Last Friday afternoon I had the opportunity to meet a newly minted chief compliance officer. She had been in the job only one month, was passing through town, and wanted to talk about the current events in compliance over lunch. We settled into a restaurant near my office and began chatting.

“So are you a lawyer?” I asked.

“No, I spent 12 years in the HR department,” she told me. “I’m also a licensed private investigator, and I assume that will help too.”

I thought about that for a moment. “Actually,” I said, “compliance departments want lawyers in the role mostly so they can exercise attorney-client privilege when that legal protection might be necessary. But really, on a daily basis, most of the work is finding the facts behind dumb things employees do. So your background is great, because no matter how clear the rules are, employees do some pretty dumb things.”

Four hours later, Hewlett-Packard announced that Mark Hurd was stepping down as CEO amid a sexual harassment probe.

Of course, in the week since then, we’ve seen all manner of speculation that Hurd’s supposed sins were not nearly as egregious as HP’s board first portrayed them to be. As time passed and more details dribbled out, a counter-story emerged that perhaps HP’s board overreacted—that perhaps directors rushed to fire Hurd because they were more worried about bad publicity than bad conduct, or were looking for an excuse to fire him and impulsively seized on a harassment complaint that wasn’t as strong as they expected. Or maybe Hurd really was the ethical scofflaw the board alleged him to be, billing various travel and personal expenses to HP.

I won’t venture any speculation myself about Hurd’s relationship with the woman in question, Jodie Fisher. (I suspect Mrs. Hurd will conduct an extensive internal investigation of her own.) In fact, even the question of whether Hurd deliberately falsified expense reports or his staff simply goofed on names and dates doesn’t interest me all that much. Those are serious questions for HP’s own compliance department to investigate, but they don’t relate to the broader point I want to raise here.

My point being? Go back to the newly minted compliance officer I met for lunch. Her expertise is in finding the real facts behind alleged misconduct, and determining what punishment may (or may not) be warranted. As HP and Hurd so colorfully demonstrated, even the largest companies, with extensive compliance programs and a genuine awareness that good conduct is important, can still stumble over the basics: What happened? Did misconduct happen? What punishment is appropriate? How do we deliver that punishment in a way that demonstrates our commitment to ethical conduct?

Those questions, and the skills you need to answer them, transcend any particular educational background you might have. Corporate compliance is an endless, often exhausting cycle of repeating the same procedures over and over again. And why do we keep repeating that cycle? Why do even the most successful and high-profile executives (and boards) put themselves in awkward, if not downright stupid, situations?

Well, I can’t help but think of our cover story this week, a Compliance Week editorial roundtable exploring the overlap between legal and compliance functions. We had a fantastic discussion (read the article!), but one point raised at the end stuck with me: that for all our focus on compliance, corporations should worry foremost about ethics—because, in the end, misconduct happens when an employee deliberately decides to break the rules. For all our other talk about exercising privilege during an investigation, or sophisticated monitoring tools, or thorough documentation and reporting, ethics is still the best way to prevent misconduct. Everything else just remedies misconduct after it happens.

And somehow, I think the newly minted compliance officer I met will do just fine.

Compliance Week took to the road again last week, this time hosting an editorial roundtable in Chicago with Thomson Reuters to talk about the overlap of corporate legal and compliance functions. Apparently we hit upon a popular subject; normally our roundtables attract about 12 to 14 compliance executives, but this one had 20 attendees. Conversation was lively, and we’ll have complete coverage of the discussion in our Aug. 3 newsletter. For now, however, let me give a few initial observations.

The general counsel is still the boss. Yes, I know, the revised U.S. Sentencing Guidelines say companies should have an independent compliance function, with a chief compliance officer who answers to the CEO or (ideally) the board. Well, that’s not happening yet. Fourteen of our 20 attendees said they report into the legal function; only two reported directly to the audit committee. Some attendees said their company was in the midst of creating an independent compliance function, but by far and away, corporate compliance was still subordinate to the legal department.

