Tag: Board of Directors

Categories
Blog

Building a Stronger Culture of Compliance Through Targeted and Effective Training: Part 5 – The Role of the Board of Directors

Welcome to a special 5 part blog post series on building a stronger culture of compliance through targeted and effective training, sponsored by Diligent. Over this series, Tom Fox visits with Kunal Agrawal, Director of Customer Success at Diligent; Kevin McCoy, Customer Success Manager at Diligent; Jessica Czeczuga, Director, Compliance and Ethics at Diligent; Andrew Rincón, Client Director at Diligent; and David Greenberg, former CEO and Special Advisor at LRN and Director at International Seaways. Over this series, we will consider the importance of ongoing communications, the value of targeted training, training third parties, and the role of the Board of Directors. In this Part 5, we discuss the role of the Board of Directors in a compliance program.

Navigating the complex corporate governance and compliance world is challenging but essential for board members. Ensuring the company operates within legal, ethical, and social confines is vital to effective board governance. Boards that fail to achieve high compliance standards can suffer reputational damage, financial penalties, and even legal consequences. It is, therefore, critical for board members to engage with the importance of their oversight role and invest in the necessary education and best practices to ensure they effectively fulfill this responsibility. Here are the key steps:

1. Understand the Board’s oversight responsibilities.

2. Establish strong communication with management.

3. Ensure compliance programs are integrated into the company’s DNA.

Understand the Board’s oversight responsibilities. Board members ensure a company’s ethical standards, compliance, and performance.  Understanding a Board’s oversight responsibilities is paramount to effectively governing and managing the organization. Every Board has a fiduciary duty to protect the stakeholders’ interests and ensure the company’s compliance with laws, regulations, and policies. To meet this legal requirement, Board members should know current best practices, emerging trends, and the legislative and regulatory landscape and be prepared to ask tough questions, follow up, and support management in executing the company’s plans.

Greenberg discussed the importance of a healthy relationship between the Board and the Chief Compliance Officer (CCO). Greenberg emphasized that the role of the Board is one of oversight rather than execution. This entails the need for ongoing dialogue and frequent reporting by the CCO to ensure the Board is informed of the company’s activities, risks, and potential blind spots. Greenberg also recommends that oversight committees take a hands-on deep-dive approach to identify and address potential issues, ensuring the compliance program is ingrained within the company culture and business strategy. Companies must find the appropriate committee with the right people and relevant interests to oversee compliance and advocate for common membership across committees to ensure strategic integration and prevent fragmentation. For Board members, understanding their oversight responsibilities is essential to foster robust corporate governance, risk management, and compliance.

Establish strong communication with management. Establishing strong communication with management is critical for an effective board oversight process. This key step involves board members working closely with senior management and the CCO to ensure that all compliance-related matters are addressed promptly and accurately. By fostering a healthy rapport with management, Board members can actively engage in oversight and be more proactive in remedying compliance-related issues. This collaborative relationship between the Board and management is essential for companies to maintain compliance with laws and policies, ultimately safeguarding the organization’s reputation and performance. Greenberg emphasizes the importance of strong communication between the compliance officers and the Board.

CCOs should develop close relationships with board members, much like senior managers. Greenberg noted this could involve CCOs meeting with board members outside of scheduled meetings to discuss concerns or potential issues. By doing so, a CCO can build trust and foster open communication, allowing board members to comprehensively understand the company’s compliance efforts. Greenberg also emphasized the value of having the right committee and membership, which includes individuals with the background, interests, and time necessary to effectively carry out their oversight duties. This key step is vital for board members because open and direct communication with management enables the Board to strategically address compliance matters, resulting in improved oversight and risk mitigation. Moreover, when board members have a strong rapport with management, they can proactively identify and address any issues before escalating.

Ensure compliance programs are integrated into the company’s DNA. In successfully executing their compliance oversight duties, Boards must ensure that their compliance programs are integrated into the company’s DNA, or as the DOJ says, it’s all about culture. Such integration fosters a strong culture of compliance, which is crucial in minimizing misconduct, reducing legal risks, and protecting the organization’s reputation. By incorporating compliance as a core element within the company’s strategic planning, daily operations, and employee training, boards can better manage risks and ensure adherence to relevant laws, regulations, and policies. Further, a fully integrated compliance program will enhance overall corporate performance, customer trust, and employee engagement.

