What is the role of a company’s Board of Director as laid out in the Evaluation of Corporate Compliance Programs? In an area of inquiry entitled, “Oversight” the DOJ asked three basic questions. Under Prong 2, Senior and Middle Management, the Evaluation posed three questions directed at the Board.
In the new FCPA Corporate Enforcement Policy, it supplements the above with the following requirement for a Board of Directors in a best practices compliance program, asking what is “the availability of compliance expertise to the board”?
At a general level, these inquiries several structural components for a Board around compliance. They include defining the Board’s role so there is a mutual understanding between the Board, CEO and senior management of the Board’s responsibilities around compliance. The Board must work to foster a culture of compliance risk management so all stakeholders should understand the compliance risks involved and manage such risks accordingly. The Board must incorporate compliance risk management directly into a strategy by overseeing the design and implementation of compliance risk evaluation and analysis. The Board should help to define the company’s appetite for compliance risk so all stakeholders need to understand the company’s appetite or lack thereof for compliance risk. The Board must oversee the execution of the compliance risk management process by maintaining an approach that is continually monitored and had continuing accountability. Finally, the Board must demand benchmarking through compliance systems which allow for evaluation and modifying the compliance risk management process for compliance as more information becomes available or facts or assumptions change.
All of these factors can be easily adapted to compliance risk management oversight. Initially it must be important that the Board receive direct access to such information on a company’s policies on this issue. The Board must have quarterly reports from a company’s Chief Compliance Officer to either the Audit Committee or the Compliance Committee. Your Board should create a Compliance Committee as the Audit Committee may more appropriately deal with financial audit issues. A Compliance Committee can devote itself exclusively to non-financial compliance, such as compliance. The Board’s oversight role should be to receive such regular reports on the structure of the company’s compliance program, its actions and self-evaluations. From this information, the Board can give oversight to any modifications to managing risk that should be implemented.
In addition to the requirement that a Board of Directors have a Compliance Committee, a Board should also have a compliance subject matter expert as a member. Mike Volkov looked at it from both a practical and business perspective stating, “I have witnessed firsthand that companies that have a board member with compliance expertise usually have a more aggressive and effective compliance program. In this situation, a Chief Compliance Officer has to answer to the board for the company’s compliance program, while receiving the resources and support to accomplish compliance tasks.” Roy Snell considered it through the prism of the compliance profession and noted, “the government is looking for is not generic compliance expertise. They are looking for compliance program management expertise.
There are some specific areas of inquiry by a Board of Directors around the compliance. I have adapted 20 questions which reflect the oversight role of directors. These are questions which the Board should ask of both senior management and the Board itself. The questions are not intended to be an exact checklist, but rather a way to provide insight and stimulate discussion on the topic of compliance. The questions provide directors with a basis for critically assessing the answers they get and digging deeper as necessary.
The comments summarize the most current thinking on the issues and the practices of leading organizations. Although the questions apply to most medium to large organizations, the answers will vary according to the size, complexity and sophistication of each individual organization.
Part I: Understanding the Role and Value of the Board Compliance Committee
Part II: Building an Effective Board Compliance Committee
Part III: Directed to the Board of Directors
Part IV: Enhancing the Board’s Compliance Performance Effectiveness
Part V: Merging Roles of the Compliance Committees
Three Key Takeaways
This month’s podcast sponsor is Convercent. Convercent provides your teams with a centralized platform and automated processes that connect your business goals with your ethics and values. The result? A highly strategic program that drives ethics and values to the center of your business. For more information go to Convercent.com.