“A number of high profile corporate scandals at some large and supposedly sophisticated companies have, if nothing else, driven home the fact that no matter how strong you think your corporate compliance and ethics program is, the risk of failure is still there. This month I want to look at this issue from the standpoint of the board of directors.
Right now, there are a number of very concerned directors asking themselves whether they have done all they could, or should, have to prevent this and what are the ongoing risks, not only to the company, but to them personally. True, directors should always be thinking about the institutional risk to the company, but nothing motivates effectiveness like the risk of personal liability.
Ordinarily directors are protected by the business judgment rule which provides that well informed decisions of directors taken after due consideration and in good faith will not be attacked by a court because the decisions turned out wrong. In cases of compliance failures – whether issues of foreign bribery, cartel activity or environmental hazards, to name a few – the issue for a board is usually one of omission. Rarely has a board approved such activity. Rather, the issue is whether it has done everything possible to avoid such conduct. Here are four ideas that can help strengthen the effectiveness of the board in these situations and thus, limit risk.
Interestingly, in many companies directors do not necessarily receive the same compliance training that employees do. Directors may claim they are too constrained by time, or that they, of course, know this material already. Perhaps they do, but even if the directors are compliance experts shouldn’t they know how the employees are trained? How do you measure the effectiveness of a program you have opted out of? In short, directors should go through, at a minimum, the same training employees receive.
But that is not enough. Directors need specialized training, not just in the nuts and bolts that line employees receive but also in the issues at the center of compliance and ethics. Directors need to be focused on the big picture of why a company has a compliance program. They need to know what questions their compliance professionals should be asking, and if directors don’t see this happening, they need to act quickly.
Moreover, at least some of this training should be external to the company. Even if management is well intentioned, it is vital that directors get an occasional different perspective on compliance from that which prevails in the company.
A long discourse of the various pros and cons of possible compliance structures would fill several of these columns. There is an active professional debate out there as to whether or not the chief compliance officer should be separate from the general counsel? Should both ethics and compliance roles be rolled into one position? Where does internal audit fit in? I won’t attempt to evaluate these debates here. Indeed, there may be no one right answer. But the way in which your company structures these roles is vital to your governance and your ability to address compliance and ethics.
Boards of directors should be intimately involved in planning for these issues. Directors should regularly review the existing structure and make sure they are comfortable with it and it is serving the company’s interests. Whatever the specific structure chosen, those primarily responsible for compliance must have direct access to the board or a compliance committee. Given this dictate, you can decide what works for your company. Is your organization hierarchical in nature? Are managers expected to closely follow superiors with little questioning? If so, asking a GC who reports directly to the CEO to also serve as CCO and report to the board may place him or her in an unworkable position. If the CFO uses internal audit as a personal resource how comfortable can the board be that the head of IA would bypass that CFO if the situation called for it? On the other hand, where a company operates in a matrix environment with multiple reporting lines standard, such dual roles and reporting may come naturally.
Most boards of directors do not have separate counsel from the entity they serve. Directors typically rely on the general counsel and regular outside counsel to do their job except in the rare situation such as the need for a special committee and counsel thereto. In general, most boards do not need regular and continuing counsel involved in every decision they make. But that does not mean such outside advice may not be useful some of the time…”
To read the complete article : www.corporatecomplianceinsights.com