Belatedly, we boldly go where no Canadian actor has ever gone before, to celebrate yesterday’s birthday of William Shatner, Captain Kirk of the original Starship Enterprise. I thought about Captain Kirk and his leadership of the Enterprise in the context of a panel at Ethisphere’s 2012 Global Ethics Summit. In a moderated keynote session, entitled “View from the Board”, moderator Stephen Jordan lead the panel in an exploration of issues relating the Board of Directors responsibility in a company’s compliance program.
What is the relationship between leadership and culture? Panelist Sheila Penrose, Chairman of the Board at Jones Lang LaSalle and Board member of the McDonald’s Corporation, said that she views the Board of Directors as the “curator of a company’s culture.” As a Board member she wants to know if there is a clear framework to determine and measure certain key facets of a compliance program. These key facets include: (1) tone of the company towards doing business in a compliant manner; (2) the effectiveness of the company to understand new compliance issues as they arise; and (3) the process and dynamics of the company’s compliance program. Her view of a Chief Compliance Officer (CCO) is that he or she should have “good professional judgment” and be able to communicate to the Board about their judgment of ethical behavior in the company.
Presentations to the Board
Regarding presentations to the Board of Directors, Penrose said that she desired to have two general types. The first is training the Board of Directors on emerging issues that the company might face from the compliance context and to direct how the Board of Directors might think about these issues, particularly in regard to how they would affect the risk profile of the company. The second is a report of the trends emerging from internal reporting on compliance issues. This could include hotline reports or surveys that the compliance group performs to determine if there are any emerging or systemic issues relating to compliance that should be addressed. From these metrics Penrose said that she is always keen to know if there are any lessons to be learned which can be applied to future situation or to stop certain behaviors.
The second panelist, Daniel Tishman, Board member of AECOM Technology Corporation, said the initial issue to determine is the type of Board. Is it the Board of a new or relatively new entity, populated with friends of the Chief Executive Officer (CEO) and with persons who either work in or have significant experience in the core business of the company? Conversely, is it the Board of a more mature company? If it is the former, Tishman believes a CCO will have to provide much more basic compliance education to the Board.
As to the types of presentations he prefers, Tishman focused his answer on the types of information that he expects if a serious compliance issue has arisen, which may well be a violation of a substantive anti-corruption law such as the Foreign Corrupt Practices Act (FCPA) or the UK Bribery Act. He said there are four points that he would like to receive guidance on or through. First, he demands prompt reporting to the Board. Second, all reporting must have complete transparency to the Board. Third, he expects proactive action by the CCO, rather than simply waiting for instructions. Lastly, Tishman would expect to be told if any event is a one-off or a systemic problem, coupled with a fair appraisal if the event is a true crisis or is it is more of a “regular issue”.
Both panelist discussed metrics as a key component of Board reporting. Tishman said that he prefers to receive metrics which focus on new or emerging areas for the company. So if the company is opening up with a new product line or service, or is moving into a new geographic area, he wants to see the compliance risks assessed and reported to the Board of Directors.
Penrose advocated metrics to measure three areas: (1) measures of magnitude; (2) measures of direction; and (3) measure of penetration. By measures of magnitude, she said that she desired information on how well the company’s compliance regime had been communicated throughout the target audience of employees and third parties, or “exposure”. The measures of directions are designed to present information on trends that compliance is seeing within the company, an example she gave was a review and summary of hotline reporting. The final measure of penetration was designed to drill down further than the measure of magnitude to provide metrics on how well the compliance program had penetrated down into the employee base and third parties with whom the company might be working with to obtain or retain business.
And what of Captain Kirk, his leadership and lessons learned for the compliance profession? He did not have to deal with a Board of Directors, in the form of Star Fleet Command, too often so that probably is not a helpful analogy. However, Kirk did lead from the front and that is what a CCO must do. Penrose said that she expects her CCO to “manage by walking around” to go out into the field and get the message of compliance to the troops. If you are the CCO, or compliance professional, you need to either be on the Away Team or lead the Away Team and boldly go where no CCO has gone before.
To get yourself in a Star Trek frame of mind, cue the iconic original television series opening theme here.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2012