Welcome to this month’s offer of 31 Days to a More Effective Compliance Program. This month I will focus on the Board of Directors and its role in an effective compliance program. At the end of August, you will not only have a good summary of the basics of a best practices compliance program for a Board of Directors but information that you can incorporate into your compliance regime.

Case law. As to the specific role of best practices in the area of general compliance and ethics, one can look to Delaware corporate law for guidance. The case of In Re Caremark International Inc., 698 A.2d 959, (Del. SCt. 1996) was the first case to hold that a Board’s obligation “includes a duty to attempt in good faith to assure that a corporate information and reporting system, which the board concludes is adequate, exists, and that failure to do so under some circumstances may, in theory at least, render a director liable for losses caused by non-compliance with applicable legal standards.”

2020 FCPA Resource Guide, 2nd edition and U.S. Sentencing Guidelines. A Board’s duty under the FCPA is well-known. In the  FCPA Resource Guide, 2nd edition, there are two specific references to the obligations of a Board. The first, in Hallmark No. 1, states: “Within a business organization, compliance begins with the board of directors and senior executives setting the proper tone for the rest of the company.” The second is found under Hallmark No. 3 and notes that the CCO should have “direct access to an organization’s governing authority, such as the board of directors and committees of the board of directors (e.g., the audit committee).” Further, under the U.S. Sentencing Guidelines, the Board must exercise reasonable oversight on the effectiveness of a company’s compliance program. The DOJ’s Prosecution Standards posed the following queries: 1) Do the Directors exercise independent review of a company’s compliance program? and 2) Are Directors provided information sufficient to enable the exercise of independent judgment?

From the Delaware cases, a Board must not only have a corporate compliance program in place but actively oversee that function. Further, if a company’s business plan includes a high-risk proposition, there should be additional oversight. In other words, there is an affirmative duty to ask the tough questions. The specific obligations set out regarding the FCPA drive home these general legal obligations down to the specific level of the statute.

Three key takeaways:

  1. The Delaware courts have led the way with the In Re Caremark and Stone v. Ritter decisions.
  2. Note the obligations of the Board under the Ten Hallmarks of an Effective Compliance Program.
  3. The U.S. Sentencing Guidelines also require Board involvement and oversight.

A special thanks to this month’s sponsor, Affiliated Monitors, Inc.