Tag: Board of Directors

Categories
Compliance Week Conference Podcast

Karen Woody on Board Evolution on the Role of Compliance


In this episode of the Compliance Week 2022 Preview Podcasts series, Karen will discuss some of my presentation at Compliance Week 2022 “Board Evolution”. Some of the issues she will discuss in this podcast and her presentation are:

  • Delve into the evolution of the Caremark doctrine requiring Boards to oversee compliance and explore where the courts and regulators are headed
  • Discuss best practices in managing up to the board, including reporting
  • Examine how to best educate boards and engage them in effective oversight, and what compliance’s role is in that

In this first full compliance conference in over 2 years, I hope you can join me at Compliance Week 2022. This year’s event will be May 16-18 at the JW Marriott in Washington DC. The line-up of this year’s event is simply first rate with some of the top ethics and compliance practitioners around.

Gain insights and make connections at the industry’s premier cross-industry national compliance event offering knowledge-packed, accredited sessions and take-home advice from the most influential leaders in the compliance community. Back for its 17th year, compliance, ethics, legal, and audit professionals will gather safely face-to-face to benchmark best practices and gain the latest tactics and strategies to enhance their compliance programs. and many others to:

  • Network with your peers, including C-suite executives, legal professionals, HR leaders and ethics and compliance visionaries.
  • Hear from 75+ respected cross-industry practitioners who are CEOs, CCOs, regulators, federal officials, and practitioners to help inform and shape the strategic direction of your enterprise risk management program.
  • Hear directly from the two SEC Commissioners and gain insights into the agency’s areas of enforcement and walk away with guidance on how to remain compliant within emerging areas such as ESG disclosure, third-party risk management, cybersecurity, cryptocurrency and more.
  • Bring actionable takeaways back to your program from various session types including ESG, Human Trafficking, Board obligations and many others for you to listen, learn and share.
  • The goal of Compliance Week is to arm you with information, strategy and tactics to transform your organization and your career by connecting ethics to business performance through process augmentation and data visualization.

I hope you can join me at the event. For information on the event, click here. As an extra benefit to listeners of this podcast, Compliance Week is offering a $200 discount off the registration price. Enter discount code discount code TFLAW $200 OFF.

Categories
Blog

Expanding Compliance Obligations of the Board – Part 1: Blue Bell

The role of the Board of Directors has always been a key part of any best practices compliance program. The Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have consistently said that a Board’s role is active oversight of compliance. Over the past few years, the civil side of this obligation has become much more prominent, led by developments in case law under the Caremark doctrine, as modified by Stone v. Ritter by the Delaware Supreme Court. In response to demands for greater accountability and corporate accountability, the Delaware courts have been cutting back the Caremark standard and rejecting motions to dismiss filed by defendants. Recent cases are continuing down this path and raising the expectations for Board members exercising their duty of loyalty and duty of care. This week I will be exploring this expanded set of legal obligations laid down by the Delaware Supreme Court.
Mike Volkov has stated, “At the core of board member protection from liability is the well-known Caremark doctrine that requires corporate boards to make a good faith effort to implement a system for compliance program monitoring and reporting. For years, Delaware courts easily rebuffed shareholder derivative suits challenging board members’ performance after a corporate scandal occurred. The Caremark standard was reinforced in Stone v. Ritter, where the court stated director oversight liability requires a showing of either “the directors utterly failed to implement any reporting or information system or controls” or the directors, “having implemented such a system or controls, consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention.”
Under Caremark and Stone v. Ritter, a director must make a good faith effort to oversee the company’s operations. Failing to make that good faith effort breaches the duty of loyalty and can expose a director to liability. But it is more than simply not doing your job as a Board, it is doing so in bad faith. The Court states, “In other words, for a plaintiff to prevail on a Caremark claim, the plaintiff must show that a fiduciary acted in bad faith—“the state of mind traditionally used to define the mindset of a disloyal director.” Bad faith is established, under Caremark, when “the directors [completely] fail[] to implement any reporting or information system or controls[,] or … having implemented such a system or controls, consciously fail[ ] to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention.” In short, to satisfy their duty of loyalty, directors must make a good faith effort to implement an oversight system and then monitor it.”
This change began in a case Marchand v. Barnhill and it involved that Texas institution, Blue Bell Ice Cream, the top ice cream manufacturer in the US. In this decision, the Court found that the Blue Bell Board completely abrogated its duty around the single largest safety issues it faced – food safety. That abrogation allowed a listeria outbreak, “causing the company to recall all of its products, shut down production at all of its plants, and lay off over a third of its workforce. Blue Bell’s failure to contain listeria’s spread in its manufacturing plants caused listeria to be present in its products and had sad consequences. Three people died as a result of the listeria outbreak. Less consequentially, but nonetheless important for this litigation, stockholders also suffered losses because, after the operational shutdown, Blue Bell suffered a liquidity crisis that forced it to accept a dilutive private equity investment.”
The job of every Board member is to represent the shareholders, not the incumbent Chief Executive Officer (CEO) and Chairman of the Board. To do so, the Board must oversee the risk management function of the organization. Blue Bell was and to this day is a single-product food company and that food is ice cream. This sole source of income would mandate that the highest risk the company might face is around food. But as the underlying compliant noted, “despite the critical nature of food safety for Blue Bell’s continued success, the complaint alleges that management turned a blind eye to red and yellow flags that were waved in front of it by regulators and its own tests, and the board—by failing to implement any system to monitor the company’s food safety compliance programs—was unaware of any problems until it was too late.”
The plaintiffs reviewed the Board records and made the following allegations:

