Categories
31 Days to More Effective Compliance Programs

Legal requirements of the Board regarding compliance


Welcome to this month’s offer of 31 Days to a More Effective Compliance Program. This month I will focus on the Board of Directors and its role in an effective compliance program. At the end of August, you will not only have a good summary of the basics of a best practices compliance program for a Board of Directors but information that you can incorporate into your compliance regime.
Case law. As to the specific role of best practices in the area of general compliance and ethics, one can look to Delaware corporate law for guidance. The case of In Re Caremark International Inc., 698 A.2d 959, (Del. SCt. 1996) was the first case to hold that a Board’s obligation “includes a duty to attempt in good faith to assure that a corporate information and reporting system, which the board concludes is adequate, exists, and that failure to do so under some circumstances may, in theory at least, render a director liable for losses caused by non-compliance with applicable legal standards.”
2020 FCPA Resource Guide, 2nd edition and U.S. Sentencing Guidelines. A Board’s duty under the FCPA is well-known. In the  FCPA Resource Guide, 2nd edition, there are two specific references to the obligations of a Board. The first, in Hallmark No. 1, states: “Within a business organization, compliance begins with the board of directors and senior executives setting the proper tone for the rest of the company.” The second is found under Hallmark No. 3 and notes that the CCO should have “direct access to an organization’s governing authority, such as the board of directors and committees of the board of directors (e.g., the audit committee).” Further, under the U.S. Sentencing Guidelines, the Board must exercise reasonable oversight on the effectiveness of a company’s compliance program. The DOJ’s Prosecution Standards posed the following queries: 1) Do the Directors exercise independent review of a company’s compliance program? and 2) Are Directors provided information sufficient to enable the exercise of independent judgment?
From the Delaware cases, a Board must not only have a corporate compliance program in place but actively oversee that function. Further, if a company’s business plan includes a high-risk proposition, there should be additional oversight. In other words, there is an affirmative duty to ask the tough questions. The specific obligations set out regarding the FCPA drive home these general legal obligations down to the specific level of the statute.
Three key takeaways:

  1. The Delaware courts have led the way with the In Re Caremark and Stone v. Ritter decisions.
  2. Note the obligations of the Board under the Ten Hallmarks of an Effective Compliance Program.
  3. The U.S. Sentencing Guidelines also require Board involvement and oversight.

A special thanks to this month’s sponsor, Affiliated Monitors, Inc. 

 

Categories
31 Days to More Effective Compliance Programs

The Board of Directors investigation protocol


Many companies have an investigation protocol in place when a potential compliance violation or other legal issue arises. However, many Boards of Directors do not have the same rigor when it comes to an investigation, which should be conducted or led by the Board itself. The consequences of this lack of foresight can be problematic, because if a Board does handle an investigation right, the consequences to the company, its reputation and value can be quite severe. The SEC considers a variety of factors around corporate investigations including: Did management, the board or committees consisting solely of outside directors oversee the review? Did company employees or outside persons perform the review? If outside persons, have they done other work for the company?
There is also a SOX role in internal investigations, most particularly for audit. Section 301 establishes certain requirements for Audit Committees, including: (1) Procedures for receipt, retention, and treatment of complaints received by the issuer regarding accounting, internal accounting controls, or auditing matters; (2) Procedures regarding the confidential, anonymous submission by employees of the issuer of concerns regarding questionable accounting or auditing matters; (3) Authority to engage independent counsel and other advisers, as it determines necessary to carry out its duties; and (4) Funding to engage advisors as it deems appropriate.
Three key takeaways:

  1. The Board should have a written protocol for investigations prepared in advance.
  2. Any Board led investigation must be both credible and objective.
  3. The investigation must be thorough but the Board can be cost effective.
Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Internal Controls – Board of Directors’ oversight as an internal control

Is a Board of Directors a compliance internal control? The clear answer is yes. In the 2020 FCPA Resource Guide, Hallmarks of an Effective Compliance Program, there are two specific references to the obligations of a Board in a best practices compliance program. One states, “Within a business organization, compliance begins with the Board of Directors and senior executives setting the proper tone for the rest of the company.” The second is found under the Hallmark entitled “Oversight, Autonomy and Resources,” which says the CCO should have “direct access to an organization’s governing authority, such as the Board of Directors and committees of the Board of Directors (e.g., the audit committee).”