At firs that surprised me, since every best practice in the universe says an independent CCO is vital for compliance. But another theme from the roundtable was that these companies and their leaders do want a strong compliance function; they just don’t know what steps they should take to get there. They are terrified of adopting some organizational structure that can’t be changed easily, should the need arise (say, in a restructuring). They are terrified of leaving ethics and compliance in the hands of someone who isn’t a company lawyer, should an investigation be necessary and the company wants to protect itself with legal privilege. Everyone wants to take incremental steps to achieve strong compliance, but they all start from the general counsel’s office.

Coming soon to a compliance function near you: charters. Two attendees said their companies have charters specifically for the compliance function. This intrigued everyone else, and one of the two said his company adopted a charter to adhere to the U.S. Sentencing Guidelines. Another person quickly shot back: “Wait a minute—we need a charter to be in compliance with the guidelines?”

“Not yet,” the first attendee replied, “but that’s where this is going.”

There’s a lot of wisdom in that response, as cynical as it may be. Charters probably are the way of the future, especially if you’re in a highly regulated industry and want to appear nice and clean to your regulators. At the very least, a charter can’t hurt. It sends a message of seriousness, and if tone at the top really does matter to regulators, then a charter would fit the bill.

So where do charters come from? Apparently one emerging habit (I won’t call it a best practice, but it seems sensible to me) is to crib the language of your internal audit department’s charter, or the language of your audit committee’s charter if you don’t have an internal audit function per se. You’ll want the compliance charter to specify what information about ethics and compliance will be reported to the audit committee. You’ll also want it to specify who gives that information to the committee—which forces the board to address that question of whether compliance is an independent function, or reports into the legal department. There’s a deft piece of office politics for you.

Ethics matters. One attendee approached me just before the roundtable started to ask why Compliance Week doesn’t devote more attention to problems of ethics. I answered honestly: because we’re so busy following all the minutiae of regulatory compliance that we just don’t have time for ethics, and most of our readers are in the same boat. So as much as I enjoy discussing ethics—which I do—why bother? I can’t say I like that answer, but it’s the truth.

Well, as the roundtable closed, this same attendee gave an excellent reason why we should bother. At the end of the day, for all our regulations and policies and procedures and monitoring, misconduct comes down to one employee deciding whether or not to behave in some improper way. We can either monitor that employee (and all the others) constantly, or we can trust him to do the right thing—if he has a good sense of ethics. Or, as this attendee put it, “That’s what I worry about. An ethics problem will trump a compliance problem any time.”

You know, he’s right.

Hooray, Congress passed the Dodd-Frank regulatory reform bill into law last week! Now we can all start speculating about how ineffective, irrelevant and incomplete it is! Right? Um … right?

Here’s the unvarnished truth, folks: Nobody talking about the Dodd-Frank Act today has any idea whether it will really achieve its intended aim of creating a stronger financial system. Not the lawmakers who passed it, nor the special interests who drafted it; not the chattering classes who gabbed about it on CNN and CNBC all weekend long, nor your outside counsel who will keep gabbing about it while billing you $500 an hour. Nobody really knows what the consequences of this law will be—not even me, much to my dismay.

We can, however, describe what the success or failure of all this reform will look like. After all, we know what the Dodd-Frank Act is supposed to do, at least according to the vague sense of public sentiment out there. So I’ve been pondering what we collectively—Corporate America, Congress, and the investing public—will all want to know about the Dodd-Frank Act at some (still undetermined) point in the future. Seven questions came to mind:

• Will it improve how we handle systemic risk?
• Does it embolden enforcement?
• Does it improve corporate governance?
• Will it reduce liquidity risk?
• Does it hold reckless parties accountable for their behavior?
• Will it reduce taxpayer bailouts?
• Will it prevent another financial crisis?

The Bureau of Labor Statistics released a rather intriguing report yesterday that should give compliance and financial reporting executives pause: the labor market is getting tighter.

More people quit their jobs in March (1.87 million) than were laid off (1.83 million). It was the second consecutive month we’ve seen the “quit rate” exceed the pace of layoffs—and while nobody is calling it a trend yet, we last saw this phenomenon in November 2008, just before unemployment started to soar.

