How Do You Create an Effective Ethics and Compliance Program?
With Direct and Autonomous Access to Governing Authority
One of the primary functions of an organization’s governing board is to protect the organization from risks associated with ethics and compliance violations. To be effective, directors rely on the organization’s compliance leader to provide timely, complete and accurate information without interