As government agencies issue more comprehensive guidelines for oversight and amid shifting compliance demands over time, boards see need for more regular reviews
Board accountability is a buzz term in recent governance discussions, fueling greater attention to such things as director evaluations and shareholder engagement in order to improve performance and avoid or mitigate activist investor campaigns. These campaigns have increasingly aimed at replacing directors on allegations of failure to fulfill their fiduciary duties through appropriate oversight of companies’ business strategies. The wholesale replacement of Darden Restaurants’ board last year sent a clear signal to board members that they need to take a harder look at their oversight in all areas.
More involvement by the board is needed across many different areas, but compliance in particular, says Donna Dabney, executive director of the governance center at the Conference Board. ‘We’re increasingly seeing a criminalization of corporate behavior and fines that are astronomical,’ she says, which has consequences not only for a company’s finances but also its reputation.
The fact that most boards are no longer satisfied with an annual checkup on their firm’s compliance function attests to the increased priority compliance is getting in the boardroom as accountability comes under sharper scrutiny. In NYSE Governance Services’ recent Board of Directors’ Compliance & Ethics Survey, 39 percent of respondents say there are four regularly scheduled meetings of the CEO and the board, including board committees, and 38 percent report five or more meetings per year.
At Baker Hughes, the board’s audit/ethics committee, which has oversight responsibility for compliance, receives a compliance report from the chief compliance officer before each regularly scheduled in-person committee meeting, which occurs at least four or five times a year, says Alan Crain, senior vice president and chief legal and governance officer, in an email. These reports are among several ‘vehicles and channels through which ethics and compliance issues and updates are shared with and reviewed by the committee,’ he adds.
Guiding hands
Some government agencies think board oversight of compliance is not as rigorous as it could be. In April the US Department of Health and Human Services’ Office of Inspector General (OIG) issued a revised and more comprehensive set of guidelines to help healthcare providers’ boards more successfully oversee their compliance programs.
In a June report, NAVEX Global called this ‘a landmark document that draws from the Federal Sentencing Guidelines (FSG), the OIG’s compliance program guidance documents and OIG corporate integrity agreements.’ NAVEX believes the OIG guidance, though directed at healthcare boards, can help boards in any industry or geographic region and cites similar guidance by the Bank of England’s Prudential Regulation Authority.
Although the OIG guidance does not include setting the tone for a firm’s culture, NAVEX says ‘the state of the culture is the best evidence of compliance program effectiveness.’ It cites the 2004 amendments to the FSG, which recognize the key role company culture plays in promoting compliance and ethics.
Although it’s unclear what boards could do to monitor corporate culture and foster more ethical behavior, Dabney says it’s becoming more important for them to try. She cites the US Justice Department’s (DoJ) decision against Barclays for collusion in setting foreign exchange rates. ‘The DoJ for the first time said it would be lenient toward Barclays because of its compliance program,’ Dabney says. ‘The bank had implemented something that would change the culture of the company so that it would be more focused on behaving in an ethical way.’
Company policy for incentive compensation is relevant here, as is the level of pressure managers and employees feel they’re under to meet targets. ‘People want to perform well. Often, if there’s too much pressure to meet unrealistic deadlines or objectives, you may have people cutting corners to do it,’ Dabney explains. ‘It’s important for board members to get a direct, firsthand impression of how things are working [to get] a feeling for who the employees are and what’s driving them.’
Some boards augment the information they get from the CCO by hiring outside law firms to conduct independent third-party evaluations of the compliance function. Baker Hughes regularly schedules such periodic reviews, which include recommendations for proposed changes and improvements, Crain says. ‘The audit/ethics committee is responsible for reviewing this third-party report and providing recommendations and feedback to the [CCO] for improvements in the program,’ he notes.
Changing needs
Susan Ellen Wolf, founder and CEO of Global Governance Consulting, recommends that the board’s regularly scheduled discussion of its compliance function delve into practical aspects such as leadership and budget. The board should review how comfortable it is with the CCO’s experience and performance as the company grows.
Take the example of a relatively small company, primarily US-based, in a highly regulated industry that doesn’t have many challenges. ‘You may have someone who’s a fine compliance officer for that company and then maybe you acquire two or three other companies and all of a sudden you’re global and much larger,’ says Wolf. ‘Then you have different kinds of compliance challenges like teaching non-US people about compliance with US law. So you have to say, Does the existing person really have the [capability] for what we need or do we need someone who has global experience or experience motivating people to comply with [policies] they’ve never had to before?’
There may also be reasons to reconsider the compliance budget based on the function’s performance the prior year. ‘If you’re seeing compliance lapses and, after looking into things with internal audit, [you find] it wasn’t just a rogue employee somewhere, but a case of some message not taking hold with either a part of the world or a type of employee, and you know the tone at the top is sincere, but somehow there’s this breakdown, [you might decide] it makes more sense to have a higher-level compliance person embedded in this part of the world’ as part of the management team that can help deliver the compliance objectives there, Wolf explains.
Hotline calls
Another red flag boards must be ready to act on is a paucity of hotline calls as shown in a compliance report. Most companies receive a healthy number of ‘nuisance calls’ even if there’s no problem, says Wolf. It also makes sense to ask questions if a compliance lapse has been caught by a regulator rather than internally through a hotline call or an alternate channel. Rather than the board getting into a lot of granular detail, it might hire someone to review and report on how the company’s programs stack up against best practices at other companies.
‘I saw one of the big four accounting firms do that kind of analysis for a client and it was very helpful in reassuring the board that things were being done well,’ says Wolf. ‘It also reaffirmed the board’s initial thought that the compliance function was working as well as it should be.’ She further recommends that the board check-up should include a general discussion of any compliance failures in the company and the industry over the past year, with comments from management about how such failures might be avoided in the future.
This article appeared in the fall 2015 print issue of Corporate Secretary Magazine