Tag: Board of Directors

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Board – 20 Questions Directors Should Ask about the Board Compliance Committee

In an area of inquiry entitled Oversight, the 2023 ECCP asks three basic questions which we have explored throughout this chapter:

1. What compliance expertise has been available on the Board of Directors?

2. Have the Board of Directors held executive or private sessions with the compliance function?

3. What types of information has the Board of Directors examined in their exercise of oversight in the area in which the misconduct occurred?

To facilitate the answers to these questions, consider this list of 20 questions to reflect the oversight role of directors. These are questions the Board should ask of both senior management and the Board should ask itself. The questions are not intended to be an exact checklist, but rather a way to provide insight and stimulate discussion on the topic of compliance. The questions provide directors with a basis for critically assessing the answers they get and digging deeper as necessary. Although the questions apply to most medium to large organizations, the answers will vary according to the size, complexity and sophistication of each individual organization.

Part I: Understanding the Role and Value of the Compliance Committee

1. What are the Compliance Committee’s responsibilities and what value does it bring to the Board?

2. How can the Compliance Committee help the Board enhance its relationship with management?

3. What is the role of the Compliance Committee?

Part II: Building an Effective Compliance Committee

4. What skill sets does the Compliance Committee require?

5. Who should sit on the Compliance Committee?

6. Who should chair the Compliance Committee?

Part III: Directed to the Board

7. What is the Compliance Committee’s role in building an effective compliance program within the company? How can the Compliance Committee assess potential members and senior leaders of the company’s compliance program?

8. How long should directors serve on the Compliance Committee?

9. How can the Compliance Committee assist directors in retiring from the Board?

Part IV: Enhancing the Board’s Performance Effectiveness

10. How can the Compliance Committee assist in director development?

11. How can the Compliance Committee help the Board chair sharpen the Board’s overall performance focus?

12. What is the Compliance Committee’s role in Board evaluation and feedback?

13. What should the Compliance Committee do if a director is not performing or not interacting effectively with other directors?

14. Should the Compliance Committee have a role in chair succession?

15. How can the Compliance Committee help the Board keep its mandates, policies and practices up-to-date?

Part V: Merging Roles of the Compliance Committee

16. How can the Compliance Committee enhance the Board’s relationship with institutional shareholders and other stakeholders?

17. What is the Compliance Committee role in CCO succession?

18. How can the Compliance Committee foster great technical impact for compliance function?

19. What role can the Compliance Committee play in preparing for a crisis, such as the discovery of a sign of a significant compliance violation?

20. How can the Compliance Committee help the Board in deciding CCO pay, bonus and resources made available to the corporate compliance function?

 Three key takeaways:

1. The DOJ Evaluation requires active Board of Director engagement around compliance.

2. Board communication on compliance is a two-way street; both inbound and outbound.

3. Has the Board built an effective Compliance Committee for itself?

Categories
Compliance Into the Weeds

Compliance into the Weeds: What is Driving Compliance Engagement at the Board?

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, going into the weeds to explore a subject more fully and looking for some hard-hitting insights on sanctions compliance. Look no further than Compliance into the Weeds!

In this episode, co-hosts Tom Fox and Matt Kelly dissect the Navex 2023 State of Risk and Compliance Report. Tom and Matt delve into Navex’s annual benchmarking report, which surveyed 1,300 compliance professionals. The report revealed that 53% of respondents described their compliance programs as mature. Matt and Tom question whether the board is driving the conversation or if compliance officers request updates due to potential liability. The report’s findings on cybersecurity and privacy concerns, survey results on where compliance should reside in a company, and the importance of having a mature anti-bribery anti-corruption compliance program are all discussed. Tune in to hear more about how compliance officers can address pressing concerns such as cybersecurity breaches and attacks.

Key Highlights:

  • Navex’s benchmark report on compliance programs
  • Board-Compliance Officer Relationship & Cybersecurity in Compliance
  • The necessity of Dedicated Compliance Committees
  • Survey Finds Diverse Views on Compliance Placement in Companies
  • The Importance of Anti-Bribery Compliance for Cybersecurity
  • Compliance Officer Reporting to CISO Dynamics

 Resources:

Matt 

LinkedIn

Blog Post in Radical Compliance

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Three Areas of Board Inquiry

Directors should focus on three core areas to help establish and maintain an effective compliance program: structure, culture, and risk management.

Structural questions. This area consists of questions that will aid in determining the fundamental sense of a company’s overall compliance program. The questions should begin with the basics of the program through to how the program operates in action.

