Compliance Training- Get the Board of Directors Involved
Legal risk management ( LRM) not only plays an important part in the success or failure of a corporation, but it is so important that it must be elevated to the Board of Directors for such LRM processes to be effective. As the Board of Directors ( BOD) of a company owes a fiduciary duty and obligation to the corporation, such duty requires a Board of Directors that is fully informed and knowledgeable on major issues of risk. Whether it is compliance issues, SOX, currency risk, antitrust, M&A issues, ERISA or tax etc., the BOD must be fully informed about the potential risk to make the appropriate decisions involving the management of the company. Therefore, due to its very nature, the BOD cannot escape its fiduciary obligations with regard to understanding and approving LRM processes.
Compliance is therefore a major area or risk prevention that the BOD must be informed about on a regular basis. One of the hallmarks of a good compliance program is not only approval of the compliance program by the BOD but the fact the BOD is also trained on compliance as well. Training the BOD on compliance of course has its own peculiarities and concerns apart from compliance training for the average employee.
In fact, The Federal Sentencing Guidelines provides that a compliance training program must include training for the Board of Directors. Though the Guidelines does not explicitly state that it does state that the organization must take steps to communicate its compliance program and ethics program to members of the organizations governing authority and high-level personnel. A BOD’s fiduciary duty combined with the mandates of the Federal Sentencing Guidelines has in effect laid the groundwork for compliance training with the BOD. Though of course, companies seek to share compliance data with their BOD, they must also train the BOD on compliance related topics to get the full protection as promised by the Guidelines.
An effective compliance program for the Board of Directors should cover topics such as:
1. Discussing current trends and best practices in compliance programs
2. Describing the major components of an organization’s internal compliance program’s and explaining how it works,
3. Assessing how the internal compliance program measures up against other programs
4. Discussing risks and what the organization is doing to address, prevent , transfer and mitigate risk
5. Supporting documentation- a company needs to prove the Board of Directors has been substantially trained in the compliance program- therefore the company or organization will need to produce supporting documentation. Such documentation should include:
Having the Board of Directors attend training not only satisfies the Guidelines. But it sends a powerful message across the organization and sets a tone so to speak that the organization takes ethics and compliance seriously and that compliance programs are important” at all levels of the corporation. Also,if compliance training takes place in an On Line format- all the better as the Board of Directors may take training outside an actual physical board meeting and save valuable board meeting time for other activities.
Once the company decides upon the training format for the Board, such as an e-learning format, it should also include a benchmarking module for the BOD. The training program should include comparisons to compliance programs of other companies and peer organizations. Benchmarking is one way for the Board of Directors to understand if the compliance program is meeting standard industry practices. If it does not, the compliance officer or risk manager can ask the BOD to authorize more budgets to replicate the compliance programs of other companies that do meet industry standards.
A legal risk management program to be effective must be elevated to the Board of Directors. This includes the implementation of a risk assessment as well as a compliance program. It is important that the Board becomes involved with legal risk management, especially compliance, as a Board’s fiduciary duty and obligations under the Federal Sentencing Guidelines requires it. How a company conducts such risk assessment, compliance program implementation and training depends in large part on the efforts or the company’s risk manager and/or compliance officer.