Tag: Board of Directors

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Three Areas of Board Inquiry

Directors should focus on three core areas to help establish and maintain an effective compliance program: structure, culture, and risk management.

Structural questions. This area consists of questions that will aid in determining the fundamental sense of a company’s overall compliance program. The questions should begin with the basics of the program through to how the program operates in action.

Cultural questions. This area of inquiry should focus on the organization’s culture regarding compliance. Board members should understand what message senior management and middle management communicate. Equally important, the Board needs to understand what message is being heard at the lowest levels within the company.

Risk management questions. Board members need to understand the company’s process being used to identify emerging risks, their evaluation, and management. Such risk analysis would be broader than simply a compliance risk assessment and should be tied to other broader corporate matters.

Three key takeaways:

  1. A Board of Directors should inquire into the structural component of the compliance program as it will aid in determining the fundamental sense of a company’s overall compliance program.
  2. Cultural questions should be asked to understand what message is being communicated by senior and middle management.
  3. Risk management questions should be asked to understand the company’s process being used to identify emerging risks, their evaluation, and management.
Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Incorporating Compliance into a Long-Term Corporate Strategy

How can a Board work incorporate the compliance function into a long-term business strategy of the organization?

The starting point for a Board of Directors is to develop a framework for incorporating compliance into your long-term strategy. To set up the framework for evaluating compliance into your Board’s long-term strategy is a three-step process, which you can use to determine how comprehensive the Board’s role in your compliance program is as a starting point.

1. Has the company identified the compliance issues relevant to the Board?

2. Has the company assessed and incorporated those compliance issues into its long-term strategy?

3. Has the company communicated its approach to compliance and the influence of those factors on its overall strategy?

From this initial inquiry, you can move into some specific questions that the Board can use to determine the overall state of your company’s compliance program. First, a Board can work to identify compliance issues material to your organization. This can be accomplished with compliance-related KPIs, which a Board should prioritize to elevate their impact on compliance. A Board should consider these through the life cycle of a business line or geographic sales area. Next, the Board should work to move compliance into the company’s long-term strategy and have the CCO detail the long-term strategy for the compliance function.

The Board should oversee incorporating KPIs into senior management performance evaluations and compensation. Once again building upon the 2020 Update, which asks how the company monitors its senior leadership’s behavior and how senior leadership models proper behavior to subordinates, the Board should make certain systems are in place to quantify or measure performance related to compliance issues, should establish performance goals against which they measure compliance achievement and disclose to shareholders the material compliance issues that drive compensation, the specific goals or performance targets that management must achieve and report on the actual performance against established goals to justify compensation payouts.

Finally, the Board should work to communicate the influence of compliance factors on overall corporate strategy by demonstrating how compliance was integrated into the business. Not only is this good from a business perspective and shareholder expectation, but it is also, as the 2020 Update makes clear, what the government expects is the operationalization of compliance going forward.

1. Having a long-term strategy is critical.

2. What is the Board’s framework for assessing compliance?

3. Create KPIs to measure senior management’s actions around compliance.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – The Board and Succession Planning

The 2023 ECCP mandated a Board of Directors ensure “the sufficiency of the personnel and resources within the compliance function, in particular, whether those responsible for compliance have: (1) sufficient seniority within the organization; (2) sufficient resources, namely, staff to effectively undertake the requisite auditing, documentation, and analysis; and (3) sufficient autonomy from management, such as direct access to the board of directors or the board’s audit committee.”

It went on to pose the following questions about the “sufficiency of the personnel” in the following manner. Under the topic, Seniority, and

 Stature, are the following questions:

How does the compliance function compare with other strategic functions in the company in terms of stature, compensation levels, rank/title, reporting line, resources, and access to key decision-makers? and What role has compliance played in the company’s strategic and operational decisions?