Cultural questions. This area of inquiry should focus on the organization’s culture regarding compliance. Board members should understand what message senior management and middle management communicate. Equally important, the Board needs to understand what message is being heard at the lowest levels within the company.

Risk management questions. Board members need to understand the company’s process being used to identify emerging risks, their evaluation, and management. Such risk analysis would be broader than simply a compliance risk assessment and should be tied to other broader corporate matters.

Three key takeaways:

  1. A Board of Directors should inquire into the structural component of the compliance program as it will aid in determining the fundamental sense of a company’s overall compliance program.
  2. Cultural questions should be asked to understand what message is being communicated by senior and middle management.
  3. Risk management questions should be asked to understand the company’s process being used to identify emerging risks, their evaluation, and management.
Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Incorporating Compliance into a Long-Term Corporate Strategy

How can a Board work incorporate the compliance function into a long-term business strategy of the organization?

The starting point for a Board of Directors is to develop a framework for incorporating compliance into your long-term strategy. To set up the framework for evaluating compliance into your Board’s long-term strategy is a three-step process, which you can use to determine how comprehensive the Board’s role in your compliance program is as a starting point.

1. Has the company identified the compliance issues relevant to the Board?

2. Has the company assessed and incorporated those compliance issues into its long-term strategy?

3. Has the company communicated its approach to compliance and the influence of those factors on its overall strategy?

From this initial inquiry, you can move into some specific questions that the Board can use to determine the overall state of your company’s compliance program. First, a Board can work to identify compliance issues material to your organization. This can be accomplished with compliance-related KPIs, which a Board should prioritize to elevate their impact on compliance. A Board should consider these through the life cycle of a business line or geographic sales area. Next, the Board should work to move compliance into the company’s long-term strategy and have the CCO detail the long-term strategy for the compliance function.

The Board should oversee incorporating KPIs into senior management performance evaluations and compensation. Once again building upon the 2020 Update, which asks how the company monitors its senior leadership’s behavior and how senior leadership models proper behavior to subordinates, the Board should make certain systems are in place to quantify or measure performance related to compliance issues, should establish performance goals against which they measure compliance achievement and disclose to shareholders the material compliance issues that drive compensation, the specific goals or performance targets that management must achieve and report on the actual performance against established goals to justify compensation payouts.

Finally, the Board should work to communicate the influence of compliance factors on overall corporate strategy by demonstrating how compliance was integrated into the business. Not only is this good from a business perspective and shareholder expectation, but it is also, as the 2020 Update makes clear, what the government expects is the operationalization of compliance going forward.

1. Having a long-term strategy is critical.

2. What is the Board’s framework for assessing compliance?

3. Create KPIs to measure senior management’s actions around compliance.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – The Board and Succession Planning

The 2023 ECCP mandated a Board of Directors ensure “the sufficiency of the personnel and resources within the compliance function, in particular, whether those responsible for compliance have: (1) sufficient seniority within the organization; (2) sufficient resources, namely, staff to effectively undertake the requisite auditing, documentation, and analysis; and (3) sufficient autonomy from management, such as direct access to the board of directors or the board’s audit committee.”

It went on to pose the following questions about the “sufficiency of the personnel” in the following manner. Under the topic, Seniority, and

 Stature, are the following questions:

How does the compliance function compare with other strategic functions in the company in terms of stature, compensation levels, rank/title, reporting line, resources, and access to key decision-makers? and What role has compliance played in the company’s strategic and operational decisions?

Under the topic Experience and Qualifications are the following questions:

Do compliance and control personnel have the appropriate experience and qualifications for their roles and responsibilities? Has the level of experience and qualifications in these roles changed over time? How does the company invest in further training and development of the compliance and other control personnel? Who reviews the performance of the compliance function and what is the review process?

All of this leads to the inescapable conclusion that the Board of Directors needs to be involved in not only the hiring process for a CCO but also the succession planning. Yet many Boards fall short on that score. In a Chapman and Cutler LLP quarterly update, entitled, Advancing Board Refreshment Through the Director Succession Planning Process, William Libit and Todd Freier laid out a framework for Boards to use which I have adapted for CCO succession. There are some key traits you should consider in succession planning for any senior management position, including a CCO.

  1. Examine the key corporate documents.
  2. Use an assessment framework.
  3. Conduct due diligence.
  4. Maintain a pipeline.
  5. Assess Board policies.
  6. Disclose your succession strategy.
  7. Benchmark your succession strategy.

