The Top 5 Mistakes Boards Make in Overseeing Compliance
The Corporate Compliance Insights, “The Top 5 Mistakes Boards Make in Overseeing Compliance,” was co-authored by Russell Reynolds Associates Consultants Cynthia Dow and Anthony Goodman. The piece talks about the costly missteps boards make when overseeing compliance. The article is excerpted below.
Russell Reynolds Associates’ Cynthia Dow and Anthony Goodman, compliance and board experts, interviewed leading chief legal officers, chief compliance officers, former investigators and board directions to under the biggest compliance missteps boards make.
We can all easily recount a recent compliance problem that became front-page news. But what’s not so easy to recall is an instance in which a board director from such a company is then appointed to your board. The reputational damage from a compliance misstep taints even the best and most blameless of directors.
To understand the biggest compliance oversight mistakes boards make — and how to avoid them — we talked to preeminent chief legal officers, chief compliance officers, former investigators and board directors at leading public and private companies both in regulated and unregulated industries. The following five themes emerged from our discussions.
#1: Treating Compliance as a Check-the-Box Exercise
Boards are busy. And, unfortunately, compliance can be seen as a distraction from the board’s “real business” or as an administrative burden.
It is all too easy for boards to nod through its approval to a compliance program without applying any real thought to it. One expert who advises audit committees closely told us, “The biggest mistake is separating compliance from strategy. That is what leads to a check-the-box mentality.”
A great compliance program can be a competitive advantage for companies – especially those in highly regulated industries. A well-designed program tied closely to strategic goals can differentiate a company and establish authentic credibility with clients and customers.
Best-in-class boards of all types should insist on a strategic compliance plan that ties programs to key risk areas and is continually revisited and refreshed as needed. Compliance activities should be seen as business issues. One chief compliance officer of a global and highly regulated company noted, “The board should look for tangible evidence – documents, communications – that compliance is truly embedded with and integral to the business.”
To accomplish this, you have to develop an efficient and timely approach to compliance, one chief legal officer of a highly regulated company told us. “Let your competitors be paralyzed by it.”
#2: Underappreciating the Role of the Board in Demonstrating Leadership on Compliance
When boards think about tone at the top, they first think about the CEO and the senior team. There is no doubt that the leadership team has the single biggest influence on the organization. As one major bank’s chief compliance officer told us, “Boards need to focus on having the right leadership at the top of the house – the CEO and the succession plan for the CEO – and then empower them to drive culture and conduct.”
However, boards often underestimate their own power and influence. Think about the signals that are sent to the organization when the board spends barely 60 minutes a year reviewing a compliance report. Or how influential the chief compliance officer can be if he or she never has access to the board directly. These decisions – and they are decisions – also set the tone.
Likewise, if the relationship between the board and management – or more particularly, the relevant committee chair and the CCO – is not functioning well with respect to the flow of information or robustness of the compliance strategy, program and reporting, then the directors must take action to engage differently, clarify flows of information or ensure the requisite leadership strength is there.
The best boards are actively engaged in compliance. They see reports, yes. But they also give the head of compliance the opportunity to address the board or audit committee directly, sometimes in executive session. One former chief compliance officer, now a board director said, “The board can help the chief compliance officer get visibility.” The board can also ensure the chief compliance officer has the resources they need. A chief legal officer told us, “This is an area where the board can go deeper and give counsel to staff.”
Boards can also ask to see benchmarking of compliance: what are your competitors doing? “Getting outside the four corners of our world is really important,” said one compliance chief. As a CCO to a highly regulated company put it, “boards don’t know what they don’t know and they don’t always ask the right questions.” Boards should exercise a healthy degree of challenge and skepticism, asking questions such as “Why are we not getting hotline reports from 32 of 35 countries, and how do we change that?” Or “Why is our business so much better this quarter, in this sector or geography than our competitors? What could be amiss?”
There also needs to be an “escape valve” allowing escalation of critical issues directly to the board or a board committee. Defining a reportable event to the board can be a useful exercise to ensure mutual understanding between the board and the compliance function.
The board itself can participate in the compliance training program and a director can address staff that are involved in education programs to underscore the importance of the work they are doing. “That’s one way to make sure it’s good training,” a board director noted. These actions all indicate that the board takes compliance seriously and wants management to take it seriously, too.
To read the full article, click here.