By Jack Quinn and Suzanne Rich Folsom
NEW YORK (
) -- A Big Four senior auditor passes on inside information to a friend who trades on those secrets. Banks conspire to rig LIBOR rates. A trader in an overseas office engages in unauthorized derivatives trades that cause enormous losses and lasting reputational damage to a widely admired financial institution. The Department of Justice continues to ferret out and prosecute violations of U.S. anti-bribery laws.
Where are the directors of these companies?
More than ever, good governance means more than just ensuring efficiency and profitability; it demands as well that systems be in place -- at the board level -- to ensure compliance with the laws and rules that apply to the company's activities.
Corporate America operates at warp speed; the damage that can be wrought by a rogue employee is phenomenal.
Nothing, however, has made this risk greater than the ever-escalating array of complex legal and regulatory demands that have grown proportionately with the expansion of opportunity in new fields of endeavor, new technologies and new geographies.
"A popular theme in recent years has been that 'Directors should assume the responsibility of directing and if their manifold activities make real directing impossible, they should be held responsible to the unsuspecting public for their neglect.' "
Sound familiar? Actually it's the opening of William O. Douglas's 1934
Harvard Law Review
article, "Directors Who Do Not Direct."
Later, of course, Douglas would become chairman of the
Securities and Exchange Commision
and then a U.S. Supreme Court justice. His plea to directors to be good stewards not only still applies, but has never been more critical for companies, their boards, management and shareholders.
The attendant responsibility of directors in the area of corporate compliance has grown -- witness the adoption of SEC Rule SK 407 regarding the board's role in risk management, the enactment of Sarbanes-Oxley and Dodd-Frank and the promulgation of the U.S. Sentencing Guidelines.
The Guidelines, in particular, put meaningful burdens on the board to:
- foster a culture of good risk management;
to ensure there are systems designed to prevent and detect criminal conduct;
to assign responsibility for compliance with the myriad laws, rules and regulations to which a company is subject; and
to give those assigned that responsibility adequate resources, authority and access "to the top" to enable an effective system of corporate training, compliance and monitoring at every consequential level of the organization.
In short, good governance must be understood to mean good compliance.
What are the elements of good compliance?
For starters, boards cannot blindly defer to management with respect to compliance matters. Rather, checks and balances must be carefully built into the corporate system. This requires, first, that directors not be overcommitted. Independent directors who have other, primary, jobs, should serve on two or three boards at most.
Second, adequate resources must be devoted to compliance. What is adequate will be a function of the compliance burdens on the company and the company's financial wherewithal, but sufficient resources should be available to enable the board to do its duty and to staff the corporate compliance functions adequately. An identifiable compliance office should be at the top of the list of needs to be funded.
And, while many companies have established a chief compliance officer, those officers do not necessarily report directly to the board. They should.
The CCO should not have another senior executive or CEO between her/him and the representatives of the shareholders and ultimate governors of the corporation; management should not be in a position to wall off the committee chair from any circumstances of which (s)he should be aware.
Third, every board should have a compliance committee, the function of which is to oversee compliance programs and activities. The committee should be dominated by independent directors; without doubt, it should be chaired by an independent director. Without such a body, it is impossible for boards to have the necessary line of vision into the risks associated with their business so they can prevent, detect and resolve compliance problems.
The committee should have adequate resources to do its job; the compliance staff should report to the chair of the committee; all employees should have whistle-blowing access to the committee.
Further, boards should not take a shortcut here: Compliance oversight should not fall on the already-overburdened members of the audit committee. If left to audit committees, compliance runs the risk of being neglected or simply becoming another box for busy directors to check.
It makes perfect sense to have some overlapping membership of these two committees, but they should function separately. Having a separate committee permits a group of directors to give the necessary attention and time to this critical component of any successful corporation.
The compliance committee should regularly ask questions and look beyond pieces of paper and other presentations from management. The committee should have access to independent legal counsel and, periodically, forensic accountants. And, of course, the members of the committee should be properly trained in the meaning of compliance oversight and the most effective means of accomplishing it.
Fourth, the compliance committee and the CCO should put in place a rigorous compliance program. There should be a clear structure for compliance, established reporting relationships, a periodically updated identification of corporate risks as well as plans to mitigate those risks, clear policies and procedures in every area of required compliance, effective training programs as well as monitoring and reporting systems, clear reporting requirements and access to the CCO by every employee of the company.
Over the past ten years, more responsibilities have been placed on directors, particularly independent directors. We do not believe that one needs to be Hercules to be an independent director, but one does need to put one's shoulder to the wheel, as Hercules himself advised. This is especially true with regard to corporate compliance, because failure in that realm can be devastating for a company.
Ultimately, every organization is a mirror reflection of the people on top. People with the right outlook taking seriously their obligations of compliance will run good companies that have the least exposure to compliance risk.
Corporate compliance belongs at the board level precisely because it sets the tone at the top, where compliance properly belongs, and demonstrates a commitment to an ethos of following the highest standards. This, in turn, permeates a company and helps attract people of integrity.
Conversely, companies that relegate compliance to a back office run the risk of marginalizing compliance and not reaping the benefits of a robust program, which has its own manifest rewards.
Finally, run properly, a corporate compliance program can be an important -- and positive -- part of a company's identification of opportunities to run better businesses, beat the competition and improve shareholder returns. A well-run compliance program can also provide employees, management, directors and shareholders with comfort that they are a part of a company that is not only committed to doing, but actually
the right thing every day.
No matter how many laws are passed or regulations written, illegal activity will never be eliminated. But with a good compliance program, overseen by independent directors, companies can not only avoid lawsuits and regulatory action but also achieve a higher level of excellence.
This article was written by an independent contributor, separate from TheStreet's regular news coverage.
Jack Quinn is co-founder and chairman of QGA Public Affairs, former White House Counsel to President Clinton and member of the board of ACADEMI LLC and co-chair of its governance committee with former U.S. Attorney General John Ashcroft.
Suzanne Rich Folsom is executive vice president, general counsel and chief Compliance Officer of ACADEMI and previously joined AIG as chief compliance officer and deputy general counsel during the financial crisis to assist in stabilizing the company.