The compliance revolution has had a dramatic impact on numerous actors in the corporate governance world, including chief compliance officers, internal auditors, human resources and finance officers. Additionally, we have seen new strategies, controls and procedures to maximise the impact of ethics and compliance programmes.
Yet for all these changes, we have failed to see any significant changes where it matters most – at the corporate board level. Corporate board members devote significant time to financial oversight and strategy, while ignoring steps needed to protect and promote its most important intangible asset – its culture and reputation. Corporate board members would rather discuss strategy issues and ignore the important questions surrounding its culture.
Corporate boards are due for a rude awakening – compliance expectations and competing stakeholders are demanding more effective oversight. Over the last 10 years, we have witnessed corporate scandals and misconduct that could have been prevented or, at least, mitigated by a corporate board’s proper oversight and management of a company’s culture and compliance programme. All too often, corporate boards fail to identify potential red flags of serious misconduct issues, or ignore obvious risks that result in corporate disasters, reputational harm and significant enforcement actions, coupled with collateral litigation. In this era of accountability and increasing demand by corporate stakeholders, including activist owners and shareholders, corporate boards have to step up and bring about a new and improved level of performance.
High-profile corporate board oversight failures
The corporate governance landscape is littered with failures and corporate disasters. These scandals occurred under the watch and oversight of allegedly sophisticated boards. Let’s consider three examples:
■ Wells Fargo Bank suffered serious legal and reputational harm at the hands of a multitude of scandals, which have only highlighted the board’s failure to implement appropriate risk management and ethics and compliance programme oversight. Wells Fargo has yet to emerge with a new and effective risk management system with adequate resources to support an independent and effective ethics and compliance programme
■ Theranos was a multi-billion-dollar blood testing company that ultimately collapsed because it was built on CEO-directed fraud. Theranos’s allegedly high-profile corporate board failed to detect this pervasive fraud, despite numerous warning signs and red flags. Former CEO and COO, Elizabeth Holmes and Ramesh ‘Sunny’ Balwani await a federal criminal trial on fraud charges
■ Volkswagen and its related companies have suffered from a massive fraudulent emissions-cheating scandal that was orchestrated at the CEO and senior management level of the company. The VW board, however, was a significant contributing part of the problem. A former VW executive described the scandal as ‘all but inevitable’, due to ‘the company’s isolation, its clannish board and a deep-rooted hostility to environmental regulation among its engineers’. It is easy to imagine but hard to accept that VW would have chosen the same path had the board and its executive team been trained and understood the implications of its misguided strategy to avoid environmental regulatory requirements
In picking through the rubble of a corporate scandal and disaster, it is always important to examine what the board knew or should have known and what might have occurred under proper oversight and management. The old adage – pennywise but pound foolish – applies when a company fails to invest in its board ethics and compliance programme responsibilities, especially when considering the consequences to a company that suffers from a corporate scandal like those listed above.
Bringing the board up to speed
Let’s face it – corporate boards are not adept at overseeing a company’s ethics and compliance programme. Every company should have a former or existing compliance professional serving on its board. In the absence of one or more compliance professionals appointed to a corporate board, it is imperative that corporate boards devote more time and attention to learning how to monitor and effectively supervise an effective ethics and compliance programme.
In the absence of a board member who has prior compliance expertise, corporate boards either ignore or struggle to fulfil their compliance oversight responsibilities. Corporate board performance is suffering from this serious gap between compliance responsibilities and capabilities. Corporate boards are under increasing pressure to improve their performance, including in the area of compliance. There are five steps that corporate boards have to undertake:
1. Acknowledgement a new and more holistic responsibility to oversee, monitor and manage a company’s culture and its compliance programme. Corporate culture is a valuable intangible asset that promotes productivity, improves financial performance and protects against employee misconduct. To promote and protect this asset, board members have to participate in the management and oversight of this valuable asset. No longer can corporate board members sit back and exercise board responsibilities as a passive manager, dealing directly with the CEO and senior management. Corporate boards have to embrace a new active agenda.
2. Attendance regular training to exercise additional responsibilities for managing a company’s culture. Corporate board members have to increase training on corporate culture and compliance issues. The company’s chief ethics and/or compliance officers, respectively, have to coordinate on these efforts and raise the board’s awareness and ability to exercise meaningful oversight and management.