For a Board to effectively exercise its oversight duties, compliance programs should be tailored to the organization’s business strategy, culture, and resources. The relationship between the Board, senior management, and the CCO can facilitate effective communication and better coordination in addressing critical ethics and compliance matters. The Board must ask tough questions and dive deep into possible issues to ensure transparency and accountability. By embedding compliance within the organization’s structural and cultural fabric, boards can create a robust environment that discourages misconduct while promoting transparency, accountability, and ethical behavior. This safeguards the company’s reputation, financial performance, and regulatory compliance. Ensuring seamless integration of compliance programs is a vital obligation for the boards, enabling them to effectively fulfill their oversight responsibilities and protect the organization’s long-term interests.

For Board members, the importance of robust oversight and compliance cannot be overstated, especially in a world where regulatory scrutiny grows more intense by the day. By following these steps, you can hone your understanding of the Board’s oversight responsibilities, establish solid communication channels with management, and embed a culture of compliance across your organization. Equipping yourself with these essential practices empowers you to tackle complex compliance challenges head-on and steer your organization toward success. As you continue sharpening your oversight skills, you will foster a resilient compliance framework that safeguards your organization and its stakeholders.

For more information, go to Diligent.com.

Categories
Innovation in Compliance

Building a Stronger Culture of Compliance Through Targeted and Effective Training: Part 5 – The Role of the Board

Welcome to a special 5 part podcast series on building a stronger culture of compliance through targeted and effective training, sponsored by Diligent. Over this series, I will visit with Kunal Agrawal, Director of Customer Success at Diligent; Kevin McCoy, Customer Success Manager at Diligent; Jessica Czeczuga, Director, Compliance and Ethics at Diligent; Andrew Rincón, Client Director at Diligent; and David Greenberg, former CEO and Special Advisor at LRN and Director at International Seaways. Over this series, we will consider the importance of ongoing communications, the value of targeted training, training third parties, and the role of the Board of Directors. In this concluding Part 5, we consider the role of the Board of Directors in a compliance program with David Greenberg.

In this episode, Greenberg discusses the board’s legal obligations, emphasizing their duty to exercise reasonable oversight over potential misconduct and failures of compliance with law and policy. The podcast also delves into the importance of integrating compliance programs into a company’s overall strategy and developing strong relationships with senior management, such as the chief legal officer or chief compliance officer. Listeners will learn the importance of finding the right committee to oversee compliance obligations and utilizing outside experts for insight and guidance. This conversation is essential for board members and executives who want to ensure accountability, initiate change, and drive organizational success. Don’t miss out on this informative and engaging episode of “The Role of the Board” episode.

Key Highlights:

  • Legal obligations and oversight for corporate boards
  • Importance of integrating compliance into the company culture
  • Board Oversight and Relationship Building with CCO
  • The Significance of Outside Perspectives for Boards

Notable Quotes:

“There is a strong obligation on boards to exercise reasonable oversight over all potential misconduct and failures of compliance law and policy should a reasonable board has known and taken steps…should that body have known and should it have done more than it did.”

“Boards principally should be asking tough questions and following up on those questions.”

“Anything that is not integrated into the real levers and machinery of the business will not be successful.”

“That chief compliance officer who knows the head of the audit committee or compliance committee or governance committee is much more able and comfortable picking up the phone and saying to the chair, Houston, we’ve got a problem.”

For more information go to Diligent.com

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – The Board Role in Hiring

What is the role of a Board of Directors in hiring senior executives, CCOs, and even other board members? I explored this issue with Candice Tal, who began by noting, that bad senior executive hires can cost a company much more than simply dollars. She related, the “financial costs in day-to-day operations easily can quadruple that of a regular employee, but it can also impact the company’s corporate governance and board of directors if that executive hire was found to be involved with unethical and illegal activities. Not even a signed contract can protect a company if an executive hire’s unethical actions come to the attention of the national media. Fiduciary risk and exposure for the board of directors cannot be overlooked.”

