The Compliance Oversight Committee sits between the CCO and the Board’s compliance committee. The role of this Compliance Oversight Committee is to provide oversight and review of items such as third party approvals and renewals, requests for payments from third parties and significant gift, travel and entertainment requests from employees. There should be some type of oversight which can be reviewed on a monthly or quarterly basis as part of a company’s management of risk.

As far back as January, 2005, the Deferred Prosecution Agreement (DPA) entered into between the Department of Justice and the Monsanto Company provided for “the establishment and maintenance of a committee to supervise the review of (I) the retention of any agent, consultant, or other representative for purposes of business development or lobbying in a foreign jurisdiction”, or an Oversight Committee. The scope of this Oversight Committee is not fleshed out in the DPA. While many have focused on the Compliance Oversight Committee to monitor agents and other third party business representatives, the role of the Oversight Committee can be broader than simply agents and representatives. A major purpose of an Oversight Committee is to act as redundant backup to the books and records internal controls systems which are designed to detect violations of a company’s compliance program.

It should be clear the role of the Compliance Oversight Committee is not to substitute its judgment for that of the CCO but rather to provide another level of review to make sure nothing slips through the cracks which might expose the company to unwanted risk. This can begin with a clear, written charter that sets out the functionality, goals, and parameters of the group. Moreover, the Compliance Oversight Committee should be reviewed on a periodic basis to determine usefulness and effectiveness.

The Compliance Oversight Committee should be comprised of persons who are not subordinate to the most senior officer of the department or unit responsible for the relevant transaction; which means that senior management should be involved in the Compliance Oversight Committee. It would also indicate that more than one department should be represented on the Oversight Committee. This would include senior representatives from the Accounting (or Finance) Department, Compliance & Legal Departments and Business Unit Operations. The bottom line is that the CCO should chair a committee of her peers/senior level officers in a position to make decisions and marshal resources.

The Compliance Oversight Committee should be designed to review the highest risks to your organization. If your company’s highest compliance risk is third party relationships, you should focus your compliance committee resources on that issue. However, it suggested that a company should incorporate both a pre-execution function and a post-execution management function in overseeing the full relationship with any third party. While this would most necessarily focus on FCPA compliance, there should also be a commercial component to this function. The Compliance Oversight Review Committee should therefore review all documents relevant to the five-step lifecycle management of third parties.

The Compliance Oversight Review Committee is a key tool which can be utilized by a company to manage its risks. The books and records component of internal controls is one level of prevention and detection. The review by a Compliance Department for requests for travel for and gifts and entertainment to foreign governmental officials and the lifecycle management of third parties is also an important step in the prevention process. The Compliance Oversight Review Committee is another step which I believe can also act as a detect prong and should be employed by companies as an additional protection against any type of compliance and ethics violation slipping through the cracks to become a much larger problem down the road. Companies should implement a Compliance Oversight Review Committee and review the systems they have in place to detect risky conduct.

Key Takeaways 

  1. Determine an appropriate committee membership.
  2. The committee is there to act as an extra set of eyes for the CCO, not to substitute its judgment.
  3. Determine the scope of items and issues to be reviewed by the committee.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.