The long-awaited regulatory reform bill from Sen. Christopher Dodd finally landed with a ponderous thump on desks across Washington, Wall Street and America this afternoon. It clocks in at 1,336 pages, which gives it more physical heft than the reform bill passed by the House (1,289 pages) last December.

The bill will inevitably have more political heft, too, so compliance and governance executives should start giving it a read. (The faint-hearted can start with an 11-page summary the Senate Banking Committee has also posted. You wimps.)

As we’ve all seen from various stories leaked to the media since late last week, the lion’s share of the bill deals revolves around the risk of another large financial firm collapsing as Lehman Brothers did in 2008, and around creation of a Consumer Financial Protection Agency to regulate the financial products sold to the public. Those are complex topics already dissected by other business media elsewhere, so I’ll put them aside for now. We still have plenty of other governance reforms to discuss, so let’s pull out the scalpel and start slicing those into their component parts.

• Self-funding of the SEC (Section 991). Allows the Securities and Exchange Commission to set its own budget, through fees, penalties and other assessments it might impose on SEC registrants. This is the Holy Grail of the commissioners; they have clamored for it for years, and the arguments in favor of a financially independent SEC are compelling. Sen. Chuck Schumer introduced this particular piece of legislation last fall, as well as numerous other governance reforms. The House bill does not include similar language, but it does call for an outside review of SEC operations, including the wonderfully undefined question of “funding.”
• Shareholder proxy access (Section 972). Allows, but does not require, the SEC to adopt a rule allowing shareholders to place nominations for board of directors in the proxy statement. This is the legislative protection the SEC has been wanting, so it can safely proceed with the proxy-access rule it has wanted to pass for months. This is largely in step with language in Section 7222 of the House bill.
• Majority voting in uncontested elections (Section 971). Directs the SEC to pass a rule within one year that orders the stock exchanges to bar any listed companies that don’t require directors to win a majority of votes cast in uncontested elections. (A plurality is still the standard for contested ones.) One caveat: The SEC would have the power to exempt issuers based on size, market capitalization, and so forth, which I presume is to quell the panic non-accelerated filers would have over a rule like this. The House bill does not contain a comparable provision.
• Whistleblower protections (Section 929A). Amends federal law to clarify that yes, whistleblower protections extend even to employees of a public company’s various subsidiary operations. The only stipulation is that the subsidiary’s financial results must be rolled up into the consolidated statements of the parent company. The language does not include any mention either way of employees at foreign subsidiaries. I cannot find any similar language in the House bill.
• Whistleblower rewards (Section 922). Creates a program within the SEC to encourage people to report securities fraud by creating rewards of up to 30 percent of funds recovered based on the information provided. This is similar to the rewards offered under the False Claims Act. It also mirrors language in Section 7203 of the House bill.
• “Comply or explain” for splitting chairman and CEO roles (Section 973). Directs the SEC to pass a rule within six months ordering companies to explain why they do or do not divide the chairman and CEO roles at their company. Since the SEC has already passed other proxy disclosure reforms requiring essentially the same thing, this seems like a moot point to me.

For non-accelerated filers, however, the most important part of the Dodd bill is what is not included: There is no proposal to exempt small public companies from Section 404(b) of the Sarbanes-Oxley Act.

Prudent CFOs at non-accelerated filers should begin panicking now. Yes, a 404(b) exemption is included in the House bill, but Dodd’s bill in the Senate still faces a long, hard legislative slog in coming weeks.

I assume Dodd knows how to pull together the 60 votes he will need to overcome a Republican filibuster, but he will need every single Democrat and at least one Republican to do it—and so far, no Republicans have stepped up to support the bill. The screeching political fights ahead will all deal with the Consumer Financial Protection Agency, expanded powers to the Federal Reserve, new regulation of derivatives trading, and the like. Nobody is talking much about excusing small companies from Section 404(b), since it truly is a relatively obscure matter in the vast sweep of regulatory reform.

Meanwhile, the SEC’s deadline for Section 404(b) compliance—annual reports for fiscal years ending on or after June 15, 2010—now looms less than three months away. If the Dodd bill collapses into chaos or simply ignores the issue, non-accelerated filers could have a nasty surprise in store for them.

The book Money for Nothing can be summed up in one sentence: The boards running corporations in America today are ineffective. But while that sentence may be accurate, it is not news to corporate compliance and governance officers, so those of you looking for a more substantive analysis or solutions to the governance problems you face might want to read elsewhere.

