Bringing Corporate Compliance to the C-Suite
When and how are corporate executives held accountable for fraud and other corporate crimes? Does a sense of accountability exist in the C-suite, and if so, does it translate into compliance training for a companys top leaders? What behavioral risks do boards of directors need to address among senior managers?
The RAND Corporation symposium Culture, Compliance and the C-Suite took on these questions earlier this month. While the eagerly awaited symposium report isnt due out until later this summer, CorpCounsel.com got a sneak peek at three of the white papers that will be included for your compliance-and-ethics reading pleasure, courtesy of Compliance Strategists.
"Each year RAND focuses on a single leading-edge topic in compliance and ethics, and this year Culture and Crime in the C-Suite was the obvious choice given the repeat business top execs have given to the world of corporate scandal, says symposium co-chair and Compliance Strategists principal Donna Boehme, whos also a CorpCounsel.com columnist. We felt it was time to explore the elephant in the room: the C-suite and its sometimes ambiguous relationship with the internal compliance and ethics program. "
Or, as Bryan Cave partner Scott Killingsworth puts it in his paper on C-suite culture [PDF] (more on which below), Where high stakes, strong temptations, vast power, extreme pressure, a fast pace, complex problems and ambitious people come together with few external restraints, could anything major go wrong?"
If the (resounding) answer is yes, some have questioned what law enforcement is actually doing about individual executives. But Stanley Soya, a partner at Pepper Hamilton, argues in his paper [PDF] that even in the age of deferred- and non-prosecution agreements (DPAs and NPAs) between the government and corporate entities, settlements dont ignore executives responsibilities or their behaviors.
For one thing, DPAs, which have proliferated since 2003, dont grant amnesty to individuals. Prosecutions of responsible executives take time to investigate and develop and may occur years after a DPA, Soya cautions, adding: Companies that enter into a DPA are required to cooperate with the [Department of Justice] in prosecutions of responsible corporate executives.
And, as per HSBCs massive settlement with the DOJ last December, prosecutors expect to see that compliance officers have direct access to the board, and that executive compensation policies be tied to compliance standards. Implementing these requirements voluntarily deserves serious consideration by any company seeking to enhance its C&E program, and to manage risk associated with the potential for fraud in the C-suite, Soya says.
Both Killingsworth and Michael Volkov, who heads the Volkov Law Group (and is an occasional contributor to CorpCounsel.com), use their white papers to take more direct aim at risky behaviors in the C-suiteand what boards need to do about it.
For Volkov, the problem is that while compliance programs are focused on employees, they often ignore executive management.
In many corporate compliance programs, he writes [PDF], beyond broad statements of commitment to ethical conduct, the only meaningful detail relating to C-suite compliance is the requirement that the companys board and the officers participate in a one-hour training program.
But the presumption that simply communicating an ethical tone at the top to employees will protect C-suite officersor the company as a wholefrom compliance risks is dangerous. Case in point, says Volkov, is the resignation last year of both Best Buys CEO and board chair. Not only was chief executive Brian Dunn having an affair with a subordinate, but the chair failed to report his knowledge of the alleged relationshipviolating Best Buys own compliance requirements.
All of this occurred at a company that boasted many compliance best practices: An ethicist was on its board of directors; the ethics officer, Kathleen Edmond, had a website promoting her work and outlook; and the company was committed to transparency and compliance at every level except the C-suite, Volkov says.
For Killingsworth, whose paper lays out a fascinating social-psychological profile of the C-suite environs, its a wonder that this combustible mixture of C-suite pressures and temptations with intractable human frailties doesnt actually explode very often.
But the fact that it can and does warrants more involvement by directors. The board doesnt need to play compliance cop to senior managers, Killingsworth writes, but they should be setting positive examples: selecting good leaders in the first place, working closely and supportively with a chief compliance officer, and modeling ethical behavior to management.
Deal with small problems conspicuously now, and you may not have to deal with big problems later, Killingsworth advises.
Volkov also says a companys commitment to compliance and ethical conduct starts with the boardand needs to extend across all levels of the company. Such culture is more likely to emerge when employees believe that tone at the top is matched by meaningful controls and consistent enforcement, he says.