Tag: Board of Directors

Categories
Blog

Day 19 of 30 Days to a Better Compliance Program, Compliance Expertise on the Board

The Office of Inspector General (OIG) has called for greater compliance expertise at the Board level. The OIG said that a Board could raise its level of substantive expertise concerning regulatory and compliance matters by adding a compliance member to the Board. Such a compliance professional with subject matter expertise on the Board sends a strong message about the organization’s commitment to compliance, provides a valuable resource to other Board members, and helps the Board better fulfill its oversight obligations. Mike Volkov looked at it from both a practical and business perspective. He stated, “I have witnessed firsthand that companies with a board member with compliance expertise usually have a more aggressive and effective compliance program. In this situation, a Chief Compliance Officer has to answer to the board for the company’s compliance program while receiving the resources and support to accomplish compliance tasks.” Roy Snell sees it through the prism of the compliance profession and has said, “If you ask most companies if they have compliance expertise on their Board… most would say yes. When asked who the compliance expert is, they typically point to a lawyer, auditor, risk manager, or ethicist. None of these professions are automatically compliance experts. All lawyers have different specialties.” He goes on to state that what regulators want to see is specific compliance expertise at the Board level. He noted, “the government is looking for is not generic compliance expertise. They are looking for compliance program management expertise. Hui Chen, the DOJ Compliance Counsel, has continually talked about the need for companies to operationalize their compliance programs. She intones businesses must work to burn compliance into the fabric and DNA of their organization. Having a Board member with specific compliance expertise heading a Board level Compliance Committee can provide a level of oversight and commitment to achieving this goal. It will not be long before the DOJ and SEC require this step in any FCPA enforcement action resolution. This means that when your company is evaluated by Chen, under the factors set out in Prong Three of the FCPA Pilot Program, to retrospectively determine if your company had a best practices compliance program in place at the time of any violation, you need to have not only the structure of the Board level Compliance Committee but also the specific subject matter expertise on the Board and on that committee.

Key Takeaways

  1. Boards must have compliance expertise.
  2. Government regulators and shareholder groups have called for greater compliance expertise on the Board.
  3. Compliance expertise at the Board works up and down as such expertise can be a resource to the CCO and the compliance department.

For more information, check out my book Doing Compliance: Design, Create and Implement an Effective Anti-Corruption Compliance Program, which is available by clicking here. Both government regulators and shareholder groups have both called for greater compliance expertise at the Board.

Categories
31 Days to More Effective Compliance Programs

Day 5 | The Board and Operationalizing Compliance


In addition to a company’s senior management, there is a Board of Directors at the top. Yet the role of the Board is different than that of senior management. For the Board of Directors, the 2020 Update stated:
Oversight – What compliance expertise has been available on the board of directors? Have the board of directors and/or external auditors held executive or private sessions with the compliance and control functions? What types of information have the board of directors and senior management examined in their exercise of oversight in the area in which the misconduct occurred?
Having a Board member with specific compliance expertise or heading a Compliance Committee can provide a level of oversight and commitment to achieving this goal. The DOJ enshrined this requirement in the FCPA Corporate Enforcement Policy. This means that when your company is evaluated by the DOJ, under the factors set out in the 2020 Update and FCPA Corporate Enforcement Policy, to retrospectively determine if your company had a best practices compliance program in place at the time of any violation, you need to have not only the structure of the Board-level Compliance Committee but also the specific subject matter expertise (SME) on the Board and on that committee.
Another arm of the US government has recognized the need for such expertise at the Board level. In 2015, the Office of Inspector General (OIG), in a publication entitled “Practical Guidance for Health Care Governing Boards”, called for greater compliance expertise at the Board level. The OIG said that a Board can raise its level of substantive expertise with respect to regulatory and compliance matters by adding to the Board a compliance member. The presence of a such a compliance professional with SME “on the board sends a strong message about the organization’s commitment to compliance, provides a valuable resource to other board members and helps the board better fulfill its oversight obligations.”
All of this means that every Board of Directors needs a true compliance expert. Almost every Board has a former Chief Financial Officer (CFO), former head of Internal Audit or persons with a similar background, and often times these are also the Audit Committee members of the Board. Such a background brings a level of sophistication, training and SME that can help all companies with their financial reporting and other finance-based issues. So why is there not such SME at the Board level from the compliance profession?
 Three key takeaways:

