What is the role of a company’s Board of Director as laid out in the Evaluation of Corporate Compliance Programs? In an area of inquiry entitled, “Oversight” the DOJ asked three basic questions. Under Prong 2, Senior and Middle Management, the Evaluation posed three questions directed at the Board.

1. What compliance expertise has been available on the board of directors?
2. Have the board of directors held executive or private sessions with the compliance function?
3. What types of information has the board of directors examined in their exercise of oversight in the area in which the misconduct occurred?

In the new FCPA Corporate Enforcement Policy, it supplements the above with the following requirement for a Board of Directors in a best practices compliance program, asking what is “the availability of compliance expertise to the board”?

At a general level, these inquiries several structural components for a Board around compliance. They include defining the Board’s role so there is a mutual understanding between the Board, CEO and senior management of the Board’s responsibilities around compliance. The Board must work to foster a culture of compliance risk management so all stakeholders should understand the compliance risks involved and manage such risks accordingly. The Board must incorporate compliance risk management directly into a strategy by overseeing the design and implementation of compliance risk evaluation and analysis. The Board should help to define the company’s appetite for compliance risk so all stakeholders need to understand the company’s appetite or lack thereof for compliance risk. The Board must oversee the execution of the compliance risk management process by maintaining an approach that is continually monitored and had continuing accountability. Finally, the Board must demand benchmarking through compliance systems which allow for evaluation and modifying the compliance risk management process for compliance as more information becomes available or facts or assumptions change.

All of these factors can be easily adapted to compliance risk management oversight. Initially it must be important that the Board receive direct access to such information on a company’s policies on this issue. The Board must have quarterly reports from a company’s Chief Compliance Officer to either the Audit Committee or the Compliance Committee. Your  Board should create a Compliance Committee as the Audit Committee may more appropriately deal with financial audit issues. A Compliance Committee can devote itself exclusively to non-financial compliance, such as compliance. The Board’s oversight role should be to receive such regular reports on the structure of the company’s compliance program, its actions and self-evaluations. From this information, the Board can give oversight to any modifications to managing risk that should be implemented. 

In addition to the requirement that a Board of Directors have a Compliance Committee, a Board should also have a compliance subject matter expert as a member. Mike Volkov looked at it from both a practical and business perspective stating, “I have witnessed firsthand that companies that have a board member with compliance expertise usually have a more aggressive and effective compliance program. In this situation, a Chief Compliance Officer has to answer to the board for the company’s compliance program, while receiving the resources and support to accomplish compliance tasks.” Roy Snell considered it through the prism of the compliance profession and noted, “the government is looking for is not generic compliance expertise. They are looking for compliance program management expertise.

There are some specific areas of inquiry by a Board of Directors around the compliance. I have adapted 20 questions which reflect the oversight role of directors. These are questions which the Board should ask of both senior management and the Board itself. The questions are not intended to be an exact checklist, but rather a way to provide insight and stimulate discussion on the topic of compliance. The questions provide directors with a basis for critically assessing the answers they get and digging deeper as necessary.

The comments summarize the most current thinking on the issues and the practices of leading organizations. Although the questions apply to most medium to large organizations, the answers will vary according to the size, complexity and sophistication of each individual organization.

Part I: Understanding the Role and Value of the Board Compliance Committee

1. What are the Board Compliance Committee’s responsibilities and what value does it bring to the board?
2. How can the Board Compliance Committee assist the board to enhance its relationship with management?
3. What is the role of the Board Compliance Committee?

Part II: Building an Effective Board Compliance Committee

4. What skill sets does the Board Compliance Committee require?
5. Who should sit on the Board Compliance Committee?
6. Who should chair the Board Compliance Committee?

Part III: Directed to the Board of Directors

7. What is the Board Compliance Committee’s role in building an effective compliance program within the company?
8. How can a Board Compliance Committee assess potential members and senior leaders of the company’s compliance program?
9. How long should directors serve on the Board Compliance Committee?
10. How can the Board Compliance Committee assist in Board succession issues?

Part IV: Enhancing the Board’s Compliance Performance Effectiveness

11. How can the Board Compliance Committee assist in director development?
12. How can the Board Compliance Committee help the board chair sharpen the board’s overall performance focus?
13. What is the Board Compliance Committee’s role in board evaluation and feedback?
14. What should the Board Compliance Committee do if a director is not performing or not interacting effectively with other directors?
15. Should the Board Compliance Committee have a role in chair succession?
16. How can the Board Compliance Committee help the board keep its mandates, policies and practices up-to-date?

Part V: Merging Roles of the Compliance Committees

17. How can the Board Compliance Committee enhance the board’s relationship with institutional shareholders and other stakeholders?
18. What is the Board Compliance Committee’s role in CCO succession?
19. What role can the Board Compliance Committee play in preparing for a crisis, such as the discovery of a sign of a significant compliance violation?
20. How can the Board Compliance Committee help the board in deciding CCO pay, bonus and resources made available to the corporate compliance function?

Three Key Takeaways

1. The DOJ Evaluation of Corporate Compliance Program requires active Board of Director engagement around compliance.
2. Board communication on compliance is a two-way street; both in bound and out bound.
3. Has the Board built an effective Board Compliance Committee?

This month’s podcast sponsor is Convercent. Convercent provides your teams with a centralized platform and automated processes that connect your business goals with your ethics and values. The result? A highly strategic program that drives ethics and values to the center of your business. For more information go to Convercent.com.