Compliance Program Oversight by Board of Directors

board oversight of complianceI recently posted a blog article about a document released by the Department of Justice entitled “Evaluation of Compliance Programs.”  As the title of the document might suggest, the DOJ release covers a variety of issues it looks at when evaluating the effectiveness of compliance programs.  The document includes some guidance on how a corporate board should view its responsibilities for corporate compliance.  The direction applies to health care boards, but extends to boards that oversee other types of businesses as well.

A few practical points can be gleaned from the DOJ guidance regarding the practical application of board responsibilities over compliance.

  • Direct reporting from the compliance officer to the board of directors is an essential element of an effective compliance program.  The direct reporting relationship should be set forth in policy, but the board should assure that reporting is actually occurring on an ongoing basis.  Regular means more than just once or twice per year.  Compliance should appear as a regular board agenda item.  Even if there are no compliance events to report, the compliance officer should be available to answer questions and/or make presentations to further the board’s awareness of the compliance function.
  • The direct reporting relationship should not be contaminated by intervention of management, general counsel, or any other party.  The direct reporting relationship must be directly to the board and the compliance officer should not feel impeded in any way from exercising the direct reporting relationship.
  • Be careful not to leave loose ends.  If a compliance issue is present, the board should assure the compliance process is followed through resolution.  Just learning about an issue is not enough.  The compliance function should be accountable to the board for follow-through on all significant compliance issues.
  • Compliance environment is critical and the board should insist on measurement or other methods to ensure an open compliance environment exists throughout the organization.
  • Availability of compliance expertise or support for the board enhances effectiveness.  Corporate boards might consider placing a compliance professional on their board of directors.  At a minimum, the board should be supported in the exercise of its compliance oversight functions.  Expertise independent of the compliance officer should be available to guide the board.
  • A vital element of a compliance program involves training.  The Board should not be immune from the need to obtain compliance training.  The type of training that a board member receives should support the oversight function of the board.  This might be different than training received by a member of management or staff that focuses in a specific division.
  • Compliance function independence is critical, particularly in cases where management might be involved in an issue or if the issue occurs in an area of operational oversight.  Board members should assure that compliance independence is present.
  • Compliance should be active and ongoing.  If a board is not regularly hearing about compliance program operations or developments, it should be concerned.  If reports are not coming, ask for them.

Board members should be provided with the DOJ document and should review it as part of the education needed to define their responsibilities and enable effective oversight.  The above only contains a few points included in the DOJ guidance.
Source: Blue Ink Blog