Tag: Governance News

DOJ Compliance Update: What does it mean for Boards?

In June 2020, the US Department of Justice (“DOJ”) issued updated corporate compliance guidance¹.

What Stays the Same? DOJ continues to urge companies to:

1. Adopt a risk-based compliance program, based on results of a rigorous assessment of the company’s risks,
2. Embed preventative and detective controls tailored to those particular risks, and
3. Be data driven in monitoring the effectiveness of those controls.

What Changes? The update suggests that the DOJ will be looking more closely at whether a company’s compliance program:

1. Is adequately resourced,
2. Has formalized processes to evaluate its effectiveness on an ongoing basis,
3. Incorporates the use of data analytics, and
4. Addresses relevant cross-border implications.

Why is This Update Important? More than ever, company reputation impacts shareholder value. A well-run compliance program is important to company reputation. It can give investors, employees (current and prospective), suppliers, customers, and communities a real sense of the company and its commitment to integrity. Compliance is also a key element in risk management.

What Does This Mean for Your Board’s Oversight of Risk and Compliance programs?  To get a better understanding of what the DOJ update means for your company and board, here are several questions that your directors might want to ask the company’s Chief Compliance Officer (“CCO”) when the CCO next reports to your board or board committee. If a CCO report is not on an upcoming agenda, it would be good to add it!

Are We Resourcing Our Program Appropriately? In the past, the DOJ’s asked whether your compliance program was “being implemented effectively.” Going forward, the DOJ is likely to also ask whether your program is “adequately resourced and empowered to function effectively.” As COVID is prompting companies to cut budgets where they can, it would be good to talk with your CCO about whether the company is providing appropriate budget and authority to run the compliance program. It might not be a “yes/no” question and it is a good one to ask regularly as your company’s business evolves.

Data is a resource too. Asking your CCO about IT support being provided to the compliance function is important because the DOJ is looking for companies to provide compliance personnel with the data they need for “timely and effective monitoring and/or testing of policies, controls, and transactions.”

How Are We Using Ongoing, Data-Driven Processes to Ensure Our Program’s Effectiveness? The DOJ is still looking at whether your compliance program is effective but it also wants to see that your company has formalized processes to evaluate your program, those processes are generating useful data, and your company is updating its program based on those evaluations and data. No more will you receive credit for updates made “in light of lessons learned.” It would be good to talk with your CCO about how your company would demonstrate that:

1. Review of your compliance program is “based upon continuous access to operational data and information across functions,” and
2. Your program includes a formalized tracking process to track your company’s and compliance developments in your industry.

Are We Making It Easy for Employees to be Compliant? The DOJ also wants companies to make compliance easy for employees. Consider talking with your CCO about whether your company’s policies and procedures are readily available and searchable so employees can find pertinent provisions. And it would be good to ask how your CCO tracks the most accessed policies and what that tells the CCO.

Is Our Training Effective? The DOJ will ask, so consider asking your CCO:

1. How is our company evaluating our training’s effectiveness?
2. How do our employees get answers to questions or issues prompted by our training?

Do Our Acquisition Plans Include a Post-Acquisition Compliance Audit?  

In What Ways are We Multi-National? Few companies are purely domestic. Supply chains, IT/data and sales can easily take a “domestic” company outside the US. It’s not easy to structure a multi-national compliance program given variations in laws and circumstances in each of the countries where a company does business. Talk with the CCO about the how the company’s compliance program takes into account the multi-national aspects of your business and what rationale your company uses in support of compliance decisions made in a multi-national context, including how those decisions “maintain the integrity and effectiveness” of your compliance program.

Conclusion

Hopefully, these suggestions can form the basis for an ongoing, dynamic interchange between the board (or the audit or risk committee) and your CCO. And that interchange can help the CCO and company in efforts to improve compliance and mitigate risk in line with DOJ guidance.

_____________________

¹ U.S. Dep’t of Justice, Criminal Division, “Evaluation of Corporate Compliance Programs” (June 1, 2020), https://www.justice.gov/criminal-fraud/page/file/937501/download.

COVID-19 is changing how and where we conduct business as well as how we approach both human capital management and corporate strategy. Those changes have implications for risk, controls, and reporting.

The Association of International Certified Public Accountants (AICPA) has been advising its members and others how best to handle COIVD-19 challenges. Recently, the AICPA shared the audit committee checklist for COVID-19. https://bit.ly/3g4BzO7

The AICPA, in issuing the checklist, wrote: “Audit committees, be they in a public, private, government or not-for-profit entity, face drastic challenges. Not only must they suddenly conduct virtual meetings, but they also must handle emerging risks. These risks are related to assessments, entity on-site operations (including culture), the impact of new legislation, financial and reporting disclosures, technology and cybersecurity.”

AICPA’s checklist includes thoughtful and practical topics for boards, especially audit committees, to consider when assessing how COVID-19 has impact the “board’s responsibilities of oversight, risk management and governance process.” It is also a good reminder that effective oversight, risk management and governance begins with a well-crafted agenda supported by high-quality briefing materials.

Foresight is advanced technology that enables governance professionals, executives and board members build such agenda, document discussions and decisions, and assess how effectively the board is overseeing these evolving challenges. More information is available on https://foresight.board-ops.com/

Larry Fink’s March 30 letter to BlackRock shareholders included this observation about the impact of COVID-19 on business and investing:

“…Even more profoundly, people worldwide are fundamentally rethinking the way we work, shop, travel and gather. When we exit this crisis, the world will be different. Investors’ psychology will change. Business will change. Consumption will change. And we will be more deeply reliant on our families and each other to stay safe.”