Further, under the U.S. Sentencing Guidelines, the Board must exercise reasonable oversight on the effectiveness of a company’s compliance program. The DOJ Prosecution Standards posed the following queries: Do the directors exercise independent review of a company’s compliance program, and are directors provided information sufficient to enable the exercise of independent judgment? The DOJ’s remarks drove home to me the absolute requirement for Board participation in any best practices or even effective anti-corruption compliance program.
Three key takeaways:

  1. Board oversight over the compliance function is a separate internal control so document it and use it.
  2. Board must perform oversight over your company’s internal controls.
  3. Does your Board use the five principles for involvement in compliance internal controls?

For more information on how to build out a best practices compliance program, including internal controls, check out The Compliance Handbook, 3rd edition.

Categories
31 Days to More Effective Compliance Programs

Day 5 | The Board and operationalizing compliance

In addition to a company’s senior management, there is a Board of Directors at the top. Yet the role of the Board is different than that of senior management. For the Board of Director, the Evaluation of Corporate Compliance Programs – Guidance Document (2019 Guidance) stated:

Oversight – What compliance expertise has been available on the board of directors? Have the board of directors and/or external auditors held executive or private sessions with the compliance and control functions? What types of information have the board of directors and senior management examined in their exercise of oversight in the area in which the misconduct occurred?
 The DOJ Antitrust Division’s Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations (Antitrust Compliance Program Guidance) was even more explicit in announcing   their expectation for robust Board oversight of a corporate compliance function.  The Antitrust Compliance Program Guidance stated “For the antitrust compliance program to be effective, those with operational responsibility for the program must have sufficient autonomy, authority, and seniority within the company’s governance structure, as well as adequate resources for training, monitoring, auditing and periodic evaluation of the program.  The Antitrust Compliance Program Guidance then went on to ask the following questions: Who has overall responsibility for the antitrust compliance program?  Is there a chief compliance officer or executive within the company responsible for antitrust compliance?  If so, to whom does the individual report, e.g., the Board of Directors, audit committee, or other governing body?  How often does the compliance officer or executive meet with the Board, audit committee, or other governing body?  How does the company ensure the independence of its compliance personnel? 
 Three key takeaways:

  1. The DOJ Evaluation requires active Board of Director engagement and oversight around compliance.
  2. Board communication on compliance is a two-way street; both inbound and outbound.
  3. Does the Board of Directors have a Compliance Expert?
Categories
PHorensically Speaking

PHorensically Speaking-Episode 8: Crisis Management

Some of the biggest mistakes made when handling a crisis are not dealing with the problem head on, thoughtless or insincere comments, lack of communication with stakeholders, unprepared spokespeople, getting defensive after receiving backlash, or, sitting back and letting the problem grow. Domino’s, Sony, Samsung, BP, United Airlines, Equifax, KFC, are all good examples of companies who stumbled with crisis management.  Organizations should study these crises and learn from the mistakes!  In this podcast Jonathan Marks provides an overview of crisis management and its elements – prepare, respond, contain, recover, and remediate. He also discusses the board of directors role.

Categories
Across the Board

Across the Board – Episode 1: What’s the Tone at the Very Top

In this special 5-part podcast series, I visit with David Greenberg, Special Advisor at LRN. We take a deep dive into the LRN White Paper entitled, “What’s the Tone at the Very Top: Board and Compliance: The Role of Boards in Overseeing Corporate Ethics & Compliance”. In this podcast series we explore the white paper in depth and provide the Chief Compliance Officer and compliance practitioner with succinct and practical tips for educating, dealing with and reporting to a Board of Directors. In Episode 1 we introduce the topic of what’s the tone at the very top of your organization. Some of the highlights from the podcast include:

  • What’s the role of the Board around compliance and ethics?
  • Why is it important for the Board to actively oversee a C&E program?
  • What is the biggest disconnect between the BOD and the compliance function?
  • Board members should think of compliance as beyond FCPA and Sarbanes-Oxley, yet there understanding is members’ fuzzy at best.
  • Board members understand what auditors do, but they often do not understand compliance enough to ask intelligent questions.”

Check out the LRN White Paper What’s the Tone at the Very Top: Board and Compliance: the Role of Boards in Overseeing Corporate Ethics & Complianceby clicking here.

Categories
Across the Board

Across the Board – Episode 3: Not Enough Time/Not Enough Depth

In this special 5-part podcast series, I am visiting with David Greenberg, Special Advisor at LRN. We take a deep dive into the LRN White Paper entitled, “What’s the Tone at the Very Top: Board and Compliance: The Role of Boards in Overseeing Corporate Ethics & Compliance”. In this podcast series we explore the white paper in depth and provide the Chief Compliance Officer and compliance practitioner with succinct and practical tips for educating, dealing with and reporting to a Board of Directors. In Episode 3, we consider many CECO’s concern that Boards do not dedicate sufficient time and priority to compliance nor go into sufficient depth into compliance programs and potential outcomes . Some of the highlights from the podcast include:

  • Why don’t Boards put in more time around E&C programs?
  • Why is compliance often the last item on the Board agenda and equally as often, left off for later?
  • CECOs want to be challenged by their Boards but often are not.
  • Does your Board have a compliance game plan?
  • Why don’t BODs go deeper into E&C programs? How would they do so?
  • Are Boards even asking the right questions?