That’s not to say Money for Nothing (Free Press, January 2010, 320 pps., $27) is uninformative or a dull read. On the contrary, for the non-corporate audience—and that’s most of the people in this country—it is a powerful, alarming look at the sorry state of boardrooms. It strings together one wincing picture of ineptitude after another, and demolishes any impression the lay person might have that board directors are intelligent counterweights to CEOs. The authors, John Gillespie and David Zweig, have deep experience either participating in Corporate America or watching it; Gillespie spent nearly 20 years as an investment banker or CFO, and Zweig was a writer at Time Inc. and Dow Jones before founding Salon.com. They know their stuff and have compiled an authoritative, if depressing, review of boardroom culture. I just fear that most Compliance Week readers already know that stuff, too.

The book opens with several examples of misgovernance related to the financial crisis of 2008. We hear the tale of Stanley O’Neal, former CEO of Merrill Lynch, who let his bank flounder and was finally sent packing in 2007 with a severance package worth $161.5 million. Then comes the story of General Motors, whose board bent like a reed to the wishes of CEO Rick Wagoner even though it ostensibly had many of the “good governance” practices in place, and ended in bankruptcy. More examples follow in that first chapter and then throughout the book; no matter what particular complaint Gillespie and Zweig want to make, sadly, Corporate America has some sorry spectacle to prove their point.

Still, diatribes against arrogant CEOs and witless boards are easy fare for business books. Gillespie and Zweig fire more thought-provoking broadsides at their three larger targets: the incestuous culture of corporate elites that keeps churning out inadequate directors; the cannon of business law in Delaware stacked in favor of boards and against shareholders; and the army of auditors, lawyers and consultants who exist to protect the senior management of their clients at, ahem, all costs. This is the corporate world every veteran executive knows and dislikes, but also tries to ignore because no single person (or company, for that matter) has much power to break out of it. Gillespie and Zweig, however, do a low fly-by of this world and depict its shortcomings in all their ugly detail. It’s enough to make any executive squirm and admit that the world we’ve built does not work as well as it should.

All that said, Money for Nothing illuminates the fundamental problems of the modern boardroom more than it answers them. Gillespie and Zweig depend more on anecdote than data to demonstrate a point, and stir up dismay at our present system more than explain how a new one could be built. Their last chapter does propose numerous reforms—forcing directors to keep more of their net worth in the company; splitting the chairman and CEO roles; proxy access for shareholders—but most of their ideas are nothing a compliance officer hasn’t heard before. A few (a government entity to identify qualified independent directors, for example) border on the outlandish and simply will not happen.

Yet even just illuminating those questions is a worthwhile exercise. How does a board act as both independent monitor of the CEO and a council to advise him or her? How can directors be prodded to take an active role in oversight, when D&O insurance inoculates them from the consequences of bad decisions, but nobody will take the job without insurance? How can companies find strong, independent directors, and then encourage that independence on the board?

Those questions (and many more like them throughout the book) get at the heart of risk management, which ultimately is what corporate compliance and governance executives are paid to worry about. You’re likely to be a bit impatient reading Money for Nothing; you’re likely to breeze halfway into a chapter and find yourself saying, “Yes, yes, I already know this.” But it will also make you ponder, Now what can we do about it? And that counts for something.

Next

Our book selection for April is Switch: How to Change Things When Change Is Hard, by the brothers Chip and Dan Heath. (Broadway Business Press, February 2010, 320 pps., $26.) Expect my review here on April 19.

Meanwhile, leave your own comments about Money for Nothing here, and feel free to suggest other titles for our Compliance Week book club to me at mkelly@complianceweek.com.

Sometimes corporate leaders step up and do the simple, ethical thing, and their tone at the top is a harmonized chorus delightful to hear. Sometimes they do the wrong thing, and their tone is more like a tribal screech of self-interest.

And then there is the messy, jangling, cacophonous governance meltdown otherwise known as Bank of America.

I hesitate to wade through the dueling tales of bad judgment at BofA outlined by the Securities and Exchange Commission on one hand and New York Attorney General Andrew Cuomo on the other. Yes, both regulators accuse the bank of withholding vital information from investors in late 2008 as it struggled to close its acquisition of Merrill Lynch—but the similarities end there. Cuomo essentially accuses BofA’s top leaders of sacking the bank’s former general counsel, Tim Mayopoulos, when he urged the company to disclose Merrill’s rapidly mounting losses in late 2008 before investors voted on the merger. The SEC, in contrast, says the bank’s leadership did act foolishly, but had no intent to hide material facts from investors that should have been disclosed.

That’s the gross over-simplification of all those headlines you’ve been reading for the last few weeks. If you want to dive into the hundreds of pages of court filings related to the case, feel free.