Now job growth is back, and higher workforce turnover is likely to come with it. Anyone running a compliance, accounting, or financial reporting department should plan accordingly for two threats.

First is the higher employee turnover you’re likely to see in your own department. Contrary to popular belief, the job market for college-educated workers has remained healthy throughout the recession; unemployment for this group never topped 5 percent. The horrendous unemployment we’ve seen has largely been driven by job losses for low-skilled workers. But the most highly skilled workers—say, a deputy general counsel for compliance or a senior corporate controller—have always remained in demand, and as job prospects continue to improve, they’ll have the first opportunities to go elsewhere.

Worry about that a lot. Compliance Week did a study in 2006 that analyzed material weaknesses at 400 large public companies, and the most common weakness (disclosed by 41.5 percent of the group) was lack of adequate personnel. Yes, we’ve come a long way since then, improving accounting systems and rolling out ethics training and the like. At the same time, however, the expectations placed upon companies have increased as well. We have a thicket of new accounting rules and more on the way, aggressive regulators both at home and abroad, and insidious new IT risks that need to be sealed up. Look at your staff and think about the furloughs imposed, budgets cut, and promotions postponed in the last several years. Are you confident they want to stick around?

The second threat is the higher employee turnover you’re likely to see across the whole of your company. Departing employees take institutional knowledge with them—which includes everything from a commitment to ethical behavior to log-in IDs and passwords that should be deleted. Are your systems ready to accommodate more flux in identity management and user access rights? Is your ethics training budget large enough to accommodate more new employees? Have you drafted a plan to audit the HR department, to be sure the company isn’t violating any hiring practices?

Strategically minded executives have been worried about a stronger job market for a while now. Last year, Compliance Week hosted an editorial roundtable with PricewaterhouseCoopers on how to manage emerging risks: climate change, political instability, market collapses and similar hard-to-assess threats. To my surprise, however, several attendees said they worried most about the looming shortage of labor—skilled labor especially. At the time unemployment was approaching 10 percent nationally (and well above that in some parts of the country), and I thought these folks were a little kooky.

Upon further reflection, I realized they were just thinking ahead. You should do the same.

Sen. James DeMint, R-S.C., has promised to introduce an amendment to the Senate’s proposed regulatory reform bill that would exempt non-accelerated filers from compliance with Section 404(b) of the Sarbanes-Oxley Act.

A Section 404(b) exemption for non-accelerated filers was notably absent from the reform bill unveiled by Christopher Dodd, chairman of the Senate Banking Committee, on Monday. Such an exemption does exist in the regulatory reform bill passed by the House in December, but unless similar language gets shoe-horned into the Senate bill, non-accelerated filers will indeed face compliance with Section 404(b) starting June 15.

Dodd plans to start debate on the bill at a hearing early next week; proposed amendments must be submitted by the end of Friday. Precisely what language DeMint will include in his bill is unclear, but he has promised that it will be at least as vigorous as the language in the House bill—which exempts public companies with market capitalizations below $75 million from Section 404(b), the part of SOX that requires companies to get an external auditor’s attestation to the strength of their internal control over financial reporting.

DeMint’s exact words were “I think we can make it broader,” which is intriguing. Several anti-SOX lawmakers on the House Financial Services Committee originally proposed exempting companies with market caps as large as $700 million, an actual rollback of SOX compliance since those larger filers had already been complying with Section 404(b) for several years. The good governance crowd raised hell over that, which led to the $75 million threshold, since non-accelerated filers haven’t yet begun compliance anyway.

Several questions here. Conspiracy theorists believe the House exemption came as part of a larger bargain: the Obama Administration threw its support behind the Section 404(b) exemption, in exchange for support of another provision to give shareholders access to the proxy statement. The Senate bill also has language allowing proxy access—so is the DeMint amendment part of a similar deal?