  • there was no Board committee that addressed food safety;
  • there was no regular process or protocols that required management to keep the Board apprised of food safety compliance practices, risks, or reports which existed;
  • there was no schedule for the Board to consider on a regular basis, such as quarterly or biannually, any key food safety risks which existed;
  • during a key period leading up to the deaths of three customers, management received reports that contained what could be considered red, or at least yellow, flags, and the Board minutes of the relevant period revealed no evidence that these were disclosed to the Board;
  • the Board was given certain favorable information about food safety by management, but was not given important reports that presented a much different picture; and
  • the Board meetings are devoid of any suggestion that there was any regular discussion of food safety issues.

The Board’s response to these allegations is instrumental in understanding how Board’s viewed their obligations regarding oversight of compliance. The Court stated, “the directors largely point out that by law Blue Bell had to meet FDA and state regulatory requirements for food safety, and that the company had in place certain manuals for employees regarding safety practices and commissioned audits from time to time. In the same vein, the directors emphasize that the government regularly inspected Blue Bell’s facilities, and Blue Bell management got the results.”
The Delaware Supreme Court made short shrift of this argument, stating “fact that Blue Bell nominally complied with FDA regulations does not imply that the board implemented a system to monitor food safety at the board level. Indeed, these types of routine regulatory requirements, although important, are not typically directed at the board. At best, Blue Bell’s compliance with these requirements shows only that management was following, in a nominal way, certain standard requirements of state and federal law. It does not rationally suggest that the board implemented a reporting system to monitor food safety or Blue Bell’s operational performance.”
The Board’s next defense was even more inane and was so preposterous, the Delaware Supreme Court labeled it as “telling.” It was that because the Board had received information on the company’s operational issues and performed oversight on operational issues, it had fulfilled its Caremark obligations. This is basically the same argument that every paper-pushing argument for compliance program. We have something on paper, so we have complied is the clarion call of such practitioners. The Delaware Supreme Court also saw through the flimsiness of this argument stating, “if that were the case, then Caremark would be a chimera.” [emphasis in original] This is because operational issues are always discussed at the Board level. Finally, Caremark requires “that a board make a good faith effort to put in place a reasonable system of monitoring and reporting about the corporation’s central compliance risks. In Blue Bell’s case, food safety was essential and mission critical.”
It has long been axiomatic that bad facts can lead to large changes in how courts interpret the law. The Blue Bell case had facts that the Court all but said the Board engaged in bad faith regarding its compliance obligations. The change was only the beginning.

Categories
Blog

Day 20 of 30 Days to a Better Compliance Program, the Board of Directors’ Compliance Committee

Key Takeaways

  1. This committee exists to provide oversight and assist the CCO, not to substitute its judgment for that of the CCO.
  2. This committee should work to hold the CCO accountable to hit appropriate metrics.
  3. This committee is ideal for leading the efforts around strategic planning.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here.