What fascinates (and depresses) me is the apparent lack of concern from senior executives and board directors about the best interests of Bank of America shareholders. If you read through the court filings, the BofA executives come across as manipulating the letter of the law to complete the merger by any means necessary; the boards seemed disengaged, struggling to keep pace with events, and more interested in handicapping who might end up in what role at the surviving entity.

But those two things are not always the same as the best interest of the shareholders, who saw Bank of America stock drop from $35 in September 2008 to $6.50 when the merger closed in January 2009. Those investors also had to swallow $11 billion in losses at Merrill for the fourth quarter alone, while paying Merrill $5.8 billion in bonuses for that, um, memorable performance.

The court documents (I did read them) sift through a dizzying thicket of laws and standards companies must comply with as they struggle through questions about material events and when to disclose them. But to my thinking, Bank of America’s drama embodies the dilemma of the rules-based compliance world we live in—namely, that nobody exercised the leadership to ask, much less answer, the simple question: “If I were a shareholder, would I want to know about this?”

I would want to know. And while Compliance Week’s audience may be full of lawyers and accountants, let’s not kid ourselves: regardless of the law’s specifics, you would too.

That simple, principles-based view of governance is what was missing in the Bank of America debacle. That is why federal judge Jed Rakoff dragged out settlement talks between the bank and the SEC for so long, allowing the settlement to conlude only last week. Shareholders, largely powerless to exercise any control during the meltdown in 2008, wanted some semblance of justice for the merger costs Bank of America leaders forced them to pay. They don’t want dense legal arguments over compliance with the rules; they want simple principles they can understand.

Until corporate leaders understand that and communicate in those simple terms—that is, with a strong tone at the top—expect more fiascos like Bank of America to follow.

*          *          *

And to add a fine coda to this tale, on Friday afternoon Bank of America filed its preliminary proxy statement for 2010. Let’s pluck out a few compensation numbers, remembering that all this was paid out after the Merrill Lynch fiasco closed at the start of 2009 and while the SEC and BofA were sparring with Rakoff in federal court:

• Board director Charles Gifford received $1.78 million in total compensation, including $956,000 worth of aircraft usage, $238,000 in office support, and $293,000 in a tax gross-up for the $956,000 in aircraft use.
• Lewis received a total of $4.21 million in compensation. Wisely, he took no salary or bonus in 2009; $4.18 million of his compensation came from changes in the value of his pension plan, and the rest came largely from $24,000 in financial planning services. (Note to BofA: Quicken Premier is only $89.99.)
• Joe Price, CFO in 2009 and recently re-assigned to run the bank’s consumer banking operations, and who plays a starring role in both the SEC and Cuomo complaints, received $6.12 million in total compensation.
• Chief Risk Officer Gregory Curl, who had been in the running to replace Lewis as CEO, received $10.66 million in total compensation, including $9.3 million in restricted stock. And as everyone on Wall Street already knew, the proxy statement announces that the passed-over Curl will retire at the end of March.
• Brian Moynihan, whom the board ultimately did select to replace Lewis as CEO, earned $6.5 million in total pay last year, including an $800,000 base salary and $5.2 million in restricted stock.

By the way, last year Bank of America cut 6 percent of its workforce, from 302,000 just after the Merrill acquisition to 284,000 by the end of 2009.

Yesterday I wrote about executive compensation as a huge part of corporate governance that can sound a terrible tone at the top if handled poorly. Today I want to write about another, often-overlooked part of governance: CEO succession.

We should see some fresh action on CEO succession this proxy season. The Securities and Exchange Commission set the stage for that expanded discussion last fall, when it published a legal opinion paving the way for shareholders to put resolutions about CEO succession into the company proxy statement. Historically, companies had the discretion to omit such questions from the proxy; now they don’t. The first large company to face one of these shareholder resolutions is Whole Foods Market. At its March 8 meeting, shareholders will vote on whether Whole Foods should report on CEO succession annually.

Why am I such a fan of planning for CEO succession? Because it shows that senior management believes survival of the business is more important than the CEO individually—and that demonstrates a strong, ethical tone at the top. It sends employees, customers and investors the message that the company’s leadership (primarily the board) sees the value inherent in the company as something that exists apart from what the CEO wants to do with the company. It sends the message that the company exists beyond that person atop its organizational chart.

Let’s not forget, after all, that employees generally fear that person at the top of the chart. He or she has huge power to influence the worker’s life, because he has the power to eliminate that person’s job, dole out pay raises, assign interesting work, and so forth. Once employees start perceiving the company as little more than apparatus to serve the CEO’s interests, ego and compensation goals, the culture of ethics and compliance that you’re supposed to have is gone. They need to see tangible proof that the leaders view the business as something separate from themselves.