Indeed, things have changed and will continue to change! Both public and private boards are under greater internal and external scrutiny as COVID-19 tests them in new ways. We have been rethinking how boards, executives and corporate governance professionals do their work. The result: Foresight®, a cloud-based knowledge-management and decision-support tool for planning, preparing for, conducting, documenting, and evaluating board meetings

Boards must decide whether to address ESG elements as standalone agenda topics or incorporate those elements into regular agenda topics. Example: Board oversight of ESG elements in the company’s supply chain can be incorporated into supply chain reporting and planning – human rights protections at the company’s suppliers, worker and product safety, sustainable sourcing, environmentally-responsible manufacturing (e.g., water, energy, waste). This integrated approach is holistic and holds business leaders, not just corporate staff, responsible for ESG outcomes.

How can boards communicate their oversight to investors?

• Companies can talk with investors about the board or committee discussions of particular ESG issues “x” times per year and which executives join those discussions.
• In-depth disclosure on the company’s website and in the proxy statement of the board’s approach to ESG helps all investors gain an understanding of the board’s role in oversight of ESG issues and take comfort that the board is addressing ESG issues in a proactive manner.

Experience at WeWork suggests that it missed a few preparatory steps before its IPO – an important one being getting its corporate governance in order.

During 2019, about 159 IPOs were priced at $50 million or more in the US (compared to 192 in 2018). Whether they listed on NYSE or Nasdaq, these companies needed to adhere to minimum listing standards. In addition, they had to comply with SEC and other standards. Even complying with those standards did not keep all those newly public companies from going off the governance rails.

Setting up the mechanics, the processes, and the culture to be a successful public company requires planning as well as alignment on values and policies. Experienced governance professionals can advise and help company leaders build these out.

Experienced governance professionals can help in other ways. Helping to determine the checks and balances needed to mitigate risk and promote desired behaviors. Building a diverse board. Building an annual board and committee calendar that ensures the board identifies and addresses all required and relevant agenda topics. Ensuring that meeting agenda focus on the things that must be addressed and those that will matter over the long-term. Fostering candid board discussion and effective board decision-making.

Do not overlook how technology can help the IPO preparation, transition to public company compliance and long-term success. Foresight® is an enormous aid to the law firm or in-house personnel putting in place the mechanics. It provides the framework and the governance confidence needed to get the organization and the board ready for the IPO. And it will help prepare and keep the newly public company on track with governance.

I was very honored to be recognized at Corporate Secretary magazine’s 2019 Corporate Governance Awards dinner with a Lifetime Achievement Award. This post attempts to capture a few thoughts from my impromptu acceptance speech and add one or two more.

Corporate governance is very much a team sport. No one does it well alone.

A corporate secretary is reliant on colleagues within and well beyond the Legal Department. Partnering with Compensation can mean a better outcome on Say on Pay, with Finance can make for a smoother, less costly bond issuance, with External Reporting can produce a clearer, more concise 10-K, with Investor Relations can build an investor engagement program that generates meaningful communication.

Beyond the confines of the company, a corporate secretary needs and benefits from the expertise of investors, outside counsel and service providers of all sorts (among them transfer agents, proxy solicitors, strategic advisors, software vendors (who provide tools to automate board planning, compliance, board postings and subsidiary records). Building effective partnerships with these individuals and their organizations increase one’s efficiency and impact – and improve outcomes for your company.

Membership in the Society for Corporate Governance is another reliable way to build a network of experts on whom you can call for help (Yes, there is such a thing as a Corporate Governance Emergency!) and with whom you can share in return. (Look into the Society’s new Certified Corporate Governance Professional designation!)

Because corporate governance is a team sport, coaching is involved. So many people helped me! I am eternally grateful to them all. I have tried to pay it forward and urge others to do so as well – and one need not wait until one is senior in an organization to do so. At any level of your company, create opportunities to spread the word about corporate governance. Speak at brown bag sessions for development programs. Invite members of rotational development programs onto the corporate secretary’s team for a year or two. They will learn about the board, stock compensation, investor engagement, and securities laws – all good things to know as they rise through the ranks and manage others. Create a one-hour “Public Company Boot Camp” that covers board basics, fundamentals of disclosure (“materiality,” 8-Ks, GAAP/Non-GAAP, Reg. FD, insider trading and company policies. Hold “Boot Camp” whenever an executive is elevated to Executive Officer/Section 16 Officer status and at a quarterly Legal (this is good stuff for the commercial lawyers to know!), Finance or Compensation Town Hall. Whenever and whoever will have you. Offer to be a mentor – and weave corporate governance into your discussions.

Share learnings (not confidential information) beyond your company, with others in the corporate governance space. We improve together. Find early career professionals outside your company to mentor and coach. See an interesting article, share it. Sharing can also take more formal forms. Be a panelist at a local or regional or national conference – or at a service provider event.

With your time and funds, support organizations devoted to furthering research and education (at all levels – from undergrads to professionals to directors) regarding longstanding and evolving corporate governance topics.

While I am grateful to have received this amazing award, I am not done just yet. My latest “pay it forward” initiative is Foresight — the first end-to-end corporate governance software solution. Foresight does for agenda planning and meeting management what portals did for board mailings. It provides a framework to simplify board planning and governance compliance, generate draft minutes, and analytics to improve board effectiveness and decision-making. Moving from 80,000 plus employees to a tech start-up has been an education but also an opportunity I am grateful to have and share.

Corporate governance is a team sport. Play well. Play nicely. Pay it forward.