  1. The 2020 Update requires active Board of Director engagement and oversight around compliance
  2. Board communication on compliance is a two-way street; both inbound and outbound
  3. Does the Board of Directors have a compliance expert?
Categories
This Week in FCPA

Episode 222 – the Trees Gone Bad edition


As Donald Trump blames the California and Oregon forest fires on ‘trees gone bad’; Tom and Jay continue to brave the surge in Covid cases by staying safe at home. They are back to look at top compliance articles and stories which caught their eye this week.

  1. How does Bluebell apply to cyber claims against a Board of Directors? Paul Ferllio, Bob Zukis and Christophe Veltsos in the Harvard Law School forum on Corp Governance.
  2. VW Monitor closes out monitorship. Jack Ewing in the NYT. Mengqi Sun in the WSJ Risk and Compliance Journal.
  3. Tom takes a deep dive into Herbalife. Part 1, Part 2, Part 3 and Part 4.
  4. The intersection of anti-human trafficking and ABC compliance. Vanessa Hans in the FCPA Blog.
  5. Does the DOJ have to turn in SEC investigative material in a criminal FCPA trial? Matt Kelly goes legal in Radical Compliance.
  6. The intersection of compliance and internal audit? Mike Volkov in Corruption Crime and Compliance.
  7. Who is a PEP? Dick Cassin considers a plethora of definitions in the FCPA Blog.
  8. Has Covid-19 changed the relationship between senior management and the Board? Dottie Schindlinger and Kira Ciccarelli in CCI.
  9. This month on The Compliance Life, I am joined by DeAnna Nwankwo. In this week’s Part 2, DeAnna talks about some of the skills she needed in the CCO chair.
  10. On the Compliance Podcast Network, on 31 Days to a More Effective Compliance Program, this month focuses on internal controls. This week saw the following offerings: Monday– Internal controls for 3rd parties; Tuesday– Internal controls for GTE; Wednesday– BOD oversight as an internal control; Thursday– Code of Conduct as an internal control; and Friday– What is the COSO Internal Controls Framework. The month of August is being sponsored by Affiliated Monitors. Note 31 Days to a More Effective Compliance Program now has its own iTunes channel. If you want to binge out and listen to only these episodes, click here.
  11. Join Jay and Tom at Converge20. Convercent’s top compliance conference is going virtual this year. Check at the agenda and register here.
  12. Join a great upcoming K2 Intelligence FIN webinar. Robin Henry on how investigators can use social media, Thursday, 9-24 at 1600 GMT. Registration and information here.
  13. Join Tom, Charlie Voelker, Legal Compliance Solutions, Skillsoft and Stephen Martin, Partner, StoneTurn for a joint Skillsoft/StoneTurn webinar on evolving your compliance program under the 2020 Update to the Evaluation of Corporate Compliance Programs. Wednesday, September 23, from 12 PM – 1 PM EDT. Information and registration here.

Tom Fox is the Compliance Evangelist and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.

Categories
31 Days to More Effective Compliance Programs

Inquiring up and down

Where does “tone at the top” start? With any public and most private U.S. companies, it is at the Board of Directors. But what is the role of a company’s Board in compliance? First a Board should not engage in management but should engage in oversight of a CEO and senior management. The Board does this through asking hard questions, risk assessment and identification.
Initially it must be important that the Board receive direct access to such information on a company’s policies on this issue. The Board must have quarterly or semi-annual reports from a company’s CCO to either the Audit Committee or the Compliance Committee. Every Board should create a Compliance Committee to deal with compliance issues, as an Audit Committee may more appropriately deal with financial audit issues. A Board Compliance Committee can devote itself exclusively to non-financial compliance. The Board’s oversight role should be to receive such regular reports on the structure of the company’s compliance program, its actions and self-evaluations. From this information the Board can give oversight to any modifications to managing FCPA risk that should be implemented. CCO reporting to the Compliance Committee must be structured carefully to promote ethics and compliance.
Three key takeaways:

