[The following Q&A with Tom Fox on the role of boards in a best practices compliance program comes on the heels of publication of his new book, The Compliance Handbook, which can be purchased online here.]
Q: What do you see as a board of director’s role in a compliance program?
Tom Fox: Most generally a Board’s role in a compliance program is oversight. Unfortunately most Board members do not understand that role or how to fullfil it. This means that a Board must receive both compliance training and specific training on their role as an oversight function.
Are there any legal requirements to a Board’s role in a compliance program?
Tom Fox: Yes, there have been a couple decisions from Delaware which laid out the Board’s role, in very general terms. In the case of In Re Caremark International Inc., a Board’s obligation “includes a duty to attempt in good faith to assure that a corporate information and reporting system, which the board concludes is adequate, exists, and that failure to do so under some circumstances may, in theory at least, render a director liable for losses caused by non-compliance with applicable legal standards.”
In Stone v. Ritter, the Court held that the Caremark standard is the appropriate standard for director duties with respect to corporate compliance issues.
Finally the question of director liability turns on whether there is a “sustained or systematic failure of the board to exercise oversight - such as an utter failure to attempt to assure a reasonable information and reporting system exists.”
Are there any requirements from the Justice Department on the role of a Board?
Tom Fox: Yes the 2012 FCPA Guidance made clear that a Board must be trained on compliance and it has an oversight role as well. The new FCPA Corporate Enforcement Policy said, for the first time, there must be a compliance resource on the Board. This has created a best practice for one Board member to have actually compliance expertise.
How should a Board structure itself for compliance oversight?
Tom Fox: The best practice is to have a Board Compliance Committee, whose chairman is a CCO or has significant Board expertise. It should be separate and a part from the Audit Committee which is more focused on the financials and financial statements.
What are some of the questions you advocate a Board Compliance Committee should ask a CCO?
Tom Fox: The Board Compliance Committee should begin its inquiry with a basic: ‘How do we know it is working?’ and use this query to obtain information on the processes to carry out the compliance function, rather than details on specific compliance issues.
Another area the Board Compliance Committee interest should be in is the area of hotlines or other internal reporting mechanisms. The next series of questions deals with the responses to any information which comes to the attention of the company, including such basic inquiries as how are the reports classified and routed? Finally, what is the response rate and response time?
*
The Compliance Handbook is available on Amazon.com.