Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Board – Vin DiCianni on Board Inquiries into Compliance

Where does “tone at the top” start? With any public and most private U.S. companies, it is at the Board of Directors. But what is the role of a company’s Board in compliance? We start with several general statements about the role of a Board in U.S. companies. First, a Board should not engage in management but should engage in oversight of a CEO and senior management. The Board does this by asking hard questions, risk assessment, and identification.

A white paper by Deloitte & Touche LLP, entitled, Risk Intelligence Governance—A Practical Guide for Boards, laid out six general principles to help guide Boards in the area of risk governance. These six areas can be summarized as follows:

• Define the Board’s role. There must be a mutual understanding between the Board, CEO and senior management of the Board’s responsibilities.

• Foster a culture of risk management. All stakeholders should understand the risks involved and manage such risks accordingly.

• Incorporate risk management directly into a strategy. Oversee the design and implementation of risk evaluation and analysis.

• Help define the company’s appetite for risk. All stakeholders need to understand the company’s appetite or lack thereof for risk.

• How to execute the risk management process. Maintain an approach that is continually monitored and has continuing accountability.

• How to benchmark and evaluate the process. Systems need to be installed which allow for evaluation and modifying the risk management process as more information becomes available or facts or assumptions change.

All of these factors can be easily adapted to compliance and ethics risk management oversight. Initially it must be important that the Board receive direct access to such information on a company’s policies on this issue.

 Three key takeaways:

1. The Board’s role is to keep really bad things from happening to a company.

2. There are six general areas the point can inquire into and lead from.

3. A Board should have direct access to information on the company’s compliance program.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Board Failures

Next, consider a couple of landmark failures at the Board level around bribery and corruption.

VimpelCom Ltd. In 2015 (now Veon Ltd.), the DOJ alleged that Dutch telecom VimpelCom sought to enter the telecom market through the acquisition of a local player, Unitel, as an entrée into the Uzbekistan market. Unitel made clear to VimpelCom that to have access to, obtain, and retain business in the Uzbeki telecom space, VimpelCom would have to, according to the DPA, “regularly pay Foreign Officials millions of dollars” to Gulnara Karimova, the daughter of the then President of the country. VimpelCom also acquired another entity Butzel, that was at least partially owned by an Uzbeki government official, who hid their interest through a shell company, which was known to VimpelCom. VimpelCom did not articulate a legitimate business reason for the deal and paid $60 million for Buztel.

Ultimately, VimpelCom agreed to pay approximately $800 million in fines for these activities in 2016. 

BizJet. Another FCPA enforcement action involved the Tulsa-based company BizJet International Sales and Support Inc. (BizJet), which had four senior executives convicted for their participation in a bribery scheme. But this case also involved the Board of Directions. In the Criminal Information, it stated that in November 2005:

…at a Board of Directors meeting of the BizJet Board, Executive A, and Executive B discussed with the Board that the decision of where an aircraft is sent for maintenance work is generally made by the potential customer’s director of maintenance or chief pilot, that these individuals are demanding $30,000 to $40,000 in commissions, and that BizJet would pay referral fees in order to gain market share.

In both cases, this is where the rubber hits the road. If a company is willing to commit bribery and engage in corruption to secure business, no amount of doing compliance is going to help. If senior management is ready, willing, and able to lie, cheat and steal, the Board is the final backstop to prevent such conduct. Both the VimpelCom and BizJet Boards sorely failed in their compliance duties.  

Three key takeaways:

  1. Board liability will be severe based upon similar conduct going forward.
  2. Board members must critically challenge management on its conduct.
  3. The Board is the ultimate backstop against bribery and corruption.

For more information, check out The Compliance Handbook, 4th edition, available here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Prudent Discharge of Board Obligations

What are the obligations of a Board member regarding the FCPA? Are the obligations of the Compliance Committee under the FCPA at odds with a director’s “prudent discharge of duties to shareholders”? Do the words prudent discharge even appear anywhere in the FCPA? In the case of Stone v. Ritter, the proposition is found that “a duty to attempt in good faith to assure that a corporate information and reporting system, which the board concludes is adequate, exists.” From the case of In re Walt Disney Company Derivative Litigation, she drew the principle that directors should follow the best practices in ethics and compliance. The Board has the role of monitoring the performance of the compliance function, including monitoring the performance of it using customary economic metrics and overseeing compliance with applicable laws and regulations.

While the Board is not responsible for auditing or ferreting out compliance problems, it is responsible for determining that the company has an appropriate system of internal controls. The Board should also monitor company policies and practices that address compliance and matters affecting the public perception and reputation of the company. Every company should ensure that it conducts appropriate compliance training for employees and conducts regular compliance assessments. Finally, the Board must take appropriate action if and when it becomes aware of a material problem it believes management is not properly handling.
There is no reference to prudent discharge in the FCPA itself. However, a Board member might think more than twice about the prudent discharge of duties to the shareholders as both the DOJ and SEC now might wish to look into a Board’s prudent discharge of duties under the FCPA.

Three key takeaways:

  1. What is prudent discharge?
  2. What is your process for doing compliance at the Board level?
  3. A Board must have active rather than passive engagement around compliance.

For more information, check out The Compliance Handbook, 3rd edition, available from LexisNexis here.