I do wonder sometimes how a governance advocate within the company, regardless of his or her specific title, can prod a reluctant board to develop stronger succession plans. How do you “audit” tone at the top on practical level? How do you then tell senior management that its tone is poor? Is it really the place of the chief compliance officer or chief audit executive to tell the board what steps it should take to rectify the situation? By definition, a company with poor tone at the top won’t take such news well. I wouldn’t want to be the one delivering it.

We’ve got quite a week of compliance and governance news coming up this week, folks. I can’t recall the last time we’ve seen so many different stars in our particular universe align, so perhaps it’s worth drafting a scorecard for the week:

Shareholder activism and disclosure. Remember that investor advisory committee the Securities and Exchange Commission formed last year? Neither did I, so I was pleasantly surprised to see that the committee will hold its third meeting ever on Monday. On the agenda are reports from various sub-committees—including the “Investor as Owner Subcommittee,” which plans to give its views about Regulation Fair Disclosure, as well as reports on plans for environmental, social, and governance disclosure and on financial reform legislation. Hmmm.

Typically the recommendations that these SEC advisory committees make do carry some influence, and SEC Commissioner Luis Aguilar has already hinted that the Commissioner has big ideas for disclosure at least as it pertains to climate change, which is a stone’s throw from the “ESG” disclosure this committee will discuss. So whatever these people are doing is worth watching.

Bank of America smackdown. Sometime this week—possibly as soon as Monday—federal judge Jed Rakoff should make a ruling in the SEC’s proposed enforcement action against Bank of America. I say “should” because at almost every turn, Rakoff has told the SEC to re-check its homework: draw up stronger sanctions against BofA, provide more evidence, and so forth. What was originally a $33 million settlement reached last year was reborn into a $150 million settlement replete with a raft of governance reforms, and should be great fodder for the next season of “Damages.” Probably it will reach a conclusion Monday. Personally I hope not, because it’s the best governance spat going.

Aside from the obvious implications for Bank of America, the rest of the corporate world should watch this settlement to see just how far other parties can push enforcement settlements. The SEC’s new proposal forces governance reforms such as a say-on-pay vote for shareholders, “super-independence” for the board’s compensation committee, and CEO certification that he has reviewed all information in the proxy statement. And the SEC has proposed those reforms because Rakoff told the agency last year to impose stronger sanctions against BofA. If Bank of America becomes an indicator of enforcement actions yet to come, Corporate America could be in for a rough time.

IFRS! IFRS! We pivot back to the SEC for more news on Wednesday, when the commissioners will hold an open meeting to discuss their latest thinking on adopting International Financial Reporting Standards in the United States. The meeting notice is rather cryptic: the SEC will consider ”whether to publish a statement regarding its continued support for a single-set of high-quality globally accepted accounting standards and its ongoing consideration of incorporating IFRS into the financial reporting system for U.S. issuers.” You don’t get much more vague than that.

I suspect the underlying goal will be to dial back expectations that the Commission will move ahead with adoption as originally envisioned in the IFRS roadmap proposed in 2008. That plan called for the Commission to decide in 2011 on whether to require IFRS adoption by 2014, and to allow a select group of large filers to experiment with filing in IFRS as soon as this year. Since then, however, the economy crashed and the SEC has had more pressing issues on its calendar. The select group of large filers who might volunteer to try IFRS conversion never materialized. And the Financial Accounting Standards Board and the International Accounting Standards Board, which keep promising to converge U.S. and international accounting rules by June 2011, still have a huge volume of work in front of them. All that makes speedy progress on IFRS adoption unlikely.

Regulatory reform. Christopher Dodd, chairman of the Senate Banking Committee, may unveil his latest proposal for reforming financial regulation and corporate governance this week. Precisely when this may happen is unknown, but news broke last week that Dodd and the Obama Administration have reached an agreement on creating a “council of regulators” to monitor systemic financial risks rather than one supra-agency. The chairman of the this council would be the treasury secretary, and the vice-chair the head of the Federal Reserve.

Compliance officers should remember several points here. First, a regulator of systemic risk isn’t the major sticking point with the Senate legislation; a consumer financial protection agency is. Dodd’s last proposal died a quick death in November from lack of interest and any hint of Republican support. He has made significant efforts to win support of committee Republicans this time around, but the party as a whole implacably opposes any hint of larger government, which a financial protection agency clearly is. So don’t be surprised if this new bill quickly sinks into the usual Senate quagmire, too.

