Board Oversight of Compliance & Ethics Programs

Board Oversight of Compliance & Ethics

ProgramsJeff Kaplan/Kaplan & Walker /jkaplan@kaplanwalker.com

Society of Corporate Secretaries & Governance Professionals2012 Mid-Atlantic Chapter Fall Meeting

www.kaplanwalker.com 2

US Sentencing Guidelines DOJ Prosecution Standards Delaware case law

◦ Caremark, Stone v Ritter◦ Disney: best practices as a way of minimizing

risks and costs Not a C&E case, but logic is relevant to C&E

S-Ox, NYSE rules Various official expectations outside the US

Key legal drivers

www.kaplanwalker.com 3

Types◦ Audit committee charter◦ C&E program charter◦ Job descriptions

CECO GC or others

◦ Investigation and reporting procedures

C&E governance documentation

www.kaplanwalker.com 4

Sentencing Guidelines: individual with operational responsibility for the program should have express authority to communicate personally to the board or a board committee◦ Promptly on any matter involving criminal conduct or

potential criminal conduct, and ◦ No less than annually on the implementation and

effectiveness of the C&E program Good practice

◦ CECO- multiple reports per year; C&E director (if a different person) – one

◦ Both have authority to report to audit committee chair re: alleged misconduct

Reporting to the Board: two types

www.kaplanwalker.com 5

Given board’s reliance on CECO, typically an important consideration

Many criminal/regulatory settlements require CECO not be part of law department

But for many companies CECO can be part of law department if have other indicia of independence◦ Strong informational reporting relationship with

board◦ Audit committee monitoring of compensation and

duties

Independence of CECO

www.kaplanwalker.com 6

These are not mutually exclusive, nor should any board necessarily cover all◦ Rather, key is to find what is most helpful for a

given company/board First, main elements and attributes of an

effective C&E program, but focus on those where directors can really make a difference◦ Elements: incentives, discipline, senior

management involvement◦ Attributes: authority, independence, reach,

resources, organizational culture

Content of board reports: possible components

www.kaplanwalker.com 7

Second: particular focus on system for encouraging reports of violations◦ At the heart of Caremark and S-Ox obligations◦ Look for weak spots (by business or geography)

Third: other program metrics ◦ Can be helpful, e.g.,

Employee survey/focus group results Audit results Breaches Training completions Many others

◦ But some boards worry too much about this – and there is no magic quantitative approach to C&E metrics

More on reports to board

www.kaplanwalker.com 8

Fourth - risk areas◦ Stone v Ritter underscores need◦ Board should have sense of C&E risk assessment

methodology (and why you think it works)◦ For top risk areas (e.g., EHS, FCPA, Antitrust) provide ongoing

information about Risks Mitigation plans Adherence to plans

Asking good questions is key to any of these approaches ◦ See http://

www.fcpablog.com/blog/2010/6/8/what-boards-should-ask.html

Report contents (cont.)

www.kaplanwalker.com 9

Going beyond audit committee Oversight is part – but not all – of what should be

covered in training Individual C&E risks for directors (e.g., COIs, confidential

information) should also be addressed because◦ Director integrity key to market confidence; violations by

directors can undermine this◦ Relevant to oversight of senior management, since many of the

risks are the same Consider cataloging all the C&E information your board

gets to see what’s missing, and develop a true curriculum map (of current and planned training/communications)

C&E training for boards

www.kaplanwalker.com 10

Strong expressions of support for these by◦ Justice Department◦ Sentencing Commission◦ OECD Anti-Bribery Good Practice Guidance

Boards generally encouraged to rely on experts – may be particularly useful for C&E programs

Assessment report can provide framework for ongoing program oversight for years to come

The very act of commissioning an assessment itself helps show that the board is serious about C&E

Program assessments