Categories
Blog

Day 19 of 30 Days to a Better Compliance Program, Compliance Expertise on the Board

The Office of Inspector General (OIG) has called for greater compliance expertise at the Board level. The OIG said that a Board could raise its level of substantive expertise concerning regulatory and compliance matters by adding a compliance member to the Board. Such a compliance professional with subject matter expertise on the Board sends a strong message about the organization’s commitment to compliance, provides a valuable resource to other Board members, and helps the Board better fulfill its oversight obligations. Mike Volkov looked at it from both a practical and business perspective. He stated, “I have witnessed firsthand that companies with a board member with compliance expertise usually have a more aggressive and effective compliance program. In this situation, a Chief Compliance Officer has to answer to the board for the company’s compliance program while receiving the resources and support to accomplish compliance tasks.” Roy Snell sees it through the prism of the compliance profession and has said, “If you ask most companies if they have compliance expertise on their Board… most would say yes. When asked who the compliance expert is, they typically point to a lawyer, auditor, risk manager, or ethicist. None of these professions are automatically compliance experts. All lawyers have different specialties.” He goes on to state that what regulators want to see is specific compliance expertise at the Board level. He noted, “the government is looking for is not generic compliance expertise. They are looking for compliance program management expertise. Hui Chen, the DOJ Compliance Counsel, has continually talked about the need for companies to operationalize their compliance programs. She intones businesses must work to burn compliance into the fabric and DNA of their organization. Having a Board member with specific compliance expertise heading a Board level Compliance Committee can provide a level of oversight and commitment to achieving this goal. It will not be long before the DOJ and SEC require this step in any FCPA enforcement action resolution. This means that when your company is evaluated by Chen, under the factors set out in Prong Three of the FCPA Pilot Program, to retrospectively determine if your company had a best practices compliance program in place at the time of any violation, you need to have not only the structure of the Board level Compliance Committee but also the specific subject matter expertise on the Board and on that committee.

Key Takeaways

  1. Boards must have compliance expertise.
  2. Government regulators and shareholder groups have called for greater compliance expertise on the Board.
  3. Compliance expertise at the Board works up and down as such expertise can be a resource to the CCO and the compliance department.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here. Both government regulators and shareholder groups have both called for greater compliance expertise at the Board.

Categories
31 Days to More Effective Compliance Programs

Day 5 | The Board and Operationalizing Compliance


In addition to a company’s senior management, there is a Board of Directors at the top. Yet the role of the Board is different than that of senior management. For the Board of Directors, the 2020 Update stated:
Oversight – What compliance expertise has been available on the board of directors? Have the board of directors and/or external auditors held executive or private sessions with the compliance and control functions? What types of information have the board of directors and senior management examined in their exercise of oversight in the area in which the misconduct occurred?
Having a Board member with specific compliance expertise or heading a Compliance Committee can provide a level of oversight and commitment to achieving this goal. The DOJ enshrined this requirement in the FCPA Corporate Enforcement Policy. This means that when your company is evaluated by the DOJ, under the factors set out in the 2020 Update and FCPA Corporate Enforcement Policy, to retrospectively determine if your company had a best practices compliance program in place at the time of any violation, you need to have not only the structure of the Board-level Compliance Committee but also the specific subject matter expertise (SME) on the Board and on that committee.
Another arm of the US government has recognized the need for such expertise at the Board level. In 2015, the Office of Inspector General (OIG), in a publication entitled “Practical Guidance for Health Care Governing Boards”, called for greater compliance expertise at the Board level. The OIG said that a Board can raise its level of substantive expertise with respect to regulatory and compliance matters by adding to the Board a compliance member. The presence of a such a compliance professional with SME “on the board sends a strong message about the organization’s commitment to compliance, provides a valuable resource to other board members and helps the board better fulfill its oversight obligations.”
All of this means that every Board of Directors needs a true compliance expert. Almost every Board has a former Chief Financial Officer (CFO), former head of Internal Audit or persons with a similar background, and often times these are also the Audit Committee members of the Board. Such a background brings a level of sophistication, training and SME that can help all companies with their financial reporting and other finance-based issues. So why is there not such SME at the Board level from the compliance profession?
 Three key takeaways:

  1. The 2020 Update requires active Board of Director engagement and oversight around compliance
  2. Board communication on compliance is a two-way street; both inbound and outbound
  3. Does the Board of Directors have a compliance expert?
Categories
This Week in FCPA

Episode 222 – the Trees Gone Bad edition


As Donald Trump blames the California and Oregon forest fires on ‘trees gone bad’; Tom and Jay continue to brave the surge in Covid cases by staying safe at home. They are back to look at top compliance articles and stories which caught their eye this week.