She pointed to the example of Yahoo! and its hire of Scott Thompson. It turned out that Thompson had incorrect information in his online biography regarding his academic credentials. The “implications went beyond the activist shareholder accusations to reflect on the Board of Directors for not vetting his background more carefully. The company may have been exposed to claims of providing false information to the SEC and potential stockholder lawsuits. Thompson’s 120-day tenure at Yahoo! cost the company over $7 million and seriously tarnished the company’s reputation in the business community.”

The key is that a company engages in an executive due diligence investigation rather than simply a routine or even executive-level background investigation. Tal explained that an executive background search is “typically limited to a five-component review of criminal records, employment verification, degree or education verification, social security validation, address verification and sometimes credit history.” Such searches are “very limited searches.”

Conversely, executive due diligence, “looks in-depth at all available public records sources: criminal history, civil litigation issues, financial and legal issues, relationships with other companies and board advisory positions, reputation, misrepresented education and overstated work history, behavioral history (for example litigiousness), and, in particular, undisclosed or adverse issues.” While it is generally “more costly than executive background checks and takes more time, the information gathered is extremely valuable and can save a company substantially more. A high-quality due diligence review can find important information which would not be returned in a routine executive background check.”

Infortal has found that up to 20% of executive search candidates fail a deep-level due diligence investigation. Now consider how many senior executive slots your company has and add to that Board of Directors seats and you can quickly see the risk of failure to consider an executive due diligence search when promoting or hiring. Moreover, you need executive-level due diligence in other business situations as well, including the senior management of new business acquisitions brought into your organization through a merger or other acquisition, selecting new Board members, screening the corporate Board of Directors, and of course, for third party business partners and other agents in the sales and supply chain channels. 

Three key takeaways:

  1. The costs of a bad executive hire can far exceed the dollar loss.
  2. Do not forget the differences between an executive background check and executive level due diligence.
  3. 20% of all senior executives fail an executive level due diligence check.

For more information, check out The Compliance Handbook, 4th edition, available here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Boards and Doing Business in China

The Administration’s trade war with China has highlighted the risks of both doing business in China and investing in the Chinese companies which come to America to raise capital. Yet this has been a long-known and outstanding problem in the anti-corruption enforcement world. The 2014 bribery and corruption case of GlaxoSmithKline PLC (GSK), which resulted in a $490 million fine for the firm, resonated across the corporate globe. While many questions are still unanswered, one that seems to be at the forefront of the inquiry was where was the GSK Board of Directors. This matter demonstrates that the role of a Board of Directors is becoming more important and more of a critical part of any effective compliance program.

In an NACD Directorship article, entitled “Corruption in China and Elsewhere Demands Board Oversight”, Eric V. Zwisler and Dean A. Yoost note, “Boards are ultimately responsible for risk oversight” any Board of a company with operations in China “needs to have a clear understanding of its duties and responsibilities under the FCPA and other international laws, such as the U.K. Bribery Act”. Why should China be on the radar of Boards? From 2010-2019, over 25% of all FCPA enforcement actions derived from China, that’s why.

FCPA enforcement actions have made clear that numerous Chinese businesses have proven adept at appearing compliant while hiding unacceptable business practices. A Board should be aware that a well-crafted compliance program must be complemented with a thorough understanding of frontline business practices and constant auditing of actual practices, not just a paper compliance program. This means that both monitoring and auditing should be visible to the Board.

Three key takeaways:

  1. China presents the highest FCPA risk and after GSK, domestic law corruption risk as well.
  2. Chinese companies have been adept at hiding corrupt business practices from their western owners.
  3. A Board must be cognizant of these risks and enhance their risk management process in China and other high-risk jurisdictions.

For more information, check out The Compliance Handbook, 4th edition, available here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Key Board Metrics for Compliance

What are metrics for a Board of Directors around compliance? Former Assistant Attorney General Leslie Caldwell laid out some that the Department of Justice (DOJ) would consider in a review of compliance programs. These metrics are:

  • Does the institution ensure that its directors and senior managers provide strong, explicit, and visible support for its corporate compliance policies?
  • Does the Board maintain a material role in overseeing a company’s overall compliance framework?

