Is a Board of Directors a compliance internal control? The clear answer is yes. In the 2020 FCPA Resource Guide, Hallmarks of an Effective Compliance Program, there are two specific references to the obligations of a Board in a best practices compliance program. One states, “Within a business organization, compliance begins with the Board of Directors and senior executives setting the proper tone for the rest of the company.” The second is found under the Hallmark entitled “Oversight, Autonomy and Resources,” which says the CCO should have “direct access to an organization’s governing authority, such as the Board of Directors and committees of the Board of Directors (e.g., the audit committee).”
Further, under the U.S. Sentencing Guidelines, the Board must exercise reasonable oversight on the effectiveness of a company’s compliance program. The DOJ Prosecution Standards posed the following queries: Do the directors exercise independent review of a company’s compliance program, and are directors provided information sufficient to enable the exercise of independent judgment? The DOJ’s remarks drove home to me the absolute requirement for Board participation in any best practices or even effective anti-corruption compliance program.
Three key takeaways:
- Board oversight over the compliance function is a separate internal control so document it and use it.
- Board must perform oversight over your company’s internal controls.
- Does your Board use the five principles for involvement in compliance internal controls?