Under the topic Experience and Qualifications are the following questions:

Do compliance and control personnel have the appropriate experience and qualifications for their roles and responsibilities? Has the level of experience and qualifications in these roles changed over time? How does the company invest in further training and development of the compliance and other control personnel? Who reviews the performance of the compliance function and what is the review process?

All of this leads to the inescapable conclusion that the Board of Directors needs to be involved in not only the hiring process for a CCO but also the succession planning. Yet many Boards fall short on that score. In a Chapman and Cutler LLP quarterly update, entitled, Advancing Board Refreshment Through the Director Succession Planning Process, William Libit and Todd Freier laid out a framework for Boards to use which I have adapted for CCO succession. There are some key traits you should consider in succession planning for any senior management position, including a CCO.

  1. Examine the key corporate documents.
  2. Use an assessment framework.
  3. Conduct due diligence.
  4. Maintain a pipeline.
  5. Assess Board policies.
  6. Disclose your succession strategy.
  7. Benchmark your succession strategy.

 Three key takeaways:

1. Refreshment is a hot topic in corporate governance.

2. Review your Board policies to understand what your company will need going forward.

3. Transparency in succession planning.

Categories
Blog

Building a Stronger Culture of Compliance Through Targeted and Effective Training: Part 5 – The Role of the Board of Directors

Welcome to a special 5 part blog post series on building a stronger culture of compliance through targeted and effective training, sponsored by Diligent. Over this series, Tom Fox visits with Kunal Agrawal, Director of Customer Success at Diligent; Kevin McCoy, Customer Success Manager at Diligent; Jessica Czeczuga, Director, Compliance and Ethics at Diligent; Andrew Rincón, Client Director at Diligent; and David Greenberg, former CEO and Special Advisor at LRN and Director at International Seaways. Over this series, we will consider the importance of ongoing communications, the value of targeted training, training third parties, and the role of the Board of Directors. In this Part 5, we discuss the role of the Board of Directors in a compliance program.

Navigating the complex corporate governance and compliance world is challenging but essential for board members. Ensuring the company operates within legal, ethical, and social confines is vital to effective board governance. Boards that fail to achieve high compliance standards can suffer reputational damage, financial penalties, and even legal consequences. It is, therefore, critical for board members to engage with the importance of their oversight role and invest in the necessary education and best practices to ensure they effectively fulfill this responsibility. Here are the key steps:

1. Understand the Board’s oversight responsibilities.

2. Establish strong communication with management.

3. Ensure compliance programs are integrated into the company’s DNA.

Understand the Board’s oversight responsibilities. Board members ensure a company’s ethical standards, compliance, and performance.  Understanding a Board’s oversight responsibilities is paramount to effectively governing and managing the organization. Every Board has a fiduciary duty to protect the stakeholders’ interests and ensure the company’s compliance with laws, regulations, and policies. To meet this legal requirement, Board members should know current best practices, emerging trends, and the legislative and regulatory landscape and be prepared to ask tough questions, follow up, and support management in executing the company’s plans.

Greenberg discussed the importance of a healthy relationship between the Board and the Chief Compliance Officer (CCO). Greenberg emphasized that the role of the Board is one of oversight rather than execution. This entails the need for ongoing dialogue and frequent reporting by the CCO to ensure the Board is informed of the company’s activities, risks, and potential blind spots. Greenberg also recommends that oversight committees take a hands-on deep-dive approach to identify and address potential issues, ensuring the compliance program is ingrained within the company culture and business strategy. Companies must find the appropriate committee with the right people and relevant interests to oversee compliance and advocate for common membership across committees to ensure strategic integration and prevent fragmentation. For Board members, understanding their oversight responsibilities is essential to foster robust corporate governance, risk management, and compliance.

Establish strong communication with management. Establishing strong communication with management is critical for an effective board oversight process. This key step involves board members working closely with senior management and the CCO to ensure that all compliance-related matters are addressed promptly and accurately. By fostering a healthy rapport with management, Board members can actively engage in oversight and be more proactive in remedying compliance-related issues. This collaborative relationship between the Board and management is essential for companies to maintain compliance with laws and policies, ultimately safeguarding the organization’s reputation and performance. Greenberg emphasizes the importance of strong communication between the compliance officers and the Board.

