In addition to a company’s senior management, there is a Board of Directors at the top. Yet the role of the Board is different from that of senior management. For the Board of Director, the Evaluation of Corporate Compliance Programs – Guidance Document (2019 Guidance) stated:
Oversight – What compliance expertise has been available on the board of directors? Have the board of directors and/or external auditors held executive or private sessions with the compliance and control functions? What types of information have the board of directors and senior management examined in their exercise of oversight in the area in which the misconduct occurred?
The DOJ Antitrust Division’s Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations (Antitrust Compliance Program Guidance) was even more explicit in announcing their expectation for robust Board oversight of a corporate compliance function. The Antitrust Compliance Program Guidance stated “For the antitrust compliance program to be effective, those with operational responsibility for the program must have sufficient autonomy, authority, and seniority within the company’s governance structure, as well as adequate resources for training, monitoring, auditing and periodic evaluation of the program. The Antitrust Compliance Program Guidance then went on to ask the following questions: Who has overall responsibility for the antitrust compliance program? Is there a chief compliance officer or executive within the company responsible for antitrust compliance? If so, to whom does the individual report, e.g., the Board of Directors, audit committee, or other governing body? How often does the compliance officer or executive meet with the Board, audit committee, or other governing body? How does the company ensure the independence of its compliance personnel?
This series of questions portends more than simply a reporting requirement, or that the CCO has a direct line to the Board. It is a separate requirement for compliance expertise on the Board. Name any of the most recent corporate scandals; Wells Fargo, Uber Technologies, Volkswagen, Boeing and there was no compliance expertise on the Board. It is now enshrined as a best practice is for companies to have a seasoned compliance professional on the Board. I would also add the DOJ may soon expect there be a Compliance Committee separate and apart from the Audit Committee.
Mike Volkov in “Compliance Expertise in the Boardroom”, looked at it from both a practical and business perspective stating, “I have witnessed firsthand that companies that have a board member with compliance expertise usually have a more aggressive and effective compliance program. In this situation, a Chief Compliance Officer has to answer to the board for the company’s compliance program, while receiving the resources and support to accomplish compliance tasks.” He went on to note, “Companies spend time and resources to nominate board members who bring a real value to the boardroom. The mix of board members reflects the company’s overall strategic priorities and focus for governance. For example, the nominating committee will locate a board candidate with financial reporting, audit and SOX expertise to manage the audit committee. Each board member should be considered for a strategic purpose and benefit.”
It is important that the Board receives direct access to such information on a company’s policies on this issue. The Board must have quarterly reports from the CCO to either the Audit Committee or the Compliance Committee. Your Board should create a Compliance Committee as the Audit Committee may more appropriately deal with financial audit issues. A Compliance Committee can devote itself exclusively to non-financial compliance. The Board’s oversight role should be to receive regular reports on the structure of the company’s compliance program, its actions and self-evaluations. From this information, the Board can provide oversight from managing risk to modifications that should be implemented. The requirement also means the Board must actually engage in oversight, not simply take reports quarterly. Has the Board separately tested the compliance function or even taken a deep dived own into a specific area of risk?
The DOJ continually speaks about the need for companies to operationalize their compliance programs. Businesses must work to integrate compliance into the DNA of their organization. Having a Board member with specific compliance expertise, heading a Board Compliance Committee can provide a level of oversight and commitment to achieving this goal. The DOJ enshrined this requirement in the FCPA Corporate Enforcement Policy. This means that when your company is evaluated by the DOJ, under the factors set out in the 2019 Guidance and FCPA Corporate Enforcement Policy, to retrospectively determine if your company had a best practices compliance program in place at the time of any violation, you need to have not only the structure of the Board-level Compliance Committee but also the specific SME on the Board and on that committee.
Another arm of the U.S. government has recognized the need for such expertise at the board level. In 2015, the Office of Inspector General (OIG), in a publication entitled “Practical Guidance for Health Care Governing Boards,” called for greater compliance expertise at the board level. The OIG said that a board can raise its level of substantive expertise with respect to regulatory and compliance matters by adding to the board a compliance member. The presence of a such a compliance professional with subject matter expertise “on the board sends a strong message about the organization’s commitment to compliance, provides a valuable resource to other board members and helps the board better fulfill its oversight obligations.”
All of this means that every board of directors needs a true compliance expert sitting on the board. Almost every board has a former chief financial officer (CFO), former head of internal audit or persons with a similar background, and often times these are also the audit committee members of the board. Such a background brings a level of sophistication, training and subject matter expertise that can help all companies with their financial reporting and other finance-based issues. So why is there not such subject matter expertise at the board level from the compliance profession?
Three key takeaways:
- The DOJ Evaluation requires active Board of Director engagement and oversight around compliance.
- Board communication on compliance is a two-way street; both inbound and outbound.
- Does the Board of Directors have a Compliance Expert?