Second, all this talk of Senate hang-ups over risk regulators still ignores the already-passed House bill, and its provisions to exempt small filers from compliance with Section 404(b) of the Sarbanes-Oxley Act. That 404(b) exemption was not in the first Dodd bill; we’re waiting to see whether it will be in the second one. Either way, reform legislation is still a long, long way from success—and 404(b) compliance goes into effect for small filers on June 15 of this year. As I’ve warned previously, any non-accelerated filer betting that Congress will deliver a permanent 404(b) exemption before that deadline does so at his peril.

For a while now I’ve wanted to start a Compliance Week book club. We get a small but steady stream of books here at CW Central Command examining corporate governance from various angles—some of them quite good, others clearly hitching a brief ride on the governance bandwagon until the fad that propels their pages slips away. Either way, books trying to tackle compliance and governance are a legitimate niche in the best practices and guidance out there, and deserve attention.

So today we’re going to start paying some of that attention. First up is Too Big to Save? by Robert Pozen. (Wiley, November 2009, 480 pps. $29.95)

Pozen attempts nothing less than to diagnose the problems that caused the financial crisis—like, all of them—and propose solutions. Normally I would be skeptical that anyone could do that well, but Pozen has the credentials to try. He’s currently chairman of MFS Investment Management, a $150 billion asset-management firm. He served as economic development secretary for Massachusetts under former Gov. Mitt Romney, and as chairman of the Securities and Exchange Commission’s advisory committee to improve financial reporting in 2007. I also had the opportunity to interview Pozen when he was a keynote speaker at Compliance Week’s annual conference in 2008, and can vouch that whether you agree with him or not, he has a fiercely insightful intellect and practical wisdom worth considering.

That said, this book is not for the timid or unalert reader. The causes of the financial crisis are complex stuff, and Pozen doesn’t shy away from responding with complex prose. He never overwhelms with jargon or bores with irrelevant detail, but the chapters do often feel like passages from the reading comprehension exam on the SAT. They are mentally demanding, but also lucid, straightforward and in plain language. (The chapters also have key points or sentences bold-faced, and a summary at the end recapping main themes. Really, if Pozen had just used high-gloss paper and tripled the price, he could have called it a textbook.) Keep your wits about you and be prepared to re-read complicated points as necessary, and you’ll do just fine.

The first half of the book dissects how the financial crisis occurred, reviewing each contributing weakness in our financial system in turn and then offering ideas on how to fix it. Pozen names all the usual suspects—corrupt mortgage originators, lax regulators, myopic legislators in Congress, shameless credit-rating agencies—but also gives a rich history of how those suspect elements came to be. For example, by everyone knows that the federal government pushed the idea of home ownership to reckless extremes, but how many know that Department of Agriculture tax credits were part of that push? And everyone knows that excessive bank lending introduced terrible risks to our financial system, but how many people know where banks’ capital reserve requirements come from, or why those reserve rules weren’t stronger?

Those questions are the sort Pozen tries to answer (plus many more). He goes beyond simply identifying the culprits that caused our financial crisis, to paint a picture of the policy climate that let those culprits exist and thrive. And remember, that policy climate is what we need to change if we don’t want the world to go through all this again.

Another large portion of the book gives that same analysis to the 2008 bailout of our financial system, and Pozen pulls no punches. He catalogs the long list of programs the Treasury Department and Federal Reserve have concocted to keep the financial system alive, and ultimately dismisses most as flawed efforts that expose the U.S. taxpayer to risks he doesn’t know about and doesn’t deserve. That is not to say Pozen toes the pro-consumer party line; at best, he is a non-partisan critic whose ideas would incense both ends of the political spectrum, which probably means he’s doing something right.

He opposes restoration of the Glass-Steagall Act or anything like it, as well as higher limits on insurance for bank deposits. But he does support more regulation of, say, money market funds (indeed, I read his chapter calling for greater regulation on the exact day the SEC adopted the changes he had advocated), and wants banks to carry contingent reserves to cover surprise loan losses—an idea that would bring scowls from accounting purists since it would allow banks to manage earnings. And while loan securitization has gained a bad name in the last two years, he accepts the bald fact that securitization is vital to our economic prosperity, so we can’t simply dispose of it. Pozen repeatedly demonstrates that his only concern is what works and makes sense, not what is pure or popular.

Only at the end did I find the book start to wear thin, when Pozen shifted gears to talk more about corporate governance challenges in the future and less about financial regulation in the present. Here he sounded all the usual tones, advocating shareholder advisory votes on executive pay and stronger boards of directors, and so forth. He also strove to carve out a middle ground on difficult issues like fair-value accounting or international cooperation to improve the regulatory system—which might be wise, but will not be easy.