CCOs should develop close relationships with board members, much like senior managers. Greenberg noted this could involve CCOs meeting with board members outside of scheduled meetings to discuss concerns or potential issues. By doing so, a CCO can build trust and foster open communication, allowing board members to comprehensively understand the company’s compliance efforts. Greenberg also emphasized the value of having the right committee and membership, which includes individuals with the background, interests, and time necessary to effectively carry out their oversight duties. This key step is vital for board members because open and direct communication with management enables the Board to strategically address compliance matters, resulting in improved oversight and risk mitigation. Moreover, when board members have a strong rapport with management, they can proactively identify and address any issues before escalating.

Ensure compliance programs are integrated into the company’s DNA. In successfully executing their compliance oversight duties, Boards must ensure that their compliance programs are integrated into the company’s DNA, or as the DOJ says, it’s all about culture. Such integration fosters a strong culture of compliance, which is crucial in minimizing misconduct, reducing legal risks, and protecting the organization’s reputation. By incorporating compliance as a core element within the company’s strategic planning, daily operations, and employee training, boards can better manage risks and ensure adherence to relevant laws, regulations, and policies. Further, a fully integrated compliance program will enhance overall corporate performance, customer trust, and employee engagement.

For a Board to effectively exercise its oversight duties, compliance programs should be tailored to the organization’s business strategy, culture, and resources. The relationship between the Board, senior management, and the CCO can facilitate effective communication and better coordination in addressing critical ethics and compliance matters. The Board must ask tough questions and dive deep into possible issues to ensure transparency and accountability. By embedding compliance within the organization’s structural and cultural fabric, boards can create a robust environment that discourages misconduct while promoting transparency, accountability, and ethical behavior. This safeguards the company’s reputation, financial performance, and regulatory compliance. Ensuring seamless integration of compliance programs is a vital obligation for the boards, enabling them to effectively fulfill their oversight responsibilities and protect the organization’s long-term interests.

For Board members, the importance of robust oversight and compliance cannot be overstated, especially in a world where regulatory scrutiny grows more intense by the day. By following these steps, you can hone your understanding of the Board’s oversight responsibilities, establish solid communication channels with management, and embed a culture of compliance across your organization. Equipping yourself with these essential practices empowers you to tackle complex compliance challenges head-on and steer your organization toward success. As you continue sharpening your oversight skills, you will foster a resilient compliance framework that safeguards your organization and its stakeholders.

For more information, go to Diligent.com.

Categories
Innovation in Compliance

Building a Stronger Culture of Compliance Through Targeted and Effective Training: Part 5 – The Role of the Board

Welcome to a special 5 part podcast series on building a stronger culture of compliance through targeted and effective training, sponsored by Diligent. Over this series, I will visit with Kunal Agrawal, Director of Customer Success at Diligent; Kevin McCoy, Customer Success Manager at Diligent; Jessica Czeczuga, Director, Compliance and Ethics at Diligent; Andrew Rincón, Client Director at Diligent; and David Greenberg, former CEO and Special Advisor at LRN and Director at International Seaways. Over this series, we will consider the importance of ongoing communications, the value of targeted training, training third parties, and the role of the Board of Directors. In this concluding Part 5, we consider the role of the Board of Directors in a compliance program with David Greenberg.

In this episode, Greenberg discusses the board’s legal obligations, emphasizing their duty to exercise reasonable oversight over potential misconduct and failures of compliance with law and policy. The podcast also delves into the importance of integrating compliance programs into a company’s overall strategy and developing strong relationships with senior management, such as the chief legal officer or chief compliance officer. Listeners will learn the importance of finding the right committee to oversee compliance obligations and utilizing outside experts for insight and guidance. This conversation is essential for board members and executives who want to ensure accountability, initiate change, and drive organizational success. Don’t miss out on this informative and engaging episode of “The Role of the Board” episode.

