Board oversight of compliance

Boards and General Management, Board risk oversight, Corporate and board regulatory matters

Audit Committee Leadership Network, April 2019

For multinational companies with thousands of employees and operations on several continents, compliance burdens are significant. And in highly regulated industries, the challenge is even greater. An effective compliance program means not just complying with the law, but also promoting ethical behavior. It is, therefore, no surprise that members of the Audit Committee Leadership Network (ACLN) said that meeting compliance obligations and promoting good practices are constant challenges for their companies.

Regulation has steadily increased globally since 2009, with regulations from Europe and Asia generating the bulk of new rules.1 All told, based on an assessment of 200 countries, regulations worldwide more than doubled from 2009-2017.2 Moreover, press and social media attention comprise a growing reputational risk for many companies. News of a company failing to comply with regulations in one country can quickly “go global.” Much of what appears on social media originates in mainstream outlets.

On March 27, ACLN members were joined by Joel Katz, chief integrity and compliance officer at Resideo, and by Kurt Drake, chief ethics and compliance officer and vice president at Kimberly-Clark, to discuss board oversight of compliance and effective compliance strategies. 

This ViewPoints includes background information and synthesizes the perspectives that members shared before and during the meeting on the following topics:

  • Effective compliance strategies
    Members and guests agreed that a strong “speak-up” corporate culture is a foundation of successful compliance programs. They noted that centralized, empowered compliance departments that share compliance ownership with the business are effective. Integrating compliance activities across departments—including human resources (HR), internal audit, and legal—keeps information flowing to the people who need it. Because integration can create complexity, defining roles and creating predictable processes is important.
  • Innovative compliance practices
    Traditional tools like hotlines and surveys gather information and help compliance professionals learn about behavior in the company, but guests warned against relying too much on those tools. Innovative training can engage employees and foster genuine interest and lead people to make better decisions. Lauding and incentivizing good behavior can be effective as well.
  • Board oversight of compliance
    Board awareness of how the compliance organization operates—not just awareness of critical issues that get reported to the board periodically—is important to effective oversight. Members shared mixed views about whether boards should have compliance committees. A compliance committee might unburden the audit committee, but it might increase overall board complexity and workload.