In previous years, I’d have guessed yes: Each side introduces amendments the other dislikes, and a bill gets passed that both parties somewhat like; that’s politics. But Senate Republicans have shown a clear pattern since the Obama Administration took office: They demand all sorts of amendments to whatever major legislation is on the floor; Democrats include those amendments in the bill; and then Republicans vote against the larger bill anyway. We saw that with the tax cuts they demanded for the stimulus bill passed in 2009, and we’re seeing it with various reforms to the healthcare bill now.

Politically, that strategy makes good sense for Republicans. They look good to their constituents, they water down the bill in question so much that the Democrats’ constituents hate it, and that clears the path for the Republicans to say, “Everyone hates this bill, so why don’t we start over from scratch?” That is exactly how the Republicans stymied healthcare legislation.

So are Dodd and the Obama Administration going to fall for the same sucker punch again? Dodd did just get sand-bagged by another Republican senator, Robert Corker, who promised support and then bailed out at the last minute; I’m sure he’s annoyed at that. But if the healthcare bill somehow unravels in the next week or two, Democrats will be desperate to show that yes, they can actually get things done.

It’s a mess. But then, that’s Congress.

The long-awaited regulatory reform bill from Sen. Christopher Dodd finally landed with a ponderous thump on desks across Washington, Wall Street and America this afternoon. It clocks in at 1,336 pages, which gives it more physical heft than the reform bill passed by the House (1,289 pages) last December.

The bill will inevitably have more political heft, too, so compliance and governance executives should start giving it a read. (The faint-hearted can start with an 11-page summary the Senate Banking Committee has also posted. You wimps.)

As we’ve all seen from various stories leaked to the media since late last week, the lion’s share of the bill deals revolves around the risk of another large financial firm collapsing as Lehman Brothers did in 2008, and around creation of a Consumer Financial Protection Agency to regulate the financial products sold to the public. Those are complex topics already dissected by other business media elsewhere, so I’ll put them aside for now. We still have plenty of other governance reforms to discuss, so let’s pull out the scalpel and start slicing those into their component parts.

• Self-funding of the SEC (Section 991). Allows the Securities and Exchange Commission to set its own budget, through fees, penalties and other assessments it might impose on SEC registrants. This is the Holy Grail of the commissioners; they have clamored for it for years, and the arguments in favor of a financially independent SEC are compelling. Sen. Chuck Schumer introduced this particular piece of legislation last fall, as well as numerous other governance reforms. The House bill does not include similar language, but it does call for an outside review of SEC operations, including the wonderfully undefined question of “funding.”
• Shareholder proxy access (Section 972). Allows, but does not require, the SEC to adopt a rule allowing shareholders to place nominations for board of directors in the proxy statement. This is the legislative protection the SEC has been wanting, so it can safely proceed with the proxy-access rule it has wanted to pass for months. This is largely in step with language in Section 7222 of the House bill.
• Majority voting in uncontested elections (Section 971). Directs the SEC to pass a rule within one year that orders the stock exchanges to bar any listed companies that don’t require directors to win a majority of votes cast in uncontested elections. (A plurality is still the standard for contested ones.) One caveat: The SEC would have the power to exempt issuers based on size, market capitalization, and so forth, which I presume is to quell the panic non-accelerated filers would have over a rule like this. The House bill does not contain a comparable provision.
• Whistleblower protections (Section 929A). Amends federal law to clarify that yes, whistleblower protections extend even to employees of a public company’s various subsidiary operations. The only stipulation is that the subsidiary’s financial results must be rolled up into the consolidated statements of the parent company. The language does not include any mention either way of employees at foreign subsidiaries. I cannot find any similar language in the House bill.
• Whistleblower rewards (Section 922). Creates a program within the SEC to encourage people to report securities fraud by creating rewards of up to 30 percent of funds recovered based on the information provided. This is similar to the rewards offered under the False Claims Act. It also mirrors language in Section 7203 of the House bill.
• “Comply or explain” for splitting chairman and CEO roles (Section 973). Directs the SEC to pass a rule within six months ordering companies to explain why they do or do not divide the chairman and CEO roles at their company. Since the SEC has already passed other proxy disclosure reforms requiring essentially the same thing, this seems like a moot point to me.