These requirements move beyond simply having the correct tone at the top, which every Board should articulate. The 2020 Update to the Evaluation of Corporate Compliance Programs added the following, under Oversight by posing the following questions: What compliance expertise has been available on the board of directors? Have the board of directors and/or external auditors held executive or private sessions with the compliance and control functions? What types of information has the board of directors and senior management examined in their exercise of oversight in the area in which the misconduct occurred?

Based on the foregoing, when determining the Board’s role, begin with two questions. First, does the Board of Directors exercise independent review of a company’s compliance program? Second, is the Board of Directors provided information sufficient to enable the exercise of independent judgment?

Three key takeaways:

  1. The DOJ expects active engagement by a Board around compliance.
  2. Does the Board exercise independent review of the compliance program?
  3. The convergence of the Yates Memo, Caldwell’s metrics, the Evaluation, and FCPA Corporate Enforcement Policy mandate Board metrics around compliance.

For more information, check out The Compliance Handbook, 4th edition, available here.

Categories
31 Days to More Effective Compliance Programs

What Leads to a Successful Board Investigation?

Many companies have an investigation protocol in place when a potential Foreign Corruption Practices Act (FCPA) or other legal issue arises. However, many Boards of Directors do not have the same rigor when it comes to an investigation, which should be conducted or led by the Board itself. The consequences of this lack of foresight can be problematic because if a Board of Directors does not get an investigation, which it handles right, the consequences to the company, its reputation, and value can all be quite severe.

In an article in the Corporate Board magazine, entitled “Successful Board Investigations”; David Bayless and Tammy Albarrán, wrote about five key goals that any investigation led by a Board of Directors must meet.

  • Consider whether you need independent outside counsel.
  • Consider hiring an experienced investigator to lead the internal investigation.
  • Consider the need to retain outside experts.
  • Analyze potential conflicts of interest at the outset and during the investigation.
  • Carefully evaluate whistleblower allegations.
  • Request regular updates from outside counsel, without limiting the investigation.
  • Consider whether an oral report at the conclusion of the investigation is sufficient.

The authors conclude their piece by stating, “By keeping in mind the issues addressed above, the Board will be better prepared for the investigation and readily able to exercise good judgment throughout the review. A well-conducted investigation by the Board may spare the company further disruption and costs associated with follow-on investigations by the regulators, or at the very least minimize the company’s exposure.”

Three key takeaways:

  1. Retain the right counsel. Consider conflicts and appearance.
  2. Carefully evaluate all whistleblower allegations and reject retaliation.
  3. Consider receiving oral reports on an ongoing basis and one lengthy oral report at the end of the investigation.

For more information, check out The Compliance Handbook, 4th edition, available here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – What Is Your Board’s Investigation Protocol

Many companies have an investigation protocol in place when a potential Foreign Corruption Practices Act (FCPA) or other legal issue arises. However, many Boards of Directors do not have the same rigor when it comes to an investigation, which should be conducted or led by the Board itself. The consequences of this lack of foresight can be problematic because if a Board of Directors does not get an investigation, which it handles right, the consequences to the company, its reputation, and value can all be quite severe.

In an article in the Corporate Board magazine, entitled “Successful Board Investigations”; David Bayless and Tammy Albarrán, wrote about five key goals that any investigation led by a Board of Directors must meet.

They are:

