The Board of Directors role in the Volkswagen (VW) emissions test scandal is one that is only now being scrutinized. In an article in the New York Times (NYT), entitled “Problems at VW Start at the Boardroom”, James B. Stewart was unremitting in his criticism of the VW Board, when near the beginning of his piece he wrote, “given Volkswagen’s history, culture and corporate structure, the real mystery may be why something like this didn’t happen sooner.” He quoted Markus Roth, a professor at Phillips-University Marburg and expert in European corporate governance, for the following, “It’s been a soap opera ever since it started.”
The VW emissions testing scandal will provide many lessons for Chief Compliance Officer (CCO) or compliance practitioner. Stewart’s scathing article provided today’s focus which is on a Board of Directors in a Foreign Corrupt Practices Act (FCPA) compliance program. A Board’s duty under the FCPA is well known. In the FCPA Guidance, in the Ten Hallmarks of an Effective Compliance Program, there are two specific references to the obligations of a Board. The first is Hallmark No. 1, which states “Within a business organization, compliance begins with the board of directors and senior executives setting the proper tone for the rest of the company.” The second is found under Hallmark No. 3, entitled “Oversight, Autonomy and Resources”, where it discusses that the CCO should have “direct access to an organization’s governing authority, such as the board of directors and committees of the board of directors (e.g., the audit committee).” Further, under the US Sentencing Guidelines, the Board must exercise reasonable oversight on the effectiveness of a company’s compliance program. The Department of Justice’s (DOJ) Prosecution Standards posed the following queries: (1) Do the Directors exercise independent review of a company’s compliance program? and (2) Are Directors provided information sufficient to enable the exercise of independent judgment?
There is one other issue regarding the Board and risk management, including FCPA risk management, which should be noted. The Securities and Exchange Commission (SEC) desires Boards to take a more active role in overseeing the management of risk within a company. The SEC has promulgated Regulation SK 407 under which each company must make a disclosure regarding the Board’s role in risk oversight which “may enable investors to better evaluate whether the board is exercising appropriate oversight of risk.” If this disclosure is not made, it could be a securities law violation and subject the company, which fails to make it, to fines, penalties or profit disgorgement.
I believe that a Board must not only have a corporate compliance program in place but actively oversee that function. Further, if a company’s business plan includes a high-risk proposition, there should be additional oversight. In other words, there is an affirmative duty to ask the tough questions. But it is more than simply having a compliance program in place. The Board must exercise appropriate oversight of the compliance program and indeed the compliance function. The Board needs to ask the hard questions and be fully informed of the company’s overall compliance strategy going forward.
For the compliance function in an organization, a clear lesson from the VW emissions testing scandal is that the Board must be engaged and asking tough questions from not only senior management but also the CCO or compliance practitioner who report to the Board. But more than simply asking questions, it is important that the CCO share information with rest of management, in advance of the Board meeting, creating transparency. As the CCO works with the General Counsel (GC), outside legal counsel and outside external audit quite closely throughout the year, you must work with them closely during the preparation of the annual compliance report. Lastly, and, from my experience always the one which is most important in any relationship with senior management or the Board, make sure there are NO SURPRISES.
An approach suggested by Stephen Martin, who runs Baker & McKenzie Compliance Consulting LLC, is 20 questions which reflect the oversight role of directors. The questions are not intended to be an exact checklist, but rather a way to provide insight and stimulate discussion on the topic of compliance. The questions provide directors with a basis for critically assessing the answers they get and enable them to dig deeper as necessary. Although the questions apply to most medium to large organizations, the answers will vary according to the size, complexity and sophistication of each individual organization. The questions are as follows:
Part I: Understanding the Role and Value of the Compliance Committee
- What are the Compliance Committee’s responsibilities and what value does it bring to the board?
- How can the Compliance Committee help the board enhance its relationship with management?
- What is the role of the Compliance Committee?
Part II: Building an Effective Compliance Committee
- What skill sets does the Compliance Committee require?
- Who should sit on the Compliance Committee?
- Who should chair the Compliance Committee?
Part III: Directed to the Board
- What is the Compliance Committee’s role in building an effective compliance program within the company?
- How can the Compliance Committee assess potential members and senior leaders of the company’s compliance program?
- How long should directors serve on the Compliance Committee?
- How can the Compliance Committee assist directors in retiring from the board?
Part IV: Enhancing the Board’s Performance Effectiveness
- How can the Compliance Committee assist in director development?
- How can the Compliance Committee help the board chair sharpen the board’s overall performance focus?
- What is the Compliance Committee’s role in board evaluation and feedback?
- What should the Compliance Committee do if a director is not performing or not interacting effectively with other directors?
- Should the Compliance Committee have a role in chair succession?
- How can the Compliance Committee help the board keep its mandates, policies and practices up-to-date?
Part V: Merging Roles of the Compliance Committees
- How can the Compliance Committee enhance the board’s relationship with institutional shareholders and other stakeholders?
- What is the Compliance Committee’s role in CCO succession?
- What role can the Compliance Committee play in preparing for a crisis, such as the discovery of a sign of a significant compliance violation?
- How can the Compliance Committee help the board in deciding CCO pay and bonus?
Whichever approach that you employ, the CCO must lay out a clear and logical program for a Board of Directors not only to understand its role in the compliance function but to play an active role. Any best practices compliance program has several moving parts, a CCO to lead the compliance program, a Compliance Department to execute the strategy and an engaged Board of Directors who oversee and participate. It would certainly have been helpful to VW.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2015