The Compliance Oversight Committee sits between the CCO and the board’s compliance committee, and its role is to provide oversight and review of items such as third-party approvals and renewals, requests for payments from third parties, and significant gift, travel, and entertainment requests from employees. There should be some type of oversight which can be reviewed on a monthly or quarterly basis as part of a company’s management of risk.

As far back as January 2005, the Deferred Prosecution Agreement (DPA) entered between the Department of Justice and the Monsanto Company provided for “the establishment and maintenance of a committee to supervise the review of (I) the retention of any agent, consultant, or other representative for purposes of business development or lobbying in a foreign jurisdiction,” or an oversight committee. It should be clear the role of the compliance oversight committee is not to substitute its judgment for that of the CCO, but rather to provide another level of review to make sure nothing slips through the cracks, which might expose the company to unwanted risk.

The compliance oversight committee should be comprised of persons who are not subordinate to the most senior officer of the department or unit responsible for the relevant transaction; this would include senior representatives from the accounting (or finance) department, compliance & legal departments, and business unit operations. The compliance oversight committee should be designed to review the highest risks to your organization. If your company’s highest compliance risk is third-party relationships, you should focus your compliance committee resources on that.

The compliance oversight review committee is a key tool that can be used by a company to manage its risks. It is another step that can also act as a detect prong and should be employed by companies as an additional protection against any type of compliance and ethics violation slipping through the cracks to become a much larger problem down the road. Companies should implement a compliance oversight review committee and review the systems they have in place to detect risky conduct.