Where does “tone at the top” start? It is with public and most private U.S. companies at the Board of Directors. But what is the role of a company’s Board in compliance? First, a Board should not engage in management but oversee a CEO and senior management. The Board asks hard questions, risk assessment, and identification.
These factors can be easily adapted to compliance and ethics risk management oversight. Initially, it must be necessary that the Board receive direct access to such information on a company’s policies on this issue. The Board must have quarterly or semi-annual reports from a company’s CCO to either the Audit Committee or the Compliance Committee. Every Board should create a Compliance Committee to deal with compliance issues, as an Audit Committee may more appropriately deal with financial audit issues. A Board Compliance Committee can devote itself exclusively to non-financial compliance. The Board’s oversight role should be to receive regular reports on the company’s compliance program’s structure, actions, and self-evaluations. From this information, the Board can oversee any modifications to managing FCPA risk that should be implemented.
Three key takeaways:
- A Board Compliance Committee should provide oversight, not management.
- A CCO should use multiple reports to communicate with the Board Compliance Committee.
- Board Compliance Committee oversight makes companies more efficient and profitable.