Pozen is at his best in the first three-quarters of the book, where he chains together one punishing fact after another about how the financial crisis occurred, giving the reader a precise, vivid understanding of the problem. Then he deftly slips in a few straightforward suggestions about how the system should work, and the reader can’t help but think that this guy is spot-on.

Next

I will try to post a new book review on the third Monday of every month. Next up is Money for Nothing, an indictment of corporate boards by John Gillespie and David Zweig. (Free Press, January 2010, 320 pps. $27.)

Meanwhile, leave your own comments about Too Big to Save here, and feel free to suggest other titles for our Compliance Week book club to me at mkelly@complianceweek.com.

Chief compliance officers may want to re-read that old copy of The Prince and go for the office power grab in 2010. Apparently all the cool kids in corporate governance support you already.

Within the last several months, we’ve seen numerous signs—regulatory settlements, best practices guides, proposed revisions to the U.S. Sentencing Guidelines—that federal regulators and the governance-industrial complex now believe a corporation’s top compliance overseer should report straight to the CEO, if not straight to the board. First was the Justice Department’s settlement with Pfizer Corp. last fall over improper drug marketing. The most interesting part of the deal (other than the $2.3 billion fine) was a lengthy corporate integrity agreement specifying that the chief compliance officer report directly to the CEO and meet with the audit committee of the board at least quarterly. The wording was clear:

“The chief compliance officer shall be a member of senior management of Pfizer, shall report directly to the chief executive officer of Pfizer, shall make periodic (at least quarterly) reports regarding compliance matters directly to the Pfizer audit committee, and shall be authorized to report on such matters to the audit committee at any time. The chief compliance officer shall not be, or be subordinate to, the general counsel or chief financial officer.”

Next came fresh guidance from the Institute of Internal Auditors, calling for a company’s chief audit executive to report functionally to the board of directors and administratively to the CEO; no chief accounting or chief financial officers should block the way. On a mechanical level that may cause some confusion about how an internal auditor can audit the compliance efforts his boss oversees, but the IIA’s broad goal is clear: give audit executives clear access to the top level of the corporation.

Most recent and most significant, however, are the U.S. Sentencing Commission’s proposed revisions to the Federal Sentencing Guidelines. As Compliance Week notes in our latest coverage this week, the Sentencing Commission is pondering whether to allow a company that meets specific criteria to receive credit for having an effective compliance program, even if a high-level executive is involved in the wrongdoing. (Currently, a company in that particular mess cannot.) And the very first criterion the Commission proposes? “The person with operational responsibility for the compliance program reports directly to the board or one of its committees.”

Across all of these developments, the clear intent is to drive home the practical application of everyone’s favorite compliance phrase, “tone at the top.” If you want to demonstrate to regulators, shareholders, auditors and anyone else that your tone at the top is good, giving your compliance point-person complete, unfettered access to the top is part of that tone.

To some extent, Corporate America seems to be embracing that message. Not long ago we saw several polls of chief compliance officers that found a sharp increase in the number of companies appointing a designated, full-time chief ethics and compliance officer—and more companies ensuring that person is only the ethics and compliance officer, with no other title or responsibilities. One of the polls, from the Society of Corporate Compliance and Ethics, also found that 55 percent of respondents said their compliance officer reports directly to the CEO.

Still, I suspect that a majority of CCOs do not report directly to the CEO, let alone directly to the board. And I wonder just how comfortable boards will feel with this arrangement, too; in a world where the board and the CCO have primary responsibility for creating effective compliance programs, the board and the CCO may well have primary blame when a compliance failure occurs. Yes, the offending employee (whether he is a corrupt CEO, an errant plant manager or anyone else) also carries legal liability—but all too often, that person is long gone when his or her misbehavior causes the corporation to crumble, or pays a penalty grossly underwhelming compared to the harm done to the stock price. Regulators, investors and the public will still be standing at the front gate shouting, “Who allowed this to happen?” They’ll be staring at the board, and staring at you.

Heavy is the head that wears the crown, I suppose. But then, anyone who’s read The Prince would know that.

Covering the news of corporate compliance is a ceaseless job, and one to which I sacrifice myself constantly. Therefore, when the Securities Regulation Institute’s annual conference rolled around this week, I immediately headed to the airport. That it is held in sunny San Diego every winter is mere coincidence.

The first day’s discussions were dominated by two debates: a morning session pondering how regulators can, ahem, “resolve” systemic risks to the financial system; and an afternoon session on the future of shareholder access to the proxy system—a future rapidly coming to a reality near you, rest assured. Let me take both in turn, and then note a common theme to both that compliance officers everywhere should watch.