  1. How does Bluebell apply to cyber claims against a Board of Directors? Paul Ferllio, Bob Zukis and Christophe Veltsos in the Harvard Law School forum on Corp Governance.
  2. VW Monitor closes out monitorship. Jack Ewing in the NYT. Mengqi Sun in the WSJ Risk and Compliance Journal.
  3. Tom takes a deep dive into Herbalife. Part 1, Part 2, Part 3 and Part 4.
  4. The intersection of anti-human trafficking and ABC compliance. Vanessa Hans in the FCPA Blog.
  5. Does the DOJ have to turn in SEC investigative material in a criminal FCPA trial? Matt Kelly goes legal in Radical Compliance.
  6. The intersection of compliance and internal audit? Mike Volkov in Corruption Crime and Compliance.
  7. Who is a PEP? Dick Cassin considers a plethora of definitions in the FCPA Blog.
  8. Has Covid-19 changed the relationship between senior management and the Board? Dottie Schindlinger and Kira Ciccarelli in CCI.
  9. This month on The Compliance Life, I am joined by DeAnna Nwankwo. In this week’s Part 2, DeAnna talks about some of the skills she needed in the CCO chair.
  10. On the Compliance Podcast Network, on 31 Days to a More Effective Compliance Program, this month focuses on internal controls. This week saw the following offerings: Monday– Internal controls for 3rd parties; Tuesday– Internal controls for GTE; Wednesday– BOD oversight as an internal control; Thursday– Code of Conduct as an internal control; and Friday– What is the COSO Internal Controls Framework. The month of August is being sponsored by Affiliated Monitors. Note 31 Days to a More Effective Compliance Program now has its own iTunes channel. If you want to binge out and listen to only these episodes, click here.
  11. Join Jay and Tom at Converge20. Convercent’s top compliance conference is going virtual this year. Check at the agenda and register here.
  12. Join a great upcoming K2 Intelligence FIN webinar. Robin Henry on how investigators can use social media, Thursday, 9-24 at 1600 GMT. Registration and information here.
  13. Join Tom, Charlie Voelker, Legal Compliance Solutions, Skillsoft and Stephen Martin, Partner, StoneTurn for a joint Skillsoft/StoneTurn webinar on evolving your compliance program under the 2020 Update to the Evaluation of Corporate Compliance Programs. Wednesday, September 23, from 12 PM – 1 PM EDT. Information and registration here.

Tom Fox is the Compliance Evangelist and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.

Categories
31 Days to More Effective Compliance Programs

Inquiring up and down

Where does “tone at the top” start? With any public and most private U.S. companies, it is at the Board of Directors. But what is the role of a company’s Board in compliance? First a Board should not engage in management but should engage in oversight of a CEO and senior management. The Board does this through asking hard questions, risk assessment and identification.
Initially it must be important that the Board receive direct access to such information on a company’s policies on this issue. The Board must have quarterly or semi-annual reports from a company’s CCO to either the Audit Committee or the Compliance Committee. Every Board should create a Compliance Committee to deal with compliance issues, as an Audit Committee may more appropriately deal with financial audit issues. A Board Compliance Committee can devote itself exclusively to non-financial compliance. The Board’s oversight role should be to receive such regular reports on the structure of the company’s compliance program, its actions and self-evaluations. From this information the Board can give oversight to any modifications to managing FCPA risk that should be implemented. CCO reporting to the Compliance Committee must be structured carefully to promote ethics and compliance.
Three key takeaways:

  1. A Board Compliance Committee should provide oversight not management.
  2. A CCO should use multiple reports to communicate with the Board Compliance Committee.
  3. Board Compliance Committee oversight makes companies more efficient and at the end of the day more profitable.
Categories
31 Days to More Effective Compliance Programs