  1. A Board Compliance Committee should provide oversight not management.
  2. A CCO should use multiple reports to communicate with the Board Compliance Committee.
  3. Board Compliance Committee oversight makes companies more efficient and at the end of the day more profitable.
Categories
31 Days to More Effective Compliance Programs

The Board of Directors investigation protocol


Many companies have an investigation protocol in place when a potential compliance violation or other legal issue arises. However, many Boards of Directors do not have the same rigor when it comes to an investigation, which should be conducted or led by the Board itself. The consequences of this lack of foresight can be problematic, because if a Board does handle an investigation right, the consequences to the company, its reputation and value can be quite severe. The SEC considers a variety of factors around corporate investigations including: Did management, the board or committees consisting solely of outside directors oversee the review? Did company employees or outside persons perform the review? If outside persons, have they done other work for the company?
There is also a SOX role in internal investigations, most particularly for audit. Section 301 establishes certain requirements for Audit Committees, including: (1) Procedures for receipt, retention, and treatment of complaints received by the issuer regarding accounting, internal accounting controls, or auditing matters; (2) Procedures regarding the confidential, anonymous submission by employees of the issuer of concerns regarding questionable accounting or auditing matters; (3) Authority to engage independent counsel and other advisers, as it determines necessary to carry out its duties; and (4) Funding to engage advisors as it deems appropriate.
Three key takeaways:

  1. The Board should have a written protocol for investigations prepared in advance.
  2. Any Board led investigation must be both credible and objective.
  3. The investigation must be thorough but the Board can be cost effective.
Categories
31 Days to More Effective Compliance Programs

Day 5 | The Board and operationalizing compliance

In addition to a company’s senior management, there is a Board of Directors at the top. Yet the role of the Board is different than that of senior management. For the Board of Director, the Evaluation of Corporate Compliance Programs – Guidance Document (2019 Guidance) stated:

Oversight – What compliance expertise has been available on the board of directors? Have the board of directors and/or external auditors held executive or private sessions with the compliance and control functions? What types of information have the board of directors and senior management examined in their exercise of oversight in the area in which the misconduct occurred?
 The DOJ Antitrust Division’s Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations (Antitrust Compliance Program Guidance) was even more explicit in announcing   their expectation for robust Board oversight of a corporate compliance function.  The Antitrust Compliance Program Guidance stated “For the antitrust compliance program to be effective, those with operational responsibility for the program must have sufficient autonomy, authority, and seniority within the company’s governance structure, as well as adequate resources for training, monitoring, auditing and periodic evaluation of the program.  The Antitrust Compliance Program Guidance then went on to ask the following questions: Who has overall responsibility for the antitrust compliance program?  Is there a chief compliance officer or executive within the company responsible for antitrust compliance?  If so, to whom does the individual report, e.g., the Board of Directors, audit committee, or other governing body?  How often does the compliance officer or executive meet with the Board, audit committee, or other governing body?  How does the company ensure the independence of its compliance personnel? 
 Three key takeaways:

  1. The DOJ Evaluation requires active Board of Director engagement and oversight around compliance.
  2. Board communication on compliance is a two-way street; both inbound and outbound.
  3. Does the Board of Directors have a Compliance Expert?
Categories
Across the Board

Across the Board – Episode 1: What’s the Tone at the Very Top

In this special 5-part podcast series, I visit with David Greenberg, Special Advisor at LRN. We take a deep dive into the LRN White Paper entitled, “What’s the Tone at the Very Top: Board and Compliance: The Role of Boards in Overseeing Corporate Ethics & Compliance”. In this podcast series we explore the white paper in depth and provide the Chief Compliance Officer and compliance practitioner with succinct and practical tips for educating, dealing with and reporting to a Board of Directors. In Episode 1 we introduce the topic of what’s the tone at the very top of your organization. Some of the highlights from the podcast include:

  • What’s the role of the Board around compliance and ethics?
  • Why is it important for the Board to actively oversee a C&E program?
  • What is the biggest disconnect between the BOD and the compliance function?
  • Board members should think of compliance as beyond FCPA and Sarbanes-Oxley, yet there understanding is members’ fuzzy at best.
  • Board members understand what auditors do, but they often do not understand compliance enough to ask intelligent questions.”