The problem of systemic risk (the polite name for banks too big to fail) is a serious one that, frankly, the Securities and Exchange Commission doesn’t yet know how to solve. Indeed, much of the discussion in the morning grappled with exactly what systemic risk is, where it comes from, and how to corral multiple regulators both inside and outside the United States to manage it in one cohesive approach.

Some of the most piercing comments came from Henry Hu, director of the SEC’s new Division of Risk, Strategy and Financial Innovation. For several years Hu has been raising alarms about the idea of “decoupling,” where derivative financial instruments can distill the economic value of a security from its legal holder and allow them to be controlled by two different people—so while the SEC monitors the legal holder, the real risk of how the derivative might behave resides with some other person who exercises economic control. That divorced dynamic, Hu says, is why so many people failed to understand the true risks of credit default swaps, collateralized debt obligations, and all the other funky instruments that caused so much havoc in 2008.

Hu has clear marching orders from SEC Chairman Mary Schapiro to think about how regulators should manage risk threats like that, and yesterday he gave some clear hints about his thoughts: Regulators need to regulate the practical effects of the risks, not the legal entities that generate them or ostensibly own the offending financial instruments. That means more standardization of what the derivatives are, more centralized clearing facilities to track where they’re going, and so forth—essentially, more regulation of process and outcome, rather than more regulation of required disclosure.

Remember that concept. We’ll be returning to it shortly.

The afternoon was dominated by a lively debate over shareholder access to the proxy statement. The SEC has proposed giving some shareholders the right to place nominations for board director into the proxy statement, and a final rule is expected later this spring. (When? Nobody knows, and none of the SEC officials on hand yesterday offered any clues.) Corporations detest the idea, fearing that director elections will become political free-for-alls with special interest candidates ripping board consensus apart. Shareholder activists love the idea, saying it will give them the power that they, as owners of the company, deserve.

John Olson, a senior partner at the law firm Gibson, Dunn & Crutcher, neatly boiled down Corporate America’s opposition to this: Companies don’t object to “private ordering,” where shareholders or boards can propose and decide for themselves whether to allow proxy access; but they fiercely oppose the SEC forcing all companies to allow proxy access, which “creates a right that you never had before.”

Ann Yerger, executive director of Council of Institutional Investors, countered that proxy access is really about disclosure of all available choices to the shareholder; all director nominees should be listed in the proxy statement, as one single, impartial source of information investors. Her one-liner: “It’s about disclosure, and what voters need to make a voting decision.”

The tie-breaker in this debate was SEC Commissioner Elisse Walter. She admitted that the SEC “is very tied up in knots over whether this is a disclosure rule, or whether it creates a right.” In her observation, Walter said, the proxy process had created so many encumbrances that it now thwarts shareholder efforts to nominate directors. She even described proxy access as “a negative rule,” meaning its intention will be to tell companies “to get out of the way” and let shareholders have access to the proxy.

Walter’s comments are what brings me back to Henry Hu, and his warning that regulators should police the outcome of risks rather merely encourage proper disclosure of risks—because Walter is essentially voicing the same concern, but regarding shareholder power. If the SEC simply allows private ordering, does that really give shareholders adequate opportunity to review all their choices, considering how corporations (with all the resources at their disposal) can shout down opposing shareholders and their nominees? What is the practical effect at the end of the day? The practical effect of private ordering is not much, so corporations should brace themselves for a mandate to allow proxy access.

And they should also start thinking a lot more about the practical effects of SEC rulemaking on many other topics—because, clearly, the new leadership at the SEC is already doing just that.

Shortly after that Nigerian nitwit tried to blow up a U.S. airliner on Christmas Day, I was listening to a talk radio program discussing the federal government’s response and all the new security procedures airline passengers will inevitably be asked to endure: more questioning at the security checkpoint, less freedom of movement on the plane, full-body frisks, millimeter-wave scans peering under your clothes. The host of the program asked her guests, “Will citizens of the United States really put up with procedures so invasive?”

One of the guests immediately responded: “The public doesn’t really care much if the procedures are invasive. They want procedures that are intelligent.”

Compliance officers, auditors, board directors, and governance enthusiasts, take note.

In many instances, after all, policies exist because at some point in the past, intelligence failed. Somebody didn’t notice a young Muslim man, whose name was on at least one terror-watch list, paying cash for an airline ticket. And because that rather self-evident alarm went unnoticed, we now have a new policy that every single terror tip must be investigated. New procedures to comply with that policy will be invented and enforced on government agents, who will slip into the dreaded check-the-box mentality—all because we didn’t use common sense in the first place, when we should have.

