No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Ethics

The Board’s Overlooked Role in Compliance

Tone at the Top Remains Key

by Douglas Harmon
August 2, 2017
in Ethics, Governance
diverse group of professionals

How Involved is Your Board?

It’s long been said that an effective compliance program can’t exist without a strong culture of ethics and compliance. Also critical is tone from the top, without which there’s no clear directive for the organization and employees on the importance of compliance. The board of directors plays a critical role in setting the right tone. Is your board prepared to serve in this capacity?

As companies have come to accept – and sometimes even embrace – the importance of effective compliance programs, two axioms have taken hold: An effective compliance program cannot exist without a strong ethics and compliance culture; and the corollary: A strong ethics and compliance culture requires the proper “tone from the top.”

Yet, when most companies think “top,” they think C-suite, or more specifically, the chief executive officer. After all, nothing happens without the CEO’s buy-in, right? And the C-suite is where you find many chief compliance officers, or the executive to whom the CCO directly reports. The C-suite is also where decisions are made that determine whether the compliance function is robust, minimalistic or nonexistent, including:

  • The CCO’s line of reporting and job description;
  • The size and sophistication of the CCO’s staff;
  • The funds available to implement and monitor the program and engage outside experts; and
  • Whether employee incentives link seamlessly to company compliance goals.

Often overlooked, however, is the essential role of the board of directors.

Most directors generally understand that their fiduciary duties of care and loyalty include compliance oversight. After all, it has been more than 20 years since the Delaware Court of Chancery held in its famous Caremark decision that directors could, in certain circumstances, be determined to have breached their fiduciary duty and, therefore, be liable for compliance program failures if they knew or should have known about violations and did nothing to prevent – or did not make sure that the company’s systems were reasonably designed to prevent – compliance breaches. The Delaware Supreme Court later held in Stone v. Ritter that a director’s failure to implement and oversee aspects of a compliance program could constitute an indemnifiable breach of the duty of loyalty.

But boards often do not fully grasp how these abstract fiduciary duties translate into concrete compliance program oversight obligations. For example, many boards might be surprised to read this language in Chapter 8 of the Sentencing Guidelines Manual of the U.S. Sentencing Commission:

“The organization’s governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program.”

Similarly, the U.S. Department of Justice’s Evaluation of Corporate Compliance Programs guidance issued this past February asks:

“What compliance expertise has been available on the board of directors? Have the board of directors and/or external auditors held executive or private sessions with the compliance and control functions? What types of information have the board of directors and senior management examined in their exercise of oversight…”

Here’s another quote from Section 9-28.800 of the U.S. Attorneys’ Manual, which addresses the role of corporate compliance programs when considering whether to charge company officers, directors and employees for criminal misconduct:

“[D]o the corporation’s directors exercise independent review over proposed corporate actions rather than unquestioningly ratifying officers’ recommendations; …and have the directors established an information and reporting system in the organization reasonably designed to provide management and directors with timely and accurate information sufficient to allow them to reach an informed decision regarding the organization’s compliance with the law. See, e.g., In re Caremark Int’l Inc. Derivative Litig., 698 A.2d 959, 968-70 (Del. Ch. 1996).”

The point is that enforcement and regulatory agencies, as well as plaintiff’s attorneys, expect boards to be more than just generally aware of the company’s compliance program. While passive words like “knowledgeable,” “reasonable” and “oversight” provide some interpretive wiggle room, there are also plenty of active words and phrases: “exercise…oversight,” “examined,” “held…sessions,” “established,” “reach [a]…decision.”

In any event, most boards do not want to engage in a word-parsing exercise with a zealous government investigator or plaintiff’s attorney following an inevitable compliance breach. (Yes, compliance breaches are inevitable, much like death and taxes, no matter how careful you are.) Much better would be the unequivocal presence of a robust compliance program and a clear track record of active board involvement.

Don’t be lulled into a false sense of security if the board regularly participates in the company’s risk assessment and risk appetite initiatives. Certainly, board-level risk assessments are a fundamental precursor to an effective compliance program, because they help match risk-taking behavior to the board’s strategic vision for the company. Nevertheless, participation in risk assessments, even if active and ongoing, is not sufficient to meet a board’s broader compliance program oversight obligations.

Remembering that effectiveness determinations must endure the penetrating glare of 20-20 hindsight, consider both the quantity and quality of time the board actually spends in compliance oversight:

  • Could each of your directors name the company’s CCO? Do you have a CCO?
  • Does the CCO have direct access to the board and utilize that access regularly?
  • Does the board understand how the compliance function is structured and operates?
  • Is the board satisfied that the company’s compliance function matches up with the company’s strategic plan and risk appetite?
  • Is it enough that the board receives an annual 15-minute, multicolored PowerPoint presentation summarily proclaiming that the company’s compliance house is in order? How about once per quarter?
  • Should the board have a separate risk oversight committee, rather than delegating compliance to its overworked audit committee?
  • Does the board understand its responsibilities in the event of a compliance breach?
  • Does the board periodically review the company’s compliance training program and itself participate in regular compliance training?

So, circling back to our original point, shouldn’t the board, rather than the C-suite, be responsible in the first instance for the company’s “tone from the top?” If it is indeed true that tone is critical to an effective compliance program and that the board has a fiduciary duty to ensure effectiveness, then the answer must be an emphatic “yes.” It is not enough for the board to simply assume without knowing that management has established a proper compliance culture that permeates the entire company. Rather, the board must affirmatively confirm and reconfirm that to be the case.

With compliance nearing the top of C-suite and legal department concerns, directors must consider whether they are providing proper oversight. Would your directors be highly confident that they satisfy the standards articulated above?

Would you be reluctant to ask them?


Tags: Corporate CultureTone at the Top
Previous Post

Even Financial Launches Programmatic Compliance Tool for Online Financial Services Marketing

Next Post

TRACE: The Corrupt Underbelly of Sport

Douglas Harmon

Douglas Harmon

Doug Harmon leads Parker Poe’s Securities & Corporate Governance group and its Public Company Growth & Compliance group and co-leads the Governance, Risk & Compliance group. With more than 30 years of experience, he represents domestic and international public and private entities in a full array of capital markets and finance, merger and acquisition, securities compliance, and corporate governance risk, and compliance matters. He may be reached at 704.335.9020 or dougharmon@parkerpoe.com.

Related Posts

toxic positivity concept melting smiley face

Good Vibes Do Not Always Mean Good Ethics

by Vera Cherepanova
June 18, 2025

Sound ethics can’t exist without a culture of accountability

layoffs woman with carton of items

Beyond Fair WARNing: Regulatory & Reputational Pitfalls of Workforce Reduction

by Nancy Mann Jackson
June 11, 2025

Nearly 700,000 workers have lost jobs this year as companies respond to economic uncertainty, but employment law experts warn that...

elephant vs donkey

MAGA Hats and Pronoun Disputes Test Workplace Speech Boundaries

by Gorev Ahuja
June 10, 2025

Private employers can regulate political expression more freely, but public agencies must navigate a 3-part constitutional test that weighs speech...

doj exterior sign

How to Use the DOJ’s ECCP to Build (or Fix) Your Compliance Program

by Susan Divers
June 5, 2025

Corporate compliance programs face increasing scrutiny as the DOJ applies its evaluation framework across industries and company sizes, from multinational...

Next Post
soccer ball exchanged for money

TRACE: The Corrupt Underbelly of Sport

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights