We have recently seen a plethora of headlines and news articles on compliance, compliance reporting, and who is responsible for them. Below is a governance perspective of who is responsible and the importance of regular reporting to those responsible persons.
Who is Responsible?
We answered the responsibility question in the inaugural March 27, 2014, post of Acredula for INCompliance: “Corporate compliance for any organization starts at the top with the organization’s governing board.” Most of the recent headlines and lead stories have ignored this very important role of a governing board.
Courts have held that a governing board’s duty of care (i.e., acting with the care that an ordinarily prudent person in a like position would use under similar circumstances) requires the governing board, as the organization’s highest authority, to be responsible for and oversee the organization’s compliance with fiduciary duties, laws, high ethical standards, and other legal and societal obligations. Similarly courts have held that a governing board’s duty of loyalty requires that such responsibility and oversight be conducted in good faith in what the governing board reasonably believes is in the best interest of their organization as whole.
A governing board is permitted to delegate its responsibilities to a committee of board members (often the audit committee for publicly-held companies or a governance or compliance committee for other organizations). However, a governing board may delegate to a committee only for matters within the committee’s designated authority and only if the board reasonably believes the committee merits confidence.
A governing board may also delegate its responsibilities to an officer (typically, for responsibilities as important as compliance, the person serving as chief executive officer). However, boards may delegate to an officer only for matters for which the board reasonably believes the officer is reliable and competent.
For larger organizations, the responsibility and oversight of compliance is typically delegated to the person serving as the organization’s chief executive officer who, in turn, may delegate some of that responsibility to general counsel or a chief compliance officer. However, the person acting as chief executive officer remains solely responsible to the governing board for compliance of the organization even though the chief executive officer may delegate authority to general counsel or a chief compliance officer.
Our experience is that there are two situations in which the risk of a lack of compliance is greatest for any organization:
- When the chief executive officer or an executive chairperson of the board increases the size of the board to a number greater than the 7 - 11 (generally recommended by most governance experts as the best number for making decisions). Larger boards have to exercise additional prudence to learn “what they don’t know” because it is difficult for a chief executive officer or board chair to keep larger boards well-informed.
- When a new person from outside the organization becomes chief executive officer and replaces other executives with persons with little or no experience with the organization. Boards have to exercise additional prudence to make sure there a transition that is consistent with the board’s desired strategic direction, including responsibility and oversight for compliance.
New board members should receive orientation and ask questions about previous compliance issues and how current compliance issues are handled. Experience with compliance issues should be included in the criteria for selecting new board members. Likewise, all board members should meet periodically in executive session (as discussed below) with those responsible for the organization’s compliance.
The Importance of Compliance Reporting to the Board
Because of the importance of compliance, we recommend to any organization that its board, or committee responsible for compliance, meet in executive session periodically not less frequently than quarterly with general counsel and any chief compliance. These meetings should discuss compliance issues and reinforce that general counsel and any compliance officer have direct reporting authority to the board or compliance committee for any compliance issue that general counsel or the compliance officer reasonably believe should be known by the board or committee.
We generally recommend that general counsel or the compliance officer follow, as guidance, Rule 1.13 of the rules of professional conduct for attorneys:
If general counsel or a compliance officer for an organization knows facts from which a reasonable person, under the circumstances, would conclude that an officer, employee or other person associated with the organization is engaged in action, intends to act or refuses to act in a matter related to the representation that is a violation of a legal obligation to the organization, or a violation of law which reasonably might be imputed to the organization, and that is likely to result in substantial injury to the organization, then general counsel or the compliance officer shall proceed as is reasonably necessary in the best interest of the organization.
It is too early to tell how the recent headlines and news stories will portray the organizations involved. Suffice it to say that an organization’s most important asset is its reputation, which the organization’s governing board should assume responsibility and oversight for.