    • Thoroughness – The authors believe that one of the key, and most critical, questions that any regulator might pose is just how thorough is an investigation; to test whether they can rely on the facts discovered without hav­ing to repeat the investigation themselves. Regulators tend to be skeptical of investigations where limits are placed (expressly or otherwise) on the investigators, in terms of what is investigated, or how the investigation is conducted. This question can be an initial deal-killer particularly if the regulator involved views an investigation insuf­ficiently thorough, its credibility is undermined. And, of course, it can lead to the dreaded ‘Where else’ question.
    • Objectivity – Here the authors write that any “investigation must follow the facts wherever they lead, regardless of the conse­quences. This includes how the findings may impact senior management or other company employees. An investigation seen as lacking objectivity will be viewed by outsiders as inadequate or deficient.” I would add that in addition to the objectivity required in the investigation, the same must be had with the investigators themselves. If a company uses its regular outside counsel, it may be viewed with some askance, particularly if the client is a high-volume client of the law firm involved, either in dollar amounts or in several matters handled by the firm.
    • Accuracy – As in any part of, a best practices anti-corruption compliance program, the three most important things are Document, Document, and Document. This means that the factual findings of an investiga­tion must be well supported. For if the developed facts are not well supported, the authors believe that the investigation is “open to collateral attack by skeptical prosecutors and regulators. If that happens, the time and money spent on the internal investigation will have been wasted, because the government will end up conducting its investigation of the same issues.” This is never good and your company may well lose what little credibility and goodwill that it may have engendered by self-reporting or self-investigating.
    • Timeliness – Certainly in the world of FCPA enforcement, an internal investigation should be done quickly. This has become even more necessary with the tight deadlines set under the Dodd-Frank Act Whistleblower provisions. But there are other considerations for a public company such as an impending Securities and Exchange Commission (SEC) quarterly or annual report that may need to be deferred absent as a timely resolution of the matter. Lastly, the Department of Justice (DOJ) or SEC may view delaying an investigation as simply a part of document spoliation. So timeliness is crucial.
    • Credibility – One of the realities of any FCPA investigation is that a Board of Directors-led investigation is reviewed after the fact by not only skeptical third parties but also sometimes years after the initial events and investigation. So not only is there the opportunity for Monday-Morning Quarterbacking but quite a bit of post-event analysis. So the authors believe that any Board of Directors-led investigation “must be (and must be perceived as) credible as to what was done, how it was done, and who did it. Otherwise, the board’s work will have been for naught.”

    Three Key Takeaways

    1. The Board should have a written protocol for investigations prepared in advance.
    2. This gives cover to a Board when regulators come knocking or other third parties seek review.
    3. Remember the 5 goals of any Board led investigation.

     

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Board Oversight Role over Internal Controls

Best practices compliance program. The first in Hallmark No. 1 states, “Within a business organization, compliance begins with the board of directors and senior executives setting the proper tone for the rest of the company.” The second is found under Hallmark No. 3, entitled “Oversight, Autonomy and Resources,” which says the Chief Compliance Officer (CCO) should have “direct access to an organization’s governing authority, such as the board of directors and committees of the board of directors (e.g., the audit committee).” Further, under the US Sentencing Guidelines, the Board must exercise reasonable oversight of the effectiveness of a company’s compliance program. The DOJ Prosecution Standards posed the following queries: (1) Do the Directors exercise independent review of a company’s compliance program? and (2) Are Directors provided sufficient information to enable independent judgment?

Further, if a company’s business plan includes a high-risk proposition, there should be additional oversight. In other words, there is an affirmative duty to ask tough questions. But it is more than simply having a compliance program in place. The Board must exercise appropriate oversight of the compliance program and the compliance function. The Board must ask hard questions and be fully informed of the company’s overall compliance strategy. Lawyers often speak to and advise Boards on their legal obligations and duties. If a Board’s oversight is part of effective financial controls under Sarbanes Oxley (SOX), that includes effective compliance controls. Failure to do either may result in something far worse than bad governance. It may directly lead to an FCPA violation and could even form the basis of an independent FCPA violation. A company must have a corporate compliance program in place and actively oversee that function. A failure to perform these functions may lead to independent liability of a Board for its failure to perform its allotted tasks in an effective compliance program. Internal controls work together with compliance policies and procedures and are interrelated control mechanisms. There are five general compliance internal controls for a Board or Board subcommittee role for compliance:

Three Key Takeaways:

  1. GTE compliance internal controls are low-hanging fruit. Pick them.
  2. Compliance with internal controls can be both detected and prevented controls.
  3. Good compliance with internal controls is good for business.
Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – The Board as an Internal Control

