By Jack Quinn and Suzanne Rich FolsomNEW YORK ( TheStreet) -- A Big Four senior auditor passes on inside information to a friend who trades on those secrets. Banks conspire to rig LIBOR rates. A trader in an overseas office engages in unauthorized derivatives trades that cause enormous losses and lasting reputational damage to a widely admired financial institution. The Department of Justice continues to ferret out and prosecute violations of U.S. anti-bribery laws. Where are the directors of these companies? More than ever, good governance means more than just ensuring efficiency and profitability; it demands as well that systems be in place -- at the board level -- to ensure compliance with the laws and rules that apply to the company's activities. Corporate America operates at warp speed; the damage that can be wrought by a rogue employee is phenomenal. Nothing, however, has made this risk greater than the ever-escalating array of complex legal and regulatory demands that have grown proportionately with the expansion of opportunity in new fields of endeavor, new technologies and new geographies. "A popular theme in recent years has been that 'Directors should assume the responsibility of directing and if their manifold activities make real directing impossible, they should be held responsible to the unsuspecting public for their neglect.' " Sound familiar? Actually it's the opening of William O. Douglas's 1934 Harvard Law Review article, "Directors Who Do Not Direct." Later, of course, Douglas would become chairman of the Securities and Exchange Commision and then a U.S. Supreme Court justice. His plea to directors to be good stewards not only still applies, but has never been more critical for companies, their boards, management and shareholders. The attendant responsibility of directors in the area of corporate compliance has grown -- witness the adoption of SEC Rule SK 407 regarding the board's role in risk management, the enactment of Sarbanes-Oxley and Dodd-Frank and the promulgation of the U.S. Sentencing Guidelines.
The Guidelines, in particular, put meaningful burdens on the board to:
- foster a culture of good risk management; to ensure there are systems designed to prevent and detect criminal conduct; to assign responsibility for compliance with the myriad laws, rules and regulations to which a company is subject; and to give those assigned that responsibility adequate resources, authority and access "to the top" to enable an effective system of corporate training, compliance and monitoring at every consequential level of the organization.
Further, boards should not take a shortcut here: Compliance oversight should not fall on the already-overburdened members of the audit committee. If left to audit committees, compliance runs the risk of being neglected or simply becoming another box for busy directors to check. It makes perfect sense to have some overlapping membership of these two committees, but they should function separately. Having a separate committee permits a group of directors to give the necessary attention and time to this critical component of any successful corporation. The compliance committee should regularly ask questions and look beyond pieces of paper and other presentations from management. The committee should have access to independent legal counsel and, periodically, forensic accountants. And, of course, the members of the committee should be properly trained in the meaning of compliance oversight and the most effective means of accomplishing it. Fourth, the compliance committee and the CCO should put in place a rigorous compliance program. There should be a clear structure for compliance, established reporting relationships, a periodically updated identification of corporate risks as well as plans to mitigate those risks, clear policies and procedures in every area of required compliance, effective training programs as well as monitoring and reporting systems, clear reporting requirements and access to the CCO by every employee of the company. Over the past ten years, more responsibilities have been placed on directors, particularly independent directors. We do not believe that one needs to be Hercules to be an independent director, but one does need to put one's shoulder to the wheel, as Hercules himself advised. This is especially true with regard to corporate compliance, because failure in that realm can be devastating for a company. Ultimately, every organization is a mirror reflection of the people on top. People with the right outlook taking seriously their obligations of compliance will run good companies that have the least exposure to compliance risk. Corporate compliance belongs at the board level precisely because it sets the tone at the top, where compliance properly belongs, and demonstrates a commitment to an ethos of following the highest standards. This, in turn, permeates a company and helps attract people of integrity. Conversely, companies that relegate compliance to a back office run the risk of marginalizing compliance and not reaping the benefits of a robust program, which has its own manifest rewards. Finally, run properly, a corporate compliance program can be an important -- and positive -- part of a company's identification of opportunities to run better businesses, beat the competition and improve shareholder returns. A well-run compliance program can also provide employees, management, directors and shareholders with comfort that they are a part of a company that is not only committed to doing, but actually does the right thing every day. No matter how many laws are passed or regulations written, illegal activity will never be eliminated. But with a good compliance program, overseen by independent directors, companies can not only avoid lawsuits and regulatory action but also achieve a higher level of excellence. This article was written by an independent contributor, separate from TheStreet's regular news coverage.