Is a Board of Directors a compliance internal control? The clear answer is yes. In the 2020 FCPA Resource Guide, Hallmarks of an Effective Compliance Program, there are two specific references to the obligations of a Board in a best practices compliance program. One states, “Within a business organization, compliance begins with the Board of Directors and senior executives setting the proper tone for the rest of the company.” The second is found under the Hallmark entitled “Oversight, Autonomy and Resources,” which says the CCO should have “direct access to an organization’s governing authority, such as the Board of Directors and committees of the Board of Directors (e.g., the audit committee).”
Further, under the U.S. Sentencing Guidelines, the Board must exercise reasonable oversight of the effectiveness of a company’s compliance program. The DOJ Prosecution Standards posed the following queries: Do the directors exercise independent review of a company’s compliance program and are directors provided information sufficient to enable the exercise of independent judgment? The DOJ’s remarks drove home to me the absolute requirement for Board participation in any best practices or even effective anti-corruption compliance program.
Three key takeaways:
- Board oversight over the compliance function is a separate internal control, so document it and use it.
- The board must perform oversight over your company’s internal controls.
- Does your Board use the five principles for involvement in compliance with internal controls?
For more information on building a best practices compliance program, including internal controls, check out The Compliance Handbook, 3rd edition.