For non-accelerated filers, however, the most important part of the Dodd bill is what is not included: There is no proposal to exempt small public companies from Section 404(b) of the Sarbanes-Oxley Act.

Prudent CFOs at non-accelerated filers should begin panicking now. Yes, a 404(b) exemption is included in the House bill, but Dodd’s bill in the Senate still faces a long, hard legislative slog in coming weeks.

I assume Dodd knows how to pull together the 60 votes he will need to overcome a Republican filibuster, but he will need every single Democrat and at least one Republican to do it—and so far, no Republicans have stepped up to support the bill. The screeching political fights ahead will all deal with the Consumer Financial Protection Agency, expanded powers to the Federal Reserve, new regulation of derivatives trading, and the like. Nobody is talking much about excusing small companies from Section 404(b), since it truly is a relatively obscure matter in the vast sweep of regulatory reform.

Meanwhile, the SEC’s deadline for Section 404(b) compliance—annual reports for fiscal years ending on or after June 15, 2010—now looms less than three months away. If the Dodd bill collapses into chaos or simply ignores the issue, non-accelerated filers could have a nasty surprise in store for them.

The book Money for Nothing can be summed up in one sentence: The boards running corporations in America today are ineffective. But while that sentence may be accurate, it is not news to corporate compliance and governance officers, so those of you looking for a more substantive analysis or solutions to the governance problems you face might want to read elsewhere.

That’s not to say Money for Nothing (Free Press, January 2010, 320 pps., $27) is uninformative or a dull read. On the contrary, for the non-corporate audience—and that’s most of the people in this country—it is a powerful, alarming look at the sorry state of boardrooms. It strings together one wincing picture of ineptitude after another, and demolishes any impression the lay person might have that board directors are intelligent counterweights to CEOs. The authors, John Gillespie and David Zweig, have deep experience either participating in Corporate America or watching it; Gillespie spent nearly 20 years as an investment banker or CFO, and Zweig was a writer at Time Inc. and Dow Jones before founding Salon.com. They know their stuff and have compiled an authoritative, if depressing, review of boardroom culture. I just fear that most Compliance Week readers already know that stuff, too.

The book opens with several examples of misgovernance related to the financial crisis of 2008. We hear the tale of Stanley O’Neal, former CEO of Merrill Lynch, who let his bank flounder and was finally sent packing in 2007 with a severance package worth $161.5 million. Then comes the story of General Motors, whose board bent like a reed to the wishes of CEO Rick Wagoner even though it ostensibly had many of the “good governance” practices in place, and ended in bankruptcy. More examples follow in that first chapter and then throughout the book; no matter what particular complaint Gillespie and Zweig want to make, sadly, Corporate America has some sorry spectacle to prove their point.

Still, fulminations against arrogant CEOs and witless boards are easy fare for business books. Gillespie and Zweig fire more thought-provoking broadsides at their three larger targets: the incestuous culture of corporate elites that keeps churning out inadequate directors; the cannon of business law in Delaware stacked in favor of boards and against shareholders; and the army of auditors, lawyers and consultants who exist to protect the senior management of their clients at, ahem, all costs. This is the corporate world every veteran executive knows and dislikes, but also tries to ignore because no single person (or company, for that matter) has much power to break out of it. Gillespie and Zweig, however, do a low fly-by of this world and depict its shortcomings in all their ugly detail. It’s enough to make any executive squirm and admit that the world we’ve built does not work as well as it should.

All that said, Money for Nothing illuminates the fundamental problems of the modern boardroom more than it answers them. Gillespie and Zweig depend more on anecdote than data to demonstrate a point, and stir up dismay at our present system more than explain how a new one could be built. Their last chapter does propose numerous reforms: forcing directors to keep more of their net worth in the company; splitting the chairman and CEO roles; proxy access for shareholders. Most of those ideas do have merit, but they aren’t anything a compliance officer hasn’t heard before. A few that they mention (a government entity to identify qualified independent directors, for example) border on the outlandish and simply will not happen.

