Where does “tone at the top” start? With any public and most private U.S. companies, it is at the Board of Directors. But what is the role of a company’s Board in compliance? First a Board should not engage in management but should engage in oversight of a CEO and senior management. The Board does this through asking hard questions, risk assessment and identification.

Initially it must be important that the Board receive direct access to such information on a company’s policies on this issue. The Board must have quarterly or semi-annual reports from a company’s CCO to either the Audit Committee or the Compliance Committee. Every Board should create a Compliance Committee to deal with compliance issues, as an Audit Committee may more appropriately deal with financial audit issues. A Board Compliance Committee can devote itself exclusively to non-financial compliance. The Board’s oversight role should be to receive such regular reports on the structure of the company’s compliance program, its actions and self-evaluations. From this information the Board can give oversight to any modifications to managing FCPA risk that should be implemented. CCO reporting to the Compliance Committee must be structured carefully to promote ethics and compliance.

Three key takeaways:

  1. A Board Compliance Committee should provide oversight not management.
  2. A CCO should use multiple reports to communicate with the Board Compliance Committee.
  3. Board Compliance Committee oversight makes companies more efficient and at the end of the day more profitable.