Which brings us back to corporate compliance, and our recent story: “Companies Brace for Slew of New Proxy Disclosures.”

We all know the sorry story that led the Securities and Exchange Commission to publish these rules: executive compensation growing larger and larger, even when most of the economy has been wrecked by recession for more than two years; and shareholders feeling more and more frustrated in their inability to achieve changes they want, despite a clear sense among everyone of what they want. (Mostly, they want more reasonable levels of executive pay.)

Boards and executives could have prevented much of the strain of the last two years, including the new proxy disclosures just stuffed down your throat, by delivering a more intelligent tone at the top. That tone isn’t just communicating “we enforce these rules seriously”—it’s communicating the message that “we understand what decent conduct looks like, and we intend to deliver it.”

If you want a recent example of failure to deliver that tone, look to that old chestnut of corporate bungling, AIG. Last month we witnessed the departure of AIG’s general counsel, Anastasia Kelly, because she was unhappy that the government wanted to cut her total compensation. Kenneth Feinberg, the Treasury Department’s point-man on executive pay at companies taking government bailout money, announced that Kelly’s compensation would be cut to $500,000. She balked, and led a group of AIG executives out the door (with a severance package worth $3.8 million).

Yes, Kelly was contractually entitled to more than $500,000 in compensation—but with tens of millions of Americans underemployed, and AIG taking more than $100 billion in taxpayer bailouts, that doesn’t matter. The intelligent, ethical tone to set would have been a gracious statement accepting the lower salary. If Kelly wants to work at the top of Corporate America, voicing that tone is the price you pay.

Instead, Kelly (like many other executives) sent the wrong tone. Public outrage still boils away. And regulators like the SEC chisel that outrage into more intrusive policies about executive pay disclosures in the proxy statement. Clearly, despite all our progress in governance in the last decade, we still have a long road ahead before we’ve mastered tone at the top. Expect more intrusive policies until we do.

You may need to dust off some old brain cells to recall (I did), but the 2000s began with recession, financial meltdown and radical legislative overhauls from Congress to fix corporate governance. Next came years of struggle to master the new contours of corporate compliance, complete with policy spats at the Securities and Exchange Commission, enforcement actions from the Justice Department, and briefings galore to corporate boards confused about their new duties in a new era.

And then we ended the decade right back where we started: with recession, financial fraud, and radical legislative overhauls from Congress to fix corporate governance.

Will the 2010s be the same, with more confusion to come and then more repeating of mistakes we already made? I hope not… but I suspect they will.

Congress has already demonstrated, yet again, its constant prediliction to surrender to special interests. The financial reform bill that seems destined to become law would scuttle Sarbanes-Oxley compliance for small companies and endangered the independence of the Financial Accounting Standards Board. It would also establish a new bureaucracy in the Consumer Financial Protection Agency, whose jurisdiciton and enforcement power are still unclear, and pave the way for new shareholder activism and emboldened SEC enforcement. In my opinion, only the end of SOX compliance for small companies and the changes to FASB oversight are clearly bad ideas—but many, many more provisions in the reform legislation are unclear ideas, which for compliance officers is pretty much equal to “bad.”

Equally ominous were the legal fireworks at the Supreme Court earlier this month. In the space of two days, we saw plaintiffs make compelling cases that both the Public Company Accounting Oversight Board and the legal theory of “honest services fraud” (a key tool to prosecute white-collar crime) are unconstitutional. By later this spring we may well see both overturned. How might that change the day-to-day challenges of chief audit executives, chief compliance officers and audit committees? Nobody really knows. But those decisions will drop another big heap of uncertainty on your plate.

And those are just the headaches for bread-and-butter compliance issues you’ve been worried about for years. We haven’t even started with the new challenges coming for climate change, privacy, social media, risk management and more. In every sense of the phrase, the 2010s have not even started yet.

Compliance Week will continue to delve into all of those issues as always. Already we have plans to address them at our 2010 annual conference (coming this May!), as well as by Webcast, podcast, online blogging and old-fashioned print reporting. Last year we also launched our executive roundtables to let you, the front-line fighters in compliance, gather in person and discuss the problems you face; that series has been hugely popular, and will continue in 2010 and beyond.

Despite all that, however, Compliance Week still needs your input and intelligence about what’s happening out there and what you need to know. Are we following the right issues? Is there other data or analysis you need? Always feel free to drop me a line at mkelly@complianceweek.com.

Good luck with the new year and the new decade. If the 2000s were any indicator, we’re all going to need it.