relating to culture, that should be the primary focus of a board reporting system.