 Three key takeaways:

1. Refreshment is a hot topic in corporate governance.

2. Review your Board policies to understand what your company will need going forward.

3. Transparency in succession planning.

Categories
Blog

Building a Stronger Culture of Compliance Through Targeted and Effective Training: Part 5 – The Role of the Board of Directors

Welcome to a special 5 part blog post series on building a stronger culture of compliance through targeted and effective training, sponsored by Diligent. Over this series, Tom Fox visits with Kunal Agrawal, Director of Customer Success at Diligent; Kevin McCoy, Customer Success Manager at Diligent; Jessica Czeczuga, Director, Compliance and Ethics at Diligent; Andrew Rincón, Client Director at Diligent; and David Greenberg, former CEO and Special Advisor at LRN and Director at International Seaways. Over this series, we will consider the importance of ongoing communications, the value of targeted training, training third parties, and the role of the Board of Directors. In this Part 5, we discuss the role of the Board of Directors in a compliance program.

Navigating the complex corporate governance and compliance world is challenging but essential for board members. Ensuring the company operates within legal, ethical, and social confines is vital to effective board governance. Boards that fail to achieve high compliance standards can suffer reputational damage, financial penalties, and even legal consequences. It is, therefore, critical for board members to engage with the importance of their oversight role and invest in the necessary education and best practices to ensure they effectively fulfill this responsibility. Here are the key steps:

1. Understand the Board’s oversight responsibilities.

2. Establish strong communication with management.

3. Ensure compliance programs are integrated into the company’s DNA.

Understand the Board’s oversight responsibilities. Board members ensure a company’s ethical standards, compliance, and performance.  Understanding a Board’s oversight responsibilities is paramount to effectively governing and managing the organization. Every Board has a fiduciary duty to protect the stakeholders’ interests and ensure the company’s compliance with laws, regulations, and policies. To meet this legal requirement, Board members should know current best practices, emerging trends, and the legislative and regulatory landscape and be prepared to ask tough questions, follow up, and support management in executing the company’s plans.

Greenberg discussed the importance of a healthy relationship between the Board and the Chief Compliance Officer (CCO). Greenberg emphasized that the role of the Board is one of oversight rather than execution. This entails the need for ongoing dialogue and frequent reporting by the CCO to ensure the Board is informed of the company’s activities, risks, and potential blind spots. Greenberg also recommends that oversight committees take a hands-on deep-dive approach to identify and address potential issues, ensuring the compliance program is ingrained within the company culture and business strategy. Companies must find the appropriate committee with the right people and relevant interests to oversee compliance and advocate for common membership across committees to ensure strategic integration and prevent fragmentation. For Board members, understanding their oversight responsibilities is essential to foster robust corporate governance, risk management, and compliance.

Establish strong communication with management. Establishing strong communication with management is critical for an effective board oversight process. This key step involves board members working closely with senior management and the CCO to ensure that all compliance-related matters are addressed promptly and accurately. By fostering a healthy rapport with management, Board members can actively engage in oversight and be more proactive in remedying compliance-related issues. This collaborative relationship between the Board and management is essential for companies to maintain compliance with laws and policies, ultimately safeguarding the organization’s reputation and performance. Greenberg emphasizes the importance of strong communication between the compliance officers and the Board.

CCOs should develop close relationships with board members, much like senior managers. Greenberg noted this could involve CCOs meeting with board members outside of scheduled meetings to discuss concerns or potential issues. By doing so, a CCO can build trust and foster open communication, allowing board members to comprehensively understand the company’s compliance efforts. Greenberg also emphasized the value of having the right committee and membership, which includes individuals with the background, interests, and time necessary to effectively carry out their oversight duties. This key step is vital for board members because open and direct communication with management enables the Board to strategically address compliance matters, resulting in improved oversight and risk mitigation. Moreover, when board members have a strong rapport with management, they can proactively identify and address any issues before escalating.

Ensure compliance programs are integrated into the company’s DNA. In successfully executing their compliance oversight duties, Boards must ensure that their compliance programs are integrated into the company’s DNA, or as the DOJ says, it’s all about culture. Such integration fosters a strong culture of compliance, which is crucial in minimizing misconduct, reducing legal risks, and protecting the organization’s reputation. By incorporating compliance as a core element within the company’s strategic planning, daily operations, and employee training, boards can better manage risks and ensure adherence to relevant laws, regulations, and policies. Further, a fully integrated compliance program will enhance overall corporate performance, customer trust, and employee engagement.