Key Highlights:

  • Legal obligations and oversight for corporate boards
  • Importance of integrating compliance into the company culture
  • Board Oversight and Relationship Building with CCO
  • The Significance of Outside Perspectives for Boards

Notable Quotes:

“There is a strong obligation on boards to exercise reasonable oversight over all potential misconduct and failures of compliance law and policy should a reasonable board has known and taken steps…should that body have known and should it have done more than it did.”

“Boards principally should be asking tough questions and following up on those questions.”

“Anything that is not integrated into the real levers and machinery of the business will not be successful.”

“That chief compliance officer who knows the head of the audit committee or compliance committee or governance committee is much more able and comfortable picking up the phone and saying to the chair, Houston, we’ve got a problem.”

For more information go to Diligent.com

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – The Board Role in Hiring

What is the role of a Board of Directors in hiring senior executives, CCOs, and even other board members? I explored this issue with Candice Tal, who began by noting, that bad senior executive hires can cost a company much more than simply dollars. She related, the “financial costs in day-to-day operations easily can quadruple that of a regular employee, but it can also impact the company’s corporate governance and board of directors if that executive hire was found to be involved with unethical and illegal activities. Not even a signed contract can protect a company if an executive hire’s unethical actions come to the attention of the national media. Fiduciary risk and exposure for the board of directors cannot be overlooked.”

She pointed to the example of Yahoo! and its hire of Scott Thompson. It turned out that Thompson had incorrect information in his online biography regarding his academic credentials. The “implications went beyond the activist shareholder accusations to reflect on the Board of Directors for not vetting his background more carefully. The company may have been exposed to claims of providing false information to the SEC and potential stockholder lawsuits. Thompson’s 120-day tenure at Yahoo! cost the company over $7 million and seriously tarnished the company’s reputation in the business community.”

The key is that a company engages in an executive due diligence investigation rather than simply a routine or even executive-level background investigation. Tal explained that an executive background search is “typically limited to a five-component review of criminal records, employment verification, degree or education verification, social security validation, address verification and sometimes credit history.” Such searches are “very limited searches.”

Conversely, executive due diligence, “looks in-depth at all available public records sources: criminal history, civil litigation issues, financial and legal issues, relationships with other companies and board advisory positions, reputation, misrepresented education and overstated work history, behavioral history (for example litigiousness), and, in particular, undisclosed or adverse issues.” While it is generally “more costly than executive background checks and takes more time, the information gathered is extremely valuable and can save a company substantially more. A high-quality due diligence review can find important information which would not be returned in a routine executive background check.”

Infortal has found that up to 20% of executive search candidates fail a deep-level due diligence investigation. Now consider how many senior executive slots your company has and add to that Board of Directors seats and you can quickly see the risk of failure to consider an executive due diligence search when promoting or hiring. Moreover, you need executive-level due diligence in other business situations as well, including the senior management of new business acquisitions brought into your organization through a merger or other acquisition, selecting new Board members, screening the corporate Board of Directors, and of course, for third party business partners and other agents in the sales and supply chain channels. 

Three key takeaways:

  1. The costs of a bad executive hire can far exceed the dollar loss.
  2. Do not forget the differences between an executive background check and executive level due diligence.
  3. 20% of all senior executives fail an executive level due diligence check.

For more information, check out The Compliance Handbook, 4th edition, available here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Boards and Doing Business in China

The Administration’s trade war with China has highlighted the risks of both doing business in China and investing in the Chinese companies which come to America to raise capital. Yet this has been a long-known and outstanding problem in the anti-corruption enforcement world. The 2014 bribery and corruption case of GlaxoSmithKline PLC (GSK), which resulted in a $490 million fine for the firm, resonated across the corporate globe. While many questions are still unanswered, one that seems to be at the forefront of the inquiry was where was the GSK Board of Directors. This matter demonstrates that the role of a Board of Directors is becoming more important and more of a critical part of any effective compliance program.