Yet even just illuminating those questions is a worthwhile exercise. How does a board act as both independent monitor of the CEO and a council to advise him or her? How can directors be prodded to take an active role in oversight, when D&O insurance inoculates them from the consequences of bad decisions, but nobody will take the job without insurance? How can companies find strong, independent directors, and then encourage that independence on the board?

Those questions (and many more like them throughout the book) get at the heart of risk management, which ultimately is what corporate compliance and governance executives are paid to worry about. You’re likely to be a bit impatient reading Money for Nothing; you’re likely to breeze halfway into a chapter and find yourself saying, “Yes, yes, I already know this.” But it will also make you ponder, Now what can we do about it? And that counts for something.

Next

Our book selection for April is Switch: How to Change Things When Change Is Hard, by the brothers Chip and Dan Heath. (Broadway Business Press, February 2010, 320 pps., $26.) Expect my review here on April 19.

Meanwhile, leave your own comments about Money for Nothing here, and feel free to suggest other titles for our Compliance Week book club to me at mkelly@complianceweek.com.

Sometimes corporate leaders step up and do the simple, ethical thing, and their tone at the top is a harmonized chorus delightful to hear. Sometimes they do the wrong thing, and their tone is more like a tribal screech of self-interest.

And then there is the messy, jangling, cacophonous governance meltdown otherwise known as Bank of America.

I hesitate to wade through the dueling tales of bad judgment at BofA outlined by the Securities and Exchange Commission on one hand and New York Attorney General Andrew Cuomo on the other. Yes, both regulators accuse the bank of withholding vital information from investors in late 2008 as it struggled to close its acquisition of Merrill Lynch—but the similarities end there. Cuomo essentially accuses BofA’s top leaders of sacking the bank’s former general counsel, Tim Mayopoulos, when he urged the company to disclose Merrill’s rapidly mounting losses in late 2008 before investors voted on the merger. The SEC, in contrast, says the bank’s leadership did act foolishly, but had no intent to hide material facts from investors that should have been disclosed.

That’s the gross over-simplification of all those headlines you’ve been reading for the last few weeks. If you want to dive into the hundreds of pages of court filings related to the case, feel free.

What fascinates (and depresses) me is the apparent lack of concern from senior executives and board directors about the best interests of Bank of America shareholders. If you read through the court filings, the BofA executives come across as manipulating the letter of the law to complete the merger by any means necessary; the boards seemed disengaged, struggling to keep pace with events, and more interested in handicapping who might end up in what role at the surviving entity.

But those two things are not always the same as the best interest of the shareholders, who saw Bank of America stock drop from $35 in September 2008 to $6.50 when the merger closed in January 2009. Those investors also had to swallow $11 billion in losses at Merrill for the fourth quarter alone, while paying Merrill $5.8 billion in bonuses for that, um, memorable performance.

The court documents (I did read them) sift through a dizzying thicket of laws and standards companies must comply with as they struggle through questions about material events and when to disclose them. But to my thinking, Bank of America’s drama embodies the dilemma of the rules-based compliance world we live in—namely, that nobody exercised the leadership to ask, much less answer, the simple question: “If I were a shareholder, would I want to know about this?”

I would want to know. And while Compliance Week’s audience may be full of lawyers and accountants, let’s not kid ourselves: regardless of the law’s specifics, you would too.

That simple, principles-based view of governance is what was missing in the Bank of America debacle. That is why federal judge Jed Rakoff dragged out settlement talks between the bank and the SEC for so long, allowing the settlement to conlude only last week. Shareholders, largely powerless to exercise any control during the meltdown in 2008, wanted some semblance of justice for the merger costs Bank of America leaders forced them to pay. They don’t want dense legal arguments over compliance with the rules; they want simple principles they can understand.

Until corporate leaders understand that and communicate in those simple terms—that is, with a strong tone at the top—expect more fiascos like Bank of America to follow.