Check out the LRN White Paper What’s the Tone at the Very Top: Board and Compliance: the Role of Boards in Overseeing Corporate Ethics & Complianceby clicking here.

Categories
Across the Board

Across the Board – Episode 5: The Road Ahead

Over this special 5-part podcast series, I have visited with David Greenberg, Special Advisor at LRN. We take a deep dive into the LRN White Paper entitled, “What’s the Tone at the Very Top: Board and Compliance: The Role of Boards in Overseeing Corporate Ethics & Compliance”. In this podcast series we explore the white paper in depth and provide the Chief Compliance Officer and compliance practitioner with succinct and practical tips for educating, dealing with and reporting to a Board of Directors. In this fifth and final episode, we look at the road ahead. The White Paper stated, “Over time, the gulf between CECOs and boards should be bridgeable. We believe the bridge should be built quickly. The sooner that CECOs have the board’s ear – and that directors are fully aware of what CECOs and the initiatives they lead can bring to the table –the stronger and more resilient their companies will be.
Some of the highlights from the podcast include:

  • What practical steps should be taken to engage the board more actively and effectively in ethics and compliance oversight?
  1. More time, higher priority, stronger signals from boards in ethics and compliance oversight.
  2. Boards need to question whether ethics and compliance are genuinely integral to business operations.
  3. Elevate the CECO and establish direct and confidential reporting lines?
  • What lays on the road ahead?

Check out the LRN White Paper What’s the Tone at the Very Top: Board and Compliance: the Role of Boards in Overseeing Corporate Ethics & Complianceby clicking here.

Categories
Across the Board

Across the Board – Episode 2: BOD Understanding and the Game Plan

In this special 5-part podcast series, I am visiting with David Greenberg, Special Advisor at LRN. We take a deep dive into the LRN White Paper entitled, “What’s the Tone at the Very Top: Board and Compliance: The Role of Boards in Overseeing Corporate Ethics & Compliance”. In this podcast series we explore the white paper in depth and provide the Chief Compliance Officer and compliance practitioner with succinct and practical tips for educating, dealing with and reporting to a Board of Directors. In Episode 2, we consider the average Board of Director’s knowledge of compliance and your game plan going forward. Some of the highlights from the podcast include:

  • Why don’t Boards have a better understanding of the compliance function within their organization?
  • Why do BOD’s have such little knowledge of the CECO role?
  • Why does the BOD tend to focus on what has passed rather forward looking?
  • Does your Board have a compliance game plan?
  • Why does a BOD need to develop a framework for discussing, evaluating, and measuring ethics and compliance?
  • Why should BODs relate ethics and compliance to their companies’ core strategy and be able to have a sufficient point of view to guide and oversee it?

Check out the LRN White Paper What’s the Tone at the Very Top: Board and Compliance: the Role of Boards in Overseeing Corporate Ethics & Complianceby clicking here.

Categories
Across the Board

Across the Board – Episode 4: Metrics and Senior Management

In this special 5-part podcast series, I am visiting with David Greenberg, Special Advisor at LRN. We are taking a deep dive into the LRN White Paper entitled, “What’s the Tone at the Very Top: Board and Compliance: The Role of Boards in Overseeing Corporate Ethics & Compliance”. In this podcast series we explore the white paper in depth and provide the Chief Compliance Officer and compliance practitioner with succinct and practical tips for educating, dealing with and reporting to a Board of Directors. In Episode 4, we look metrics which a BOD should consider and how a Board should oversee senior management around ethics, compliance and culture.
Some of the highlights from the podcast include:

  • CECOs want their boards will send stronger signals to executive management about the importance of embedding ethics and compliance in the company’s business.
  • CECOs want boards to hold management more accountable for ethics and compliance
  • A BOD should ask management ‘What have you done to assure compliance. Show me.’
  • Why should a Board be concerned about metrics around culture?
  • What measures should a Board employ for culture and ethics?

Check out the LRN White Paper What’s the Tone at the Very Top: Board and Compliance: the Role of Boards in Overseeing Corporate Ethics & Complianceby clicking here.