Board Oversight of Compliance Programs

Michael R. Rinard II J.D., CHC, CHPC ([email protected]) is Corporate Compliance Officer at Mosaic Life Care in St. Joseph, Missouri.

Compliance professionals have an array of risks to consider and communicate. One of the most important tools to a compliance professional to demonstrate compliance effectiveness is to engage and educate their Board of Directors. Board oversight is critical not only to demonstrating compliance effectiveness, but more importantly allows the board members to fully appreciate their duties to the organization.

 Why does board governance matter?

 Under the U.S. Federal Sentencing Guidelines, and effective compliance program is measured by the Board of Directors knowledge about the content and operation of the compliance program.[i] In addition, the Board of Directors must exercise reasonable oversight with respect to the implementation and effectiveness of the compliance program.[ii] The board must act independently along with the Compliance Officer to detect and prevent criminal conduct.[iii] Department of Justice prosecutors are guided to consider some mitigation of criminal and civil liability when it is demonstrated that the compliance program is designed to actively monitor and remediate such illegal behavior and has done so with engagement of the board as well as strong protocols and risk assessments.[iv]

 What is the Duty of the Board of Directors?

 Generally, the Board of Directors have two important duties to the organization. The first is the duty of care. Generally, the duty of care requires board members to act in good faith with the level of care that an ordinarily prudent person would exercise in the like circumstances and in a manner that they reasonably believe is in the best interest of the corporation. 

 The second duty is the duty of loyalty. The duty of loyalty requires a board member to act in good faith and with conscientiousness, fairness, morality, and honesty. The duty requires board members to consider what is in the best interests of the company and prohibits self-dealing behavior.

 Fortunately, the law does not require that board members have perfect judgement. As long as the board members are exercising their duty of care and loyalty as a foundation to their business decisions, the law will shield the board from liability of adverse outcomes of those decisions.

 History of Case Law Development for Board Fiduciary Duties

 Due to the favorable incorporation laws in Delaware, most companies incorporate there. With the advent of heavy incorporation in Delaware, the case law developed from those courts are good foundations that many states utilize when interpreting their own state corporate laws and rules. For purposes of this article, using Delaware case law makes the most sense for general guidance.

 In Graham v. Allis-Chalmers (Del. 1963),[v]  the court stated that “absent cause for suspicion (i.e., “red flags”) there is not duty upon the directors to install and operate a corporate system of espionage to ferret out wrongdoing which they have no reason to suspect exists.” In other words, boards do not need to enlist entrapment techniques to seek out suspicious activity, but they certainly cannot ignore signs of it.

 Nearly 33 years later, the court in In re: Caremark (Del. 1996)[vi], the court ruled that there is a duty in good faith to assure that the corporation information and reporting system exists and additionally that the reporting system is adequate to assure the board that appropriate compliance-related information will come to its attention in a timely manner. The law expanded to not only to act against suspicious activity known or should have been known by the board members, but it also added a requirement that directed a format in which to assure board members are made aware of such concerns. This created a duty to monitor the compliance activity in the organization.

 In addition to the Caremark precedent, Stone v. Ritter (Del. 2006)[vii] set clarification to identify a breach of the duty to monitor. The court ruled that in order for a party to demonstrate a breach of the directors’ duty to monitor, it must be established that the directors utterly failed to implement any reporting or information system or controls and that the directors consciously failed to monitor or oversee its operations thus disabling themselves of being informed.  Simply put, board governance requires active involvement of the board and established protocols and systems that allow boards to be aware of any compliance actions and in turn a mechanism to assist in acting towards mitigation of non-compliant acts.

What are recommended best practices to ensure strong board governance?

 The following are some strong recommendations in promoting board involvement. The more robust the board is engaged, the less likely that any government action will find that the compliance program lacks effectiveness. When compliance effectiveness is established, it mitigates any potential negative consequence to the organization for a non-compliant event.

 Dedicate a board committee to compliance program oversight.

A dedicated board committee provides a safe and formal environment that allows the compliance professional to educated and provide insight in the day-to-day operations of compliance in the organization. This outlet empowers the board to fulfill its duty of loyalty, duty of care, and duty to monitor the compliance activity of the organization.

 Provide formal policies and protocols to access the board committee.

 Formal policies and protocols provide guidelines that are followed consistency and considers the best way to identify compliance matters that the board should be made aware. As the gaps in compliance become evident, the process then is allowed to change to provide an avenue to eliminate the gap in the future. This type of active management mitigates risk of non-compliance activity and provides the board with confidence it is meetings its duties.

 Assure that board minutes reflect compliance-related discussions and actions taken.

 When an incident occurs, it is important to identify discussions as well as actions taken by the board to demonstrate the effectiveness of the compliance program. If a compliance investigation is undertaken by a government agency, one of the first items they will review are the minutes of your board meetings as well as the board committee in charge of compliance matters. Taking compliant actions without documentation is as if the action taken never happened.

 Encourage the board to utilize and rely on external experts.

 It is wise to engage outside auditors and other compliance experts to establish a review of the compliance program every three years to document gaps, perform risks assessments, and allow documentation of the effectiveness of the compliance program. Outside experts provide the appearance of objectiveness that bolsters the positives of the program and provides confidence from the outside observer.

 Provide your board with compliance metrics and outcomes.

 In order to provide your board committee a deeper understanding of compliance trends and risks, it is critical to demonstrate those trends and risks with measurable outcomes and assessments. The data approach provides a more objective view of how the organization is behaving rather than anecdotal stories. It also provides a benchmark for future compliance goals that the board can measure its success with effectiveness.

 Conclusion

 Board governance is one of the most critical components to demonstrate your organization’s commitment and effectiveness to attack and defend non-compliant behavior. With more board scrutiny assessed through Qui Tam claims, The Department of Justice investigations, and the Office of Inspector General investigations, the compliance professional has a duty to assist and provide the board the best tools and approaches to counter the affects of non-compliant behavior and mitigate any adverse outcomes overall for the organization. It is critical that an organization provide this avenue for the compliance professional, officers, and for the protection of its own board membership.

 Key Takeaways

1. Board oversight of compliance programs is a requirement under the law.
2. Board governance has grown into more prominence through governmental actions towards organizations.
3. Compliance professionals must have an avenue to not only address compliance concerns with the board to empower the board to act to rectify non-compliant activity.
4. Leveraging external experts to examine the effectiveness of the compliance program is a best practice every three years.
5. Compliance metrics provide objective goals and benchmarks to compare the organization to other compliance programs and to the organization itself to aid the board in understanding trends and risks.

[i] See United States Sentencing Commission Chapter 8 §8B2.1 (November 1, 2004).[ii] Id.

[iii] Id.

?[iv] See Department of Justice Manual, §9-28.300 Factors to be considered. (July 2020).

[v] See Graham v. Allis-Chalmers Mfg. Co., 188 A.2d 125, 130 (Del. 1963).

[vi] See In re Caremark International Inc. Derivative Litigation, 698 A.2d 959 (Del. 1996).

[vii] See Stone v. Ritter, 911 A2d 362, 370 (Del. 2006).