James Doty, former Commissioner of the Public Company Accounting Oversight Board (PCAOB) was once asked if the Board or its sub-committee which handles audits was a part of a company’s internal financial controls. He answered that yes, he believed that was one of the roles of an Audit Committee or full Board. I had never thought of the Board as an internal control but the more I thought about it, the more I realized it was an important insight for any Chief Compliance Officer or compliance practitioner as it also applies to compliance internal control.
In the FCPA Resource Guide, 2nd edition, in the Hallmarks of an Effective Compliance Program, there are two specific references to the obligations of a Board. The first is in Hallmark No. 1, which states, “Within a business organization, compliance begins with the board of directors and senior executives setting the proper tone for the rest of the company.” The second is found under Hallmark No. 3, entitled “Oversight, Autonomy and Resources”, where it discusses that the CCO should have “direct access to an organization’s governing authority, such as the board of directors and committees of the board of directors (e.g., the audit committee).” Further, under the US Sentencing Guidelines, the Board must exercise reasonable oversight of the effectiveness of a company’s compliance program. The Department of Justice’s (DOJ) Prosecution Standards posed the following queries: (1) Do the Directors exercise independent review of a company’s compliance program? and (2) Are Directors provided information sufficient to enable the exercise of independent judgment? Doty’s remarks drove home to me the absolute requirement for Board participation in any best practices or even effective anti-corruption compliance program.

A Board’s oversight is part of effective compliance controls, then the failure to do so may result in something far worse than bad governance. Such inattention could directly lead to a FCPA violation and could even form the basis of an independent SOX violation as to the Board.
Three Key Takeaways

  1. A Board must engage in active oversight.
  2. A Board should review the design of internal controls on a regular basis.
  3. Failure to do so could form the basis for an independent legal violation under SOX.
Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program with Boards – Legal Requirements of the Board Regarding Compliance

As to the specific role of best practices in general compliance and ethics, one can look to Delaware corporate law for guidance. The case of In Re Caremark International Inc., 698 A.2d 959 (Del. S. Ct. 1996) was the first case to hold that a Board’s obligation “includes a duty to attempt in good faith to assure that a corporate information and reporting system, which the board concludes is adequate, exists, and that failure to do so under some circumstances may, in theory at least, render a director liable for losses caused by non-compliance with applicable legal standards.”

In the case of Stone v. Ritter, the Supreme Court of Delaware expanded on the Caremark decision by establishing two important principles. First, the Court held that the Caremark standard is the appropriate standard for director duties concerning corporate compliance issues. Second, the Court found that no duty of good faith forms a basis for director liability, independent of the duties of care and loyalty. Rather, Stone v. Ritter 911 A.2d 362 (‎Del. S. Ct. 2006) holds that the question of director liability turns on whether there is a “sustained or systematic failure of the board to exercise oversight—such as an utter failure to attempt to assure a reasonable information and reporting system exists.”

The Board has the role of monitoring the performance of the compliance function, including monitoring the performance of it using standard economic metrics and overseeing compliance with applicable laws and regulations. While the Board is not responsible for auditing or ferreting out compliance problems, it is responsible for determining that the company has an appropriate system of internal controls. The Board should also monitor company policies and practices that address compliance and matters affecting the public perception and reputation of the company. Every company should ensure that it conducts appropriate compliance training for employees and conducts regular compliance assessments. Finally, the Board must take appropriate action if and when it becomes aware of a material problem it believes management is not properly handling. The Delaware Supreme Court has expanded this obligation in the cases of Marchand v. Barnhill (the “Blue Bell” case),  Clovis Oncology, Hughes, and Boeing.

From the Delaware cases, a Board must have a corporate compliance program in place and actively oversee that function. Further, if a company’s business plan includes a high-risk proposition, additional oversight should exist. In other words, there is an affirmative duty to ask tough questions. However, there has been a significant expansion of the Board’s Caremark obligation.  Delaware courts will be much more scrutinizing of Caremark claims going forward. The evolution of decisions from Marchand to Boeing shows that a company must have robust compliance and risk management oversight but, more importantly, engage in oversight for the company’s signature risk(s). Boards must do so aggressively, not passively.

As Mike Volkov has noted, “At the bottom, the Chancery Court is raising the stakes on board member accountability.”

 Three key takeaways:

  1. The Delaware courts have led the way with the Caremark and Stone v. Ritter decisions.
  2. Boards must have compliance expertise and exercise it.
  3. In a series of recent decisions, the Delaware courts are expanding the Caremark obligations, most recently.

For more information check out The Compliance Handbook, 3rd edition, available from LexisNexis here.