The Board of Directors investigation protocol


Many companies have an investigation protocol in place when a potential compliance violation or other legal issue arises. However, many Boards of Directors do not have the same rigor when it comes to an investigation, which should be conducted or led by the Board itself. The consequences of this lack of foresight can be problematic, because if a Board does handle an investigation right, the consequences to the company, its reputation and value can be quite severe. The SEC considers a variety of factors around corporate investigations including: Did management, the board or committees consisting solely of outside directors oversee the review? Did company employees or outside persons perform the review? If outside persons, have they done other work for the company?
There is also a SOX role in internal investigations, most particularly for audit. Section 301 establishes certain requirements for Audit Committees, including: (1) Procedures for receipt, retention, and treatment of complaints received by the issuer regarding accounting, internal accounting controls, or auditing matters; (2) Procedures regarding the confidential, anonymous submission by employees of the issuer of concerns regarding questionable accounting or auditing matters; (3) Authority to engage independent counsel and other advisers, as it determines necessary to carry out its duties; and (4) Funding to engage advisors as it deems appropriate.
Three key takeaways:

  1. The Board should have a written protocol for investigations prepared in advance.
  2. Any Board led investigation must be both credible and objective.
  3. The investigation must be thorough but the Board can be cost effective.
Categories
31 Days to More Effective Compliance Programs

Day 5 | The Board and operationalizing compliance

In addition to a company’s senior management, there is a Board of Directors at the top. Yet the role of the Board is different than that of senior management. For the Board of Director, the Evaluation of Corporate Compliance Programs – Guidance Document (2019 Guidance) stated:

Oversight – What compliance expertise has been available on the board of directors? Have the board of directors and/or external auditors held executive or private sessions with the compliance and control functions? What types of information have the board of directors and senior management examined in their exercise of oversight in the area in which the misconduct occurred?
 The DOJ Antitrust Division’s Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations (Antitrust Compliance Program Guidance) was even more explicit in announcing   their expectation for robust Board oversight of a corporate compliance function.  The Antitrust Compliance Program Guidance stated “For the antitrust compliance program to be effective, those with operational responsibility for the program must have sufficient autonomy, authority, and seniority within the company’s governance structure, as well as adequate resources for training, monitoring, auditing and periodic evaluation of the program.  The Antitrust Compliance Program Guidance then went on to ask the following questions: Who has overall responsibility for the antitrust compliance program?  Is there a chief compliance officer or executive within the company responsible for antitrust compliance?  If so, to whom does the individual report, e.g., the Board of Directors, audit committee, or other governing body?  How often does the compliance officer or executive meet with the Board, audit committee, or other governing body?  How does the company ensure the independence of its compliance personnel? 
 Three key takeaways:

  1. The DOJ Evaluation requires active Board of Director engagement and oversight around compliance.
  2. Board communication on compliance is a two-way street; both inbound and outbound.
  3. Does the Board of Directors have a Compliance Expert?
Categories
Across the Board

Across the Board – Episode 1: What’s the Tone at the Very Top

In this special 5-part podcast series, I visit with David Greenberg, Special Advisor at LRN. We take a deep dive into the LRN White Paper entitled, “What’s the Tone at the Very Top: Board and Compliance: The Role of Boards in Overseeing Corporate Ethics & Compliance”. In this podcast series we explore the white paper in depth and provide the Chief Compliance Officer and compliance practitioner with succinct and practical tips for educating, dealing with and reporting to a Board of Directors. In Episode 1 we introduce the topic of what’s the tone at the very top of your organization. Some of the highlights from the podcast include:

  • What’s the role of the Board around compliance and ethics?
  • Why is it important for the Board to actively oversee a C&E program?
  • What is the biggest disconnect between the BOD and the compliance function?
  • Board members should think of compliance as beyond FCPA and Sarbanes-Oxley, yet there understanding is members’ fuzzy at best.
  • Board members understand what auditors do, but they often do not understand compliance enough to ask intelligent questions.”

Check out the LRN White Paper What’s the Tone at the Very Top: Board and Compliance: the Role of Boards in Overseeing Corporate Ethics & Complianceby clicking here.