Under the U.S. Sentencing Guidelines, the board must exercise reasonable oversight on the effectiveness of a company’s compliance program. The U.S. Department of Justice (DOJ) Prosecution Standards posed the following queries: (1) Do the directors exercise independent review of a company’s compliance program? and (2) Are directors provided information sufficient to enable the exercise of independent judgment? Moreover, the FCPA Guidance requires a CCO to have direct access to the board or an appropriate sub-committee. The guidance also requires a tangible commitment from the top levels of an organization, starting with the board of directors that the company create an ethical culture.
At the board of directors level, a board compliance committee can devote itself exclusively to non-financial compliance, such as FCPA compliance. While many companies have fulfilled these obligations through an audit committee, clearly the better practice is to have a separate compliance committee. The reason is clear: Compliance has become not only central to any well-run business, but it is also critical to overseeing a wider variety of risks than the typical audit committee has experience with, which is usually only aimed towards financial risks.
