The importance of an effective compliance program is well established, and companies understand the benefits of such a program, including avoidance of legal and regulatory violations, satisfying the expectations of regulators and possibly reducing penalties in the event a problem arises, protection of corporate assets and reputation and helping to promote and foster a positive role in the community. Equally understood should be the important role that Boards of Directors must play with respect to corporate compliance programs.
The obligations of Boards concerning corporate compliance programs are derived from a variety of sources. For example, the U.S. Federal Sentencing Guidelines specify that an organization’s governing authority “shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program” (http://www.ussc.gov/guidelines-manual/2012/2012-8b21). Similarly, “A Resource Guide to the U.S. Foreign Corrupt Practices Act” by the U.S. Department of Justice and the U.S. Securities and Exchange Commission (http://www.justice.gov/criminal/fraud/fcpa/guide.pdf) states concisely that “compliance begins with Boards of Directors and senior executives setting the proper tone for the rest of the company.” Delaware corporate law, SEC and stock exchange regulations, the Sarbanes-Oxley Act and Board and committee charters are all additional sources that create obligations of Boards in establishing, promoting and overseeing corporate compliance programs.
Against this backdrop, companies of all sizes have implemented compliance programs. The scope and sophistication of these programs vary by company based on a range of factors, including the nature of activities, the manner of product distribution and the geography of operations. These programs will also vary by company in terms of effectiveness. In many cases, companies will have programs that, on quick inspection, contain all the required elements, including policies and procedures, dedicated personnel, training programs and channels for employee communication. However, in many instances, these programs may only be “paper programs” that lack any real punch. These typically exist in companies that view compliance narrowly and as being forced upon them by legal or regulatory requirements. Despite the benefits of a robust compliance program, in these companies, compliance is something to be endured and seen as nothing more than costs to be suffered and minimized to the greatest extent possible.
By contrast, some companies truly embrace compliance. In those cases, the issue becomes more than merely a question of minimum compliance with the law, extending to ethics, as well. For these companies, the compliance program will not be of interest solely to legal and compliance personnel. Rather, the company will be operated pursuant to an ethics and compliance framework that is truly a meaningful part of the company; indeed, it is at the core of the company’s culture. These are the programs that will be most successful – successful in their fundamental function of preventing criminal acts, but more than that, they are successful in fostering a positive attitude and sense of pride among employees, successful in building strong relationships with suppliers and customers and successful in building trust and respect in the communities in which they operate.
Boards are critical in establishing the “tone at the top” that will help create a culture where ethics and compliance are truly embraced. There are a number of ways that Boards can fulfill this role.
First, Boards must work with management to help establish the company’s views of and appetite for risk. Management must clearly understand what is acceptable and what is not. Next, Boards must demand that they receive regular communications from management on the status of the ethics and compliance program. They must ask questions and evaluate information provided to ensure that the program addresses the risk areas that are most significant to the organization and that the program promotes the ethical conduct that is expected. This is an ongoing process and the Board must satisfy itself that the program is amended and refreshed as necessary to reflect changes in business, markets, laws and other factors.
Despite even the best of efforts, problems may arise, and Boards must insist that allegations of violations of company policies and guidelines be investigated and thoroughly addressed. Similarly, the Board has the responsibility to investigate and act upon any “red flags” or reports that suggest that the program may be deficient in any respect. In short, a successful ethics and compliance program must be dynamic and the Board should continually guide this process by setting the proper tone and overseeing management’s efforts.
Boards can also help set the appropriate tone by holding all directors to the same standards that are applied to employees throughout the organization. Directors should be expected to meet all guidelines set forth in codes of conduct, they must hold senior management to those same guidelines and they must hold both themselves and management accountable when violations occur. Beyond that, Boards can make adherence with and promotion of the ethics and compliance program a part of the performance evaluations of senior management – and for Board members, as well. Additionally, Boards should receive the same basic ethics and compliance training that is required of employees and provide the certifications concerning program acknowledgement and training completion that all employees must provide.
Lastly, Boards should ensure that company expectations with respect to ethics and compliance are communicated regularly to employees and that successes and failures – to the extent appropriate and/or possible – are highlighted. The Board’s active oversight of and participation and interest in the ethics and compliance program should also be communicated to all employees.
Boards have a fundamental role in the establishment of a successful corporate ethics and compliance program. To fulfill that role, however, directors must ask themselves if receiving a single, annual regulatory update from the general counsel is sufficient, or if they should instead demand more from management and themselves. Cost constraints, while always present, need not impair the Board’s role, and the active interest and involvement of the Board can always be present and will help foster the environment necessary for a robust ethics and compliance program.