In an NACD Directorship article, entitled “Corruption in China and Elsewhere Demands Board Oversight”, Eric V. Zwisler and Dean A. Yoost note, “Boards are ultimately responsible for risk oversight” any Board of a company with operations in China “needs to have a clear understanding of its duties and responsibilities under the FCPA and other international laws, such as the U.K. Bribery Act”. Why should China be on the radar of Boards? From 2010-2019, over 25% of all FCPA enforcement actions derived from China, that’s why.

FCPA enforcement actions have made clear that numerous Chinese businesses have proven adept at appearing compliant while hiding unacceptable business practices. A Board should be aware that a well-crafted compliance program must be complemented with a thorough understanding of frontline business practices and constant auditing of actual practices, not just a paper compliance program. This means that both monitoring and auditing should be visible to the Board.

Three key takeaways:

  1. China presents the highest FCPA risk and after GSK, domestic law corruption risk as well.
  2. Chinese companies have been adept at hiding corrupt business practices from their western owners.
  3. A Board must be cognizant of these risks and enhance their risk management process in China and other high-risk jurisdictions.

For more information, check out The Compliance Handbook, 4th edition, available here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Key Board Metrics for Compliance

What are metrics for a Board of Directors around compliance? Former Assistant Attorney General Leslie Caldwell laid out some that the Department of Justice (DOJ) would consider in a review of compliance programs. These metrics are:

  • Does the institution ensure that its directors and senior managers provide strong, explicit, and visible support for its corporate compliance policies?
  • Does the Board maintain a material role in overseeing a company’s overall compliance framework?

These requirements move beyond simply having the correct tone at the top, which every Board should articulate. The 2020 Update to the Evaluation of Corporate Compliance Programs added the following, under Oversight by posing the following questions: What compliance expertise has been available on the board of directors? Have the board of directors and/or external auditors held executive or private sessions with the compliance and control functions? What types of information has the board of directors and senior management examined in their exercise of oversight in the area in which the misconduct occurred?

Based on the foregoing, when determining the Board’s role, begin with two questions. First, does the Board of Directors exercise independent review of a company’s compliance program? Second, is the Board of Directors provided information sufficient to enable the exercise of independent judgment?

Three key takeaways:

  1. The DOJ expects active engagement by a Board around compliance.
  2. Does the Board exercise independent review of the compliance program?
  3. The convergence of the Yates Memo, Caldwell’s metrics, the Evaluation, and FCPA Corporate Enforcement Policy mandate Board metrics around compliance.

For more information, check out The Compliance Handbook, 4th edition, available here.

Categories
31 Days to More Effective Compliance Programs

What Leads to a Successful Board Investigation?

Many companies have an investigation protocol in place when a potential Foreign Corruption Practices Act (FCPA) or other legal issue arises. However, many Boards of Directors do not have the same rigor when it comes to an investigation, which should be conducted or led by the Board itself. The consequences of this lack of foresight can be problematic because if a Board of Directors does not get an investigation, which it handles right, the consequences to the company, its reputation, and value can all be quite severe.

In an article in the Corporate Board magazine, entitled “Successful Board Investigations”; David Bayless and Tammy Albarrán, wrote about five key goals that any investigation led by a Board of Directors must meet.

  • Consider whether you need independent outside counsel.
  • Consider hiring an experienced investigator to lead the internal investigation.
  • Consider the need to retain outside experts.
  • Analyze potential conflicts of interest at the outset and during the investigation.
  • Carefully evaluate whistleblower allegations.
  • Request regular updates from outside counsel, without limiting the investigation.
  • Consider whether an oral report at the conclusion of the investigation is sufficient.

The authors conclude their piece by stating, “By keeping in mind the issues addressed above, the Board will be better prepared for the investigation and readily able to exercise good judgment throughout the review. A well-conducted investigation by the Board may spare the company further disruption and costs associated with follow-on investigations by the regulators, or at the very least minimize the company’s exposure.”

Three key takeaways:

  1. Retain the right counsel. Consider conflicts and appearance.
  2. Carefully evaluate all whistleblower allegations and reject retaliation.
  3. Consider receiving oral reports on an ongoing basis and one lengthy oral report at the end of the investigation.

For more information, check out The Compliance Handbook, 4th edition, available here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – What Is Your Board’s Investigation Protocol

Many companies have an investigation protocol in place when a potential Foreign Corruption Practices Act (FCPA) or other legal issue arises. However, many Boards of Directors do not have the same rigor when it comes to an investigation, which should be conducted or led by the Board itself. The consequences of this lack of foresight can be problematic because if a Board of Directors does not get an investigation, which it handles right, the consequences to the company, its reputation, and value can all be quite severe.

In an article in the Corporate Board magazine, entitled “Successful Board Investigations”; David Bayless and Tammy Albarrán, wrote about five key goals that any investigation led by a Board of Directors must meet.

They are:

    • Thoroughness – The authors believe that one of the key, and most critical, questions that any regulator might pose is just how thorough is an investigation; to test whether they can rely on the facts discovered without hav­ing to repeat the investigation themselves. Regulators tend to be skeptical of investigations where limits are placed (expressly or otherwise) on the investigators, in terms of what is investigated, or how the investigation is conducted. This question can be an initial deal-killer particularly if the regulator involved views an investigation insuf­ficiently thorough, its credibility is undermined. And, of course, it can lead to the dreaded ‘Where else’ question.
    • Objectivity – Here the authors write that any “investigation must follow the facts wherever they lead, regardless of the conse­quences. This includes how the findings may impact senior management or other company employees. An investigation seen as lacking objectivity will be viewed by outsiders as inadequate or deficient.” I would add that in addition to the objectivity required in the investigation, the same must be had with the investigators themselves. If a company uses its regular outside counsel, it may be viewed with some askance, particularly if the client is a high-volume client of the law firm involved, either in dollar amounts or in several matters handled by the firm.
    • Accuracy – As in any part of, a best practices anti-corruption compliance program, the three most important things are Document, Document, and Document. This means that the factual findings of an investiga­tion must be well supported. For if the developed facts are not well supported, the authors believe that the investigation is “open to collateral attack by skeptical prosecutors and regulators. If that happens, the time and money spent on the internal investigation will have been wasted, because the government will end up conducting its investigation of the same issues.” This is never good and your company may well lose what little credibility and goodwill that it may have engendered by self-reporting or self-investigating.
    • Timeliness – Certainly in the world of FCPA enforcement, an internal investigation should be done quickly. This has become even more necessary with the tight deadlines set under the Dodd-Frank Act Whistleblower provisions. But there are other considerations for a public company such as an impending Securities and Exchange Commission (SEC) quarterly or annual report that may need to be deferred absent as a timely resolution of the matter. Lastly, the Department of Justice (DOJ) or SEC may view delaying an investigation as simply a part of document spoliation. So timeliness is crucial.
    • Credibility – One of the realities of any FCPA investigation is that a Board of Directors-led investigation is reviewed after the fact by not only skeptical third parties but also sometimes years after the initial events and investigation. So not only is there the opportunity for Monday-Morning Quarterbacking but quite a bit of post-event analysis. So the authors believe that any Board of Directors-led investigation “must be (and must be perceived as) credible as to what was done, how it was done, and who did it. Otherwise, the board’s work will have been for naught.”

    Three Key Takeaways

    1. The Board should have a written protocol for investigations prepared in advance.
    2. This gives cover to a Board when regulators come knocking or other third parties seek review.
    3. Remember the 5 goals of any Board led investigation.