3. Increased coordination among and have meetings with CEO, senior management, chief ethics or compliance officer(s), to adopt important strategies and impose robust reporting requirements to ensure that the board is fully engaged on issues relating to culture and compliance.
4. Annual ethics and compliance oversight plans developed at the board level to ensure that the board’s information and review needs are being met. In other words, the board should develop its own requirements to ensure that there is a meeting of the minds with ethics and compliance staff as to annual expectations for ethics and compliance programmes and strategies.
5. Conduct an annual evaluation of the board’s own performance in overseeing and monitoring the company’s ethics and compliance programme. The board’s evaluation should be conducted by an independent third party and should be exclusively shared with the board members for development of enhancements to improve overall board functioning relating to ethics and compliance programme oversight and performance.
New board ‘training’ programme
”There is nothing training cannot do. Nothing is above its reach. It can turn bad morals to good; it can destroy bad principles and recreate good ones; it can lift men to angelship.” Mark Twain
Chief compliance officers, with the backing of the CEO and senior management, should ‘train’ the board for at least two hours each year (and preferably more). When I use the term train, I really mean ‘educate’ the board on risks, the law and the company’s ethics and compliance programme and, most importantly, how to oversee and monitor the company’s compliance programme.
The CCO has to cover a number of important topics, including:
■ Board responsibility for independent review of a company’s compliance programme
■ What information should the board require and how often should such information be provided to the board
■ Elements of an effective ethics and compliance programme
■ Requirement that the company has ‘devoted adequate staffing and resources to the compliance programme’. Management, resources and operation of compliance programme
■ Company culture, assessment, trends and measurement
■ Budget, resources and planning in relation to business, growth, development and planning
■ Trending issues and priorities for addressing gaps
■ What are the company’s legal and compliance risks, who are the stakeholders and what is the process for risk evaluation and analysis (as well as continuous monitoring)?
■ Familiarity with code of conduct
■ Compliant, reporting and detection of issues
■ Internal investigation programme performance: significant investigations, trends and data
“CORPORATE CHANGE REQUIRES LEADERSHIP FROM THE BOARD, DEMANDING ATTENTION TO CORPORATE CULTURE AS AN IMPORTANT INTANGIBLE ASSET”
This list is not exhaustive and has many subparts that can be added. But as a starting point, the board should understand each of the above-listed topics and be able to articulate the importance of each topic and how they relate to each other.
Also, a board has to understand how to communicate with the CCO and develop a robust communication framework. In particular, the board has to inquire about the CCO’s position and function within the company. These issues include:
■ Is anyone or operational function preventing you/CCO from implementing any of the elements of an effective ethics and compliance programme?
■ Does the ethics and compliance function have adequate independence, authority and resources?
■ Are there any issues that have been reported to you/CCO or that you learned of that are not being addressed?
■ Are we aware of, and staying current on, trends in enforcement and effective compliance programme? If there are gaps in our programme, how are we addressing these areas?
■ What is the current assessment of our culture? What specific metrics are supporting your assessment?
■ What steps can the board and/or senior management take to support the compliance programme?
■ Do you/CCO feel that leadership and employees are comfortable reporting potential issues and are these issues being appropriately addressed?
■ Have we had any allegations of retaliation? What steps are we taking to identify subtle attempts to retaliate?
■ Are we identifying and prioritising the company’s ethics and compliance risks? Is our programme tailored properly to our current and short-term risk profile?
■ Are we appropriately holding senior management and employees accountable for ethics and compliance responsibilities?
■ What steps and controls have we implemented to monitor and audit our programme, potential misconduct and detect wrongdoing? How is this programme working?
These are just a sample of basic questions for discussion between the CCO and the board. There are many other issues that can develop, depending on the company’s circumstances.
Ethics and compliance culture
In this era of accountability and increasing demand by corporate stakeholders, including activist owners and shareholders, corporate boards have to step up and bring about a new and improved level of performance.
Corporate culture is a valuable asset that must be maintained and promoted by the company’s board. The board must be accountable for managing and overseeing this asset as an important strategy to prevent possible misconduct, legal enforcement and reputational damage.Unfortunately, corporate boards are very slow to change. Historically, corporate boards resist change, despite shareholder demands and even activist investors.
This narrow mindset has to be abandoned. Corporate change requires leadership from the board, demanding attention to corporate culture as an important intangible asset.