(Illustration by Saul Herrera/iStock)
Dear Boards of Directors: Does your ability to conduct effective compliance oversight in 2014 keep you up at night?
Let’s stipulate the obvious: the ever-increasing legal and ethical complexities of the corporate landscape, too much on the board’s plate and too little agenda time. At the same time, each day brings heightened expectations for board oversight from regulators, investors and other stakeholders, as contemplated under the Federal Sentencing Guidelines and the recent joint Foreign Corrupt Practices Act guidance [PDF] from the U.S Department of Justice and Securities and Exchange Commission. With all this in mind, here are five bite-sized and easily achievable resolutions for the New Year that can significantly sharpen a board’s oversight of its company’s compliance risks and ethical culture:
1. Get Some “Not Your Father’s Board Training”
Step 1 in improving board oversight of compliance is (surprise!) better, more relevant and targeted board training. Period. If past board training has been provided at the 10,000-foot-helicopter level, maybe it’s time to bring the focus back down to Earth and into the modern compliance era. Has the board engaged in scenario discussions to “fire drill” what compliance oversight really looks and feels like? Received a briefing on the best practices of compliance programs of its peers? Been schooled on the right kinds of questions to ask the CCO during executive sessions? Understand how compliance risk assessment should be managed? Taken a deep dive into some of the key compliance risk areas of the organization?
For up-to-date “Not Your Father’s Board Training,” boards should consider enlisting an experienced expert who has actually been a sitting CCO and understands from first-hand experience what boards really need to know to exercise effective oversight of the company’s compliance program. It’s a small investment that could pay off big one day.
2. Commission an External Assessment of the Compliance Program
Most companies involved in headline scandals probably could have benefitted from their boards taking this simple action. To remain effective, even good compliance programs need to be evaluated every few years—according to the Federal Sentencing Guidelines. An outside perspective from an independent expert is not only a recommended best practice, but a clear way for boards to demonstrate to the organization (and if necessary, to prosecutors) that the company takes compliance seriously. There’s value, too, in having the board itself, rather than senior management, commission the assessment. Not only does it set “tone from the top” (actions, not words!), but it’s another way to ensure that the board gets the unfiltered information it needs for its oversight of the company’s compliance risk profile.
3. Focus on the Nuts and Bolts of Incentives
Incentives drive behavior. I’m not saying that compensation or bonus structures can stop a VP of sales that is hell-bent on fixing prices or bribing government officials, but when it comes to senior and line management, incentives can make all the difference between compliance and ethical culture being top of mind, or just a mere afterthought. Incentives can drive ethical culture, which in turn empowers employees to speak up when they see something wrong.
One of the single most meaningful actions boards can take in the compliance arena is to demand that an ethical leadership component be built into the performance evaluation and compensation models for senior and line management. For those who say it can’t be done objectively, that’s so 20 years ago. The compliance profession has developed some excellent models and mechanisms that yield results. My colleague Joe Murphy has written the quintessential white paper explaining the basics here.
4. Schedule Periodic Executive Sessions with the Chief Compliance Officer
If you don’t think an executive session makes a difference in the quality and candor of what you might be hearing from your CCO, think again. One of the smartest things a board can do is to develop a good working relationship with their CCO. How better to attack the “so many issues, so little board time” dilemma? The CCO is the subject matter expert of compliance, ethics and culture, and in these areas, the eyes and ears of the board—and another check and balance against the information carried into the boardroom by select officers and experts.
A compliance-savvy board makes optimal use of its CCO and ensures that they have the empowerment, independence and positioning to do their job well. I know of one Fortune 500 Audit Chair who made a point of having a one-on-one quarterly lunch in the company cafeteria with the CCO. They could have been talking about the weather, but management got the point. And for those who like to throw around the phrase “tone from the top”—well, you can’t send a much stronger message to the organization than a regularly scheduled executive session with your well-positioned CCO. Bullseye.
5. Ask the CEO to Demonstrate What the C-Suite and Line Management are Doing to Actively Support Compliance
There’s a reason that “tone at the top” has made it onto my “banned list” this year. That’s because although the concept is basically sound, too many CEOs and C-suites have taken it to mean “tone from my mouth,” as I’ve written here [PDF]. Words are easy, and too often meaningless. Ethical leadership is hard and requires thoughtful diligence. When management can demonstrate tangible acts, such as rigorous compliance risk assessment, progress against compliance action plans, establishment of compliance leaders embedded in the businesses, or promotions tied in part to measurable ethical leadership, that actually means something. One bite-sized but surefire way the board can encourage CEOs to get beyond mere words is to ask this simple question and monitor the answers. It’s a variation of the basic business rule: what gets measured is what gets done.
No compliance professional would dispute that the job of board directors has gotten exponentially harder as they struggle to meet the modern-day challenges of overseeing their company’s compliance risks and program. But a board that makes some headway through this short list of achievable resolutions in the year ahead will not only turbocharge its oversight, but also demonstrate to potential prosecutors that the board and the company were on their compliance game in 2014.
And with that, I’ll wish a happy 2014 to compliance-savvy boards of directors everywhere!
Donna Boehme is an internationally recognized authority and practitioner in the field of organizational compliance and ethics, designing and managing compliance and ethics solutions worldwide. As principal of Compliance Strategists LLC, Boehme is the former group compliance and ethics officer for two leading multinationals and currently advises a wide spectrum of private, public, governmental, academic and nonprofit entities through her N.J.-based consulting firm.