How the CEO Can Best Support Compliance
Keeping a tight rein on compliance is the name of the game for every business entity, whether early-stage, family-owned or large multinational. And – while it’s the CEO who ultimately sets the tone – the culture of compliance has a strong foundation in the company’s code of ethics and its business conduct.
One only needs to read the daily news reports to find a plethora of examples of senior executives or their companies facing fines, penalties or worse for failure to comply with applicable legal, accounting or regulatory requirements.
Enforcement proceedings by the U.S. Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority (FINRA), the Public Company Accounting Oversight Board (PCAOB), the U.S. Department of Justice (DOJ) and other bodies have been steadily increasing ever since the financial crisis of 2008 and show no signs of letting up in 2017. A recent report in May published by the Harvard Law School Forum on Corporate Governance and Financial Regulation indicates that SEC enforcement proceedings for the first half of its fiscal year, which begins in October, are on par with 2016. Key areas of focus include broker-dealer matters, securities offerings, insider trading and Foreign Corrupt Practices Act. Whistleblower actions have become more common, and actions against executives for inappropriate conduct are garnering more and more media attention, not to mention significant monetary settlements and employment dismissals.
In February 2017, the Fraud Section of the DOJ issued a paper entitled “Evaluation of Corporate Compliance Programs.” The introduction states that “the United States Attorney’s Manual describes specific factors that prosecutors should consider in conducting an investigation of a corporate entity, determining whether to bring charges and negotiating plea or other agreements. These factors, commonly known as the ‘Filip Factors,’ include ‘the existence and effectiveness of the corporation’s pre-existing compliance program’ and the corporation’s remedial efforts ‘to implement an effective corporate compliance program or to improve an existing one.’” The paper sets out 11 “important topics” for prosecutors to consider in evaluating a company’s corporate compliance program, including the role and behavior of senior management with respect to compliance issues, as well as the engagement of the board of directors in providing oversight.
The culture of compliance – the level of adherence to a set of internal ethical and moral guidelines, as well as to legal and regulatory requirements – within an organization is set by the CEO and has a strong foundation in the company’s code of ethics and business conduct. The CEO should set the tone with a zero-tolerance attitude. When it comes to compliance, the “buck stops here” at the CEO’s desk. A laissez-faire attitude toward, or the failure to address promptly, seemingly insignificant or “uncomfortable” compliance matters could ultimately lead to significant financial penalties and/or adverse media attention, and this may eventually result in the CEO’s downfall. The impact on the organization could be financially significant in terms of market value, adverse publicity, and customer reaction.
As noted in the DOJ’s paper, senior management, through its words and actions, plays a primary role in encouraging, discouraging or simply ignoring the type of misconduct in question. The CEO and his/her senior team are charged with demonstrating leadership in compliance and remediation efforts by taking concrete and swift action once aware of inappropriate conduct. Attempts to brush an issue aside with little more than a slap on the wrist are likely to be viewed as not only ineffective, but more importantly as a shirking of responsibility. The DOJ’s paper puts senior executives on notice that their behavior in serving as a model for the rest of the organization will be subject to close scrutiny.
The CEO must trust and rely upon his/her senior management team to monitor and enforce the organization’s compliance requirements. However, periodic direct communication by the CEO and senior management with the employees on the importance of compliance to the organization’s sustainability as a good corporate citizen is key to reinforcement of the basic principles, as well as a positive cultural tone. This includes transparency of situations that have occurred and the steps the organization is taking to prevent future such instances. Letters and emails are helpful, but should only be used as a last resort given their impersonal nature. Whenever possible, in-person meetings by the CEO and senior management with employees continue to be the most effective method of reinforcement of expected behavioral norms within an organization.
Corporate compliance programs that serve only to fill a regulatory requirement are unlikely to achieve any meaningful impact in encouraging responsible organizational behavior. Just as active program participation from the CEO is critical to setting the right tone, the notable absence of or infrequent involvement from the CEO serves to undermine the efforts of those charged with the program’s administration. CEOs should participate in meetings of the compliance team not only to reinforce the significance of the team’s work, but also to keep a finger on the pulse of potential issues.
The CEO can and should be supported in these efforts by the board of directors as part of its overall oversight function. Compliance expertise on boards is becoming a desired attribute in selection of new directors. Similarly, external legal and audit advisors can assist both the board and senior management in mitigation of risks and resolution of matters.
Compliance programs should be as mainstream as a new employee orientation program. The risks today to any organization are complex and varied, and the consequences can be financially significant. The CEO is not expected to have all the answers, but is expected to seek guidance and advice from experts when circumstances warrant.