For a Board to effectively exercise its oversight duties, compliance programs should be tailored to the organization’s business strategy, culture, and resources. The relationship between the Board, senior management, and the CCO can facilitate effective communication and better coordination in addressing critical ethics and compliance matters. The Board must ask tough questions and dive deep into possible issues to ensure transparency and accountability. By embedding compliance within the organization’s structural and cultural fabric, boards can create a robust environment that discourages misconduct while promoting transparency, accountability, and ethical behavior. This safeguards the company’s reputation, financial performance, and regulatory compliance. Ensuring seamless integration of compliance programs is a vital obligation for the boards, enabling them to effectively fulfill their oversight responsibilities and protect the organization’s long-term interests.

For Board members, the importance of robust oversight and compliance cannot be overstated, especially in a world where regulatory scrutiny grows more intense by the day. By following these steps, you can hone your understanding of the Board’s oversight responsibilities, establish solid communication channels with management, and embed a culture of compliance across your organization. Equipping yourself with these essential practices empowers you to tackle complex compliance challenges head-on and steer your organization toward success. As you continue sharpening your oversight skills, you will foster a resilient compliance framework that safeguards your organization and its stakeholders.

For more information, go to Diligent.com.

Categories
Innovation in Compliance

Building a Stronger Culture of Compliance Through Targeted and Effective Training: Part 5 – The Role of the Board

Welcome to a special 5 part podcast series on building a stronger culture of compliance through targeted and effective training, sponsored by Diligent. Over this series, I will visit with Kunal Agrawal, Director of Customer Success at Diligent; Kevin McCoy, Customer Success Manager at Diligent; Jessica Czeczuga, Director, Compliance and Ethics at Diligent; Andrew Rincón, Client Director at Diligent; and David Greenberg, former CEO and Special Advisor at LRN and Director at International Seaways. Over this series, we will consider the importance of ongoing communications, the value of targeted training, training third parties, and the role of the Board of Directors. In this concluding Part 5, we consider the role of the Board of Directors in a compliance program with David Greenberg.

In this episode, Greenberg discusses the board’s legal obligations, emphasizing their duty to exercise reasonable oversight over potential misconduct and failures of compliance with law and policy. The podcast also delves into the importance of integrating compliance programs into a company’s overall strategy and developing strong relationships with senior management, such as the chief legal officer or chief compliance officer. Listeners will learn the importance of finding the right committee to oversee compliance obligations and utilizing outside experts for insight and guidance. This conversation is essential for board members and executives who want to ensure accountability, initiate change, and drive organizational success. Don’t miss out on this informative and engaging episode of “The Role of the Board” episode.

Key Highlights:

  • Legal obligations and oversight for corporate boards
  • Importance of integrating compliance into the company culture
  • Board Oversight and Relationship Building with CCO
  • The Significance of Outside Perspectives for Boards

Notable Quotes:

“There is a strong obligation on boards to exercise reasonable oversight over all potential misconduct and failures of compliance law and policy should a reasonable board has known and taken steps…should that body have known and should it have done more than it did.”

“Boards principally should be asking tough questions and following up on those questions.”

“Anything that is not integrated into the real levers and machinery of the business will not be successful.”

“That chief compliance officer who knows the head of the audit committee or compliance committee or governance committee is much more able and comfortable picking up the phone and saying to the chair, Houston, we’ve got a problem.”

For more information go to Diligent.com

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – The Board Role in Hiring

What is the role of a Board of Directors in hiring senior executives, CCOs, and even other board members? I explored this issue with Candice Tal, who began by noting, that bad senior executive hires can cost a company much more than simply dollars. She related, the “financial costs in day-to-day operations easily can quadruple that of a regular employee, but it can also impact the company’s corporate governance and board of directors if that executive hire was found to be involved with unethical and illegal activities. Not even a signed contract can protect a company if an executive hire’s unethical actions come to the attention of the national media. Fiduciary risk and exposure for the board of directors cannot be overlooked.”

She pointed to the example of Yahoo! and its hire of Scott Thompson. It turned out that Thompson had incorrect information in his online biography regarding his academic credentials. The “implications went beyond the activist shareholder accusations to reflect on the Board of Directors for not vetting his background more carefully. The company may have been exposed to claims of providing false information to the SEC and potential stockholder lawsuits. Thompson’s 120-day tenure at Yahoo! cost the company over $7 million and seriously tarnished the company’s reputation in the business community.”

The key is that a company engages in an executive due diligence investigation rather than simply a routine or even executive-level background investigation. Tal explained that an executive background search is “typically limited to a five-component review of criminal records, employment verification, degree or education verification, social security validation, address verification and sometimes credit history.” Such searches are “very limited searches.”

Conversely, executive due diligence, “looks in-depth at all available public records sources: criminal history, civil litigation issues, financial and legal issues, relationships with other companies and board advisory positions, reputation, misrepresented education and overstated work history, behavioral history (for example litigiousness), and, in particular, undisclosed or adverse issues.” While it is generally “more costly than executive background checks and takes more time, the information gathered is extremely valuable and can save a company substantially more. A high-quality due diligence review can find important information which would not be returned in a routine executive background check.”

Infortal has found that up to 20% of executive search candidates fail a deep-level due diligence investigation. Now consider how many senior executive slots your company has and add to that Board of Directors seats and you can quickly see the risk of failure to consider an executive due diligence search when promoting or hiring. Moreover, you need executive-level due diligence in other business situations as well, including the senior management of new business acquisitions brought into your organization through a merger or other acquisition, selecting new Board members, screening the corporate Board of Directors, and of course, for third party business partners and other agents in the sales and supply chain channels. 

Three key takeaways:

  1. The costs of a bad executive hire can far exceed the dollar loss.
  2. Do not forget the differences between an executive background check and executive level due diligence.
  3. 20% of all senior executives fail an executive level due diligence check.

For more information, check out The Compliance Handbook, 4th edition, available here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Boards and Doing Business in China

The Administration’s trade war with China has highlighted the risks of both doing business in China and investing in the Chinese companies which come to America to raise capital. Yet this has been a long-known and outstanding problem in the anti-corruption enforcement world. The 2014 bribery and corruption case of GlaxoSmithKline PLC (GSK), which resulted in a $490 million fine for the firm, resonated across the corporate globe. While many questions are still unanswered, one that seems to be at the forefront of the inquiry was where was the GSK Board of Directors. This matter demonstrates that the role of a Board of Directors is becoming more important and more of a critical part of any effective compliance program.

In an NACD Directorship article, entitled “Corruption in China and Elsewhere Demands Board Oversight”, Eric V. Zwisler and Dean A. Yoost note, “Boards are ultimately responsible for risk oversight” any Board of a company with operations in China “needs to have a clear understanding of its duties and responsibilities under the FCPA and other international laws, such as the U.K. Bribery Act”. Why should China be on the radar of Boards? From 2010-2019, over 25% of all FCPA enforcement actions derived from China, that’s why.

FCPA enforcement actions have made clear that numerous Chinese businesses have proven adept at appearing compliant while hiding unacceptable business practices. A Board should be aware that a well-crafted compliance program must be complemented with a thorough understanding of frontline business practices and constant auditing of actual practices, not just a paper compliance program. This means that both monitoring and auditing should be visible to the Board.

Three key takeaways:

  1. China presents the highest FCPA risk and after GSK, domestic law corruption risk as well.
  2. Chinese companies have been adept at hiding corrupt business practices from their western owners.
  3. A Board must be cognizant of these risks and enhance their risk management process in China and other high-risk jurisdictions.

For more information, check out The Compliance Handbook, 4th edition, available here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Key Board Metrics for Compliance

What are metrics for a Board of Directors around compliance? Former Assistant Attorney General Leslie Caldwell laid out some that the Department of Justice (DOJ) would consider in a review of compliance programs. These metrics are:

  • Does the institution ensure that its directors and senior managers provide strong, explicit, and visible support for its corporate compliance policies?
  • Does the Board maintain a material role in overseeing a company’s overall compliance framework?

These requirements move beyond simply having the correct tone at the top, which every Board should articulate. The 2020 Update to the Evaluation of Corporate Compliance Programs added the following, under Oversight by posing the following questions: What compliance expertise has been available on the board of directors? Have the board of directors and/or external auditors held executive or private sessions with the compliance and control functions? What types of information has the board of directors and senior management examined in their exercise of oversight in the area in which the misconduct occurred?

Based on the foregoing, when determining the Board’s role, begin with two questions. First, does the Board of Directors exercise independent review of a company’s compliance program? Second, is the Board of Directors provided information sufficient to enable the exercise of independent judgment?

Three key takeaways:

  1. The DOJ expects active engagement by a Board around compliance.
  2. Does the Board exercise independent review of the compliance program?
  3. The convergence of the Yates Memo, Caldwell’s metrics, the Evaluation, and FCPA Corporate Enforcement Policy mandate Board metrics around compliance.

For more information, check out The Compliance Handbook, 4th edition, available here.