Check out the LRN White Paper What’s the Tone at the Very Top: Board and Compliance: the Role of Boards in Overseeing Corporate Ethics & Complianceby clicking here.

Categories
Across the Board

Across the Board – Episode 3: Not Enough Time/Not Enough Depth

In this special 5-part podcast series, I am visiting with David Greenberg, Special Advisor at LRN. We take a deep dive into the LRN White Paper entitled, “What’s the Tone at the Very Top: Board and Compliance: The Role of Boards in Overseeing Corporate Ethics & Compliance”. In this podcast series we explore the white paper in depth and provide the Chief Compliance Officer and compliance practitioner with succinct and practical tips for educating, dealing with and reporting to a Board of Directors. In Episode 3, we consider many CECO’s concern that Boards do not dedicate sufficient time and priority to compliance nor go into sufficient depth into compliance programs and potential outcomes . Some of the highlights from the podcast include:

  • Why don’t Boards put in more time around E&C programs?
  • Why is compliance often the last item on the Board agenda and equally as often, left off for later?
  • CECOs want to be challenged by their Boards but often are not.
  • Does your Board have a compliance game plan?
  • Why don’t BODs go deeper into E&C programs? How would they do so?
  • Are Boards even asking the right questions?

Check out the LRN White Paper What’s the Tone at the Very Top: Board and Compliance: the Role of Boards in Overseeing Corporate Ethics & Complianceby clicking here.

Categories
Across the Board

Across the Board – Episode 5: The Road Ahead

Over this special 5-part podcast series, I have visited with David Greenberg, Special Advisor at LRN. We take a deep dive into the LRN White Paper entitled, “What’s the Tone at the Very Top: Board and Compliance: The Role of Boards in Overseeing Corporate Ethics & Compliance”. In this podcast series we explore the white paper in depth and provide the Chief Compliance Officer and compliance practitioner with succinct and practical tips for educating, dealing with and reporting to a Board of Directors. In this fifth and final episode, we look at the road ahead. The White Paper stated, “Over time, the gulf between CECOs and boards should be bridgeable. We believe the bridge should be built quickly. The sooner that CECOs have the board’s ear – and that directors are fully aware of what CECOs and the initiatives they lead can bring to the table –the stronger and more resilient their companies will be.
Some of the highlights from the podcast include:

  • What practical steps should be taken to engage the board more actively and effectively in ethics and compliance oversight?
  1. More time, higher priority, stronger signals from boards in ethics and compliance oversight.
  2. Boards need to question whether ethics and compliance are genuinely integral to business operations.
  3. Elevate the CECO and establish direct and confidential reporting lines?
  • What lays on the road ahead?

Check out the LRN White Paper What’s the Tone at the Very Top: Board and Compliance: the Role of Boards in Overseeing Corporate Ethics & Complianceby clicking here.

Categories
Across the Board

Across the Board – Episode 2: BOD Understanding and the Game Plan

In this special 5-part podcast series, I am visiting with David Greenberg, Special Advisor at LRN. We take a deep dive into the LRN White Paper entitled, “What’s the Tone at the Very Top: Board and Compliance: The Role of Boards in Overseeing Corporate Ethics & Compliance”. In this podcast series we explore the white paper in depth and provide the Chief Compliance Officer and compliance practitioner with succinct and practical tips for educating, dealing with and reporting to a Board of Directors. In Episode 2, we consider the average Board of Director’s knowledge of compliance and your game plan going forward. Some of the highlights from the podcast include:

  • Why don’t Boards have a better understanding of the compliance function within their organization?
  • Why do BOD’s have such little knowledge of the CECO role?
  • Why does the BOD tend to focus on what has passed rather forward looking?
  • Does your Board have a compliance game plan?
  • Why does a BOD need to develop a framework for discussing, evaluating, and measuring ethics and compliance?
  • Why should BODs relate ethics and compliance to their companies’ core strategy and be able to have a sufficient point of view to guide and oversee it?

Check out the LRN White Paper What’s the Tone at the Very Top: Board and Compliance: the Role of Boards in Overseeing Corporate Ethics & Complianceby clicking here.