Under the U.S. Sentencing Guidelines, the board must exercise reasonable oversight on the effectiveness of a company’s compliance program. The U.S. Department of Justice (DOJ) Prosecution Standards posed the following queries: (1) Do the directors exercise independent review of a company’s compliance program? and (2) Are directors provided information sufficient to enable the exercise of independent judgment? Moreover, the FCPA Guidance requires a CCO to have direct access to the board or an appropriate sub-committee. The guidance also requires a tangible commitment from the top levels of an organization, starting with the board of directors that the company create an ethical culture.
At the board of directors level, a board compliance committee can devote itself exclusively to non-financial compliance, such as FCPA compliance. While many companies have fulfilled these obligations through an audit committee, clearly the better practice is to have a separate compliance committee. The reason is clear: Compliance has become not only central to any well-run business, but it is also critical to overseeing a wider variety of risks than the typical audit committee has experience with, which is usually only aimed towards financial risks.
The board compliance committee should begin its inquiry with a basic: “How do we know it is working?” In other words, is a company’s compliance program living up to the hallmarks of an effective compliance program in the eyes of the government. Here I lay out four areas of more specific inquiry.
The board compliance committee should obtain information on the processes to carry out the compliance function, rather than details on specific compliance issues. Another area the board compliance committee interest should be in is the area of hotlines or other internal reporting mechanisms. The next series of questions deals with the responses to any information which comes to the attention of the company, including such basic inquiries as how are the reports classified and routed. Finally, the board compliance committee must know who is accountable and responsible for each segment of a compliance program.
Today’s regulatory climate band hyper-transparency in social media make a board compliance committee’s task seem Herculean. But more than simply the regulatory climate, shareholders are taking a much more active role in asserting their rights against boards of directors. It is incumbent that boards seek out and obtain sufficient information to fulfill their legal obligations and keep their company off the front page of the New York Times, Wall Street Journal, or Financial Times, just to name a few, to prevent serious reputational damage. A board compliance committee is a good place to start.