*          *          *

And to add a fine coda to this tale, on Friday afternoon Bank of America filed its preliminary proxy statement for 2010. Let’s pluck out a few compensation numbers, remembering that all this was paid out after the Merrill Lynch fiasco closed at the start of 2009 and while the SEC and BofA were sparring with Rakoff in federal court:

• Board director Charles Gifford received $1.78 million in total compensation, including $956,000 worth of aircraft usage, $238,000 in office support, and $293,000 in a tax gross-up for the $956,000 in aircraft use.
• Lewis received a total of $4.21 million in compensation. Wisely, he took no salary or bonus in 2009; $4.18 million of his compensation came from changes in the value of his pension plan, and the rest came largely from $24,000 in financial planning services. (Note to BofA: Quicken Premier is only $89.99.)
• Joe Price, CFO in 2009 and recently re-assigned to run the bank’s consumer banking operations, and who plays a starring role in both the SEC and Cuomo complaints, received $6.12 million in total compensation.
• Chief Risk Officer Gregory Curl, who had been in the running to replace Lewis as CEO, received $10.66 million in total compensation, including $9.3 million in restricted stock. And as everyone on Wall Street already knew, the proxy statement announces that the passed-over Curl will retire at the end of March.
• Brian Moynihan, whom the board ultimately did select to replace Lewis as CEO, earned $6.5 million in total pay last year, including an $800,000 base salary and $5.2 million in restricted stock.

By the way, last year Bank of America cut 6 percent of its workforce, from 302,000 just after the Merrill acquisition to 284,000 by the end of 2009.

Yesterday I wrote about executive compensation as a huge part of corporate governance that can sound a terrible tone at the top if handled poorly. Today I want to write about another, often-overlooked part of governance: CEO succession.

We should see some fresh action on CEO succession this proxy season. The Securities and Exchange Commission set the stage for that expanded discussion last fall, when it published a legal opinion paving the way for shareholders to put resolutions about CEO succession into the company proxy statement. Historically, companies had the discretion to omit such questions from the proxy; now they don’t. The first large company to face one of these shareholder resolutions is Whole Foods Market. At its March 8 meeting, shareholders will vote on whether Whole Foods should report on CEO succession annually.

Why am I such a fan of planning for CEO succession? Because it shows that senior management believes survival of the business is more important than the CEO individually—and that demonstrates a strong, ethical tone at the top. It sends employees, customers and investors the message that the company’s leadership (primarily the board) sees the value inherent in the company as something that exists apart from what the CEO wants to do with the company. It sends the message that the company exists beyond that person atop its organizational chart.

Let’s not forget, after all, that employees generally fear that person at the top of the chart. He or she has huge power to influence the worker’s life, because he has the power to eliminate that person’s job, dole out pay raises, assign interesting work, and so forth. Once employees start perceiving the company as little more than apparatus to serve the CEO’s interests, ego and compensation goals, the culture of ethics and compliance that you’re supposed to have is gone. They need to see tangible proof that the leaders view the business as something separate from themselves.

I do wonder sometimes how a governance advocate within the company, regardless of his or her specific title, can prod a reluctant board to develop stronger succession plans. How do you “audit” tone at the top on practical level? How do you then tell senior management that its tone is poor? Is it really the place of the chief compliance officer or chief audit executive to tell the board what steps it should take to rectify the situation? By definition, a company with poor tone at the top won’t take such news well. I wouldn’t want to be the one delivering it.

We’ve got quite a week of compliance and governance news coming up this week, folks. I can’t recall the last time we’ve seen so many different stars in our particular universe align, so perhaps it’s worth drafting a scorecard for the week:

Shareholder activism and disclosure. Remember that investor advisory committee the Securities and Exchange Commission formed last year? Neither did I, so I was pleasantly surprised to see that the committee will hold its third meeting ever on Monday. On the agenda are reports from various sub-committees—including the “Investor as Owner Subcommittee,” which plans to give its views about Regulation Fair Disclosure, as well as reports on plans for environmental, social, and governance disclosure and on financial reform legislation. Hmmm.

Typically the recommendations that these SEC advisory committees make do carry some influence, and SEC Commissioner Luis Aguilar has already hinted that the Commissioner has big ideas for disclosure at least as it pertains to climate change, which is a stone’s throw from the “ESG” disclosure this committee will discuss. So whatever these people are doing is worth watching.

Bank of America smackdown. Sometime this week—possibly as soon as Monday—federal judge Jed Rakoff should make a ruling in the SEC’s proposed enforcement action against Bank of America. I say “should” because at almost every turn, Rakoff has told the SEC to re-check its homework: draw up stronger sanctions against BofA, provide more evidence, and so forth. What was originally a $33 million settlement reached last year was reborn into a $150 million settlement replete with a raft of governance reforms, and should be great fodder for the next season of “Damages.” Probably it will reach a conclusion Monday. Personally I hope not, because it’s the best governance spat going.

Aside from the obvious implications for Bank of America, the rest of the corporate world should watch this settlement to see just how far other parties can push enforcement settlements. The SEC’s new proposal forces governance reforms such as a say-on-pay vote for shareholders, “super-independence” for the board’s compensation committee, and CEO certification that he has reviewed all information in the proxy statement. And the SEC has proposed those reforms because Rakoff told the agency last year to impose stronger sanctions against BofA. If Bank of America becomes an indicator of enforcement actions yet to come, Corporate America could be in for a rough time.

IFRS! IFRS! We pivot back to the SEC for more news on Wednesday, when the commissioners will hold an open meeting to discuss their latest thinking on adopting International Financial Reporting Standards in the United States. The meeting notice is rather cryptic: the SEC will consider “whether to publish a statement regarding its continued support for a single-set of high-quality globally accepted accounting standards and its ongoing consideration of incorporating IFRS into the financial reporting system for U.S. issuers.” You don’t get much more vague than that.

I suspect the underlying goal will be to dial back expectations that the Commission will move ahead with adoption as originally envisioned in the IFRS roadmap proposed in 2008. That plan called for the Commission to decide in 2011 on whether to require IFRS adoption by 2014, and to allow a select group of large filers to experiment with filing in IFRS as soon as this year. Since then, however, the economy crashed and the SEC has had more pressing issues on its calendar. The select group of large filers who might volunteer to try IFRS conversion never materialized. And the Financial Accounting Standards Board and the International Accounting Standards Board, which keep promising to converge U.S. and international accounting rules by June 2011, still have a huge volume of work in front of them. All that makes speedy progress on IFRS adoption unlikely.

Regulatory reform. Christopher Dodd, chairman of the Senate Banking Committee, may unveil his latest proposal for reforming financial regulation and corporate governance this week. Precisely when this may happen is unknown, but news broke last week that Dodd and the Obama Administration have reached an agreement on creating a “council of regulators” to monitor systemic financial risks rather than one supra-agency. The chairman of the this council would be the treasury secretary, and the vice-chair the head of the Federal Reserve.

Compliance officers should remember several points here. First, a regulator of systemic risk isn’t the major sticking point with the Senate legislation; a consumer financial protection agency is. Dodd’s last proposal died a quick death in November from lack of interest and any hint of Republican support. He has made significant efforts to win support of committee Republicans this time around, but the party as a whole implacably opposes any hint of larger government, which a financial protection agency clearly is. So don’t be surprised if this new bill quickly sinks into the usual Senate quagmire, too.

Second, all this talk of Senate hang-ups over risk regulators still ignores the already-passed House bill, and its provisions to exempt small filers from compliance with Section 404(b) of the Sarbanes-Oxley Act. That 404(b) exemption was not in the first Dodd bill; we’re waiting to see whether it will be in the second one. Either way, reform legislation is still a long, long way from success—and 404(b) compliance goes into effect for small filers on June 15 of this year. As I’ve warned previously, any non-accelerated filer betting that Congress will deliver a permanent 404(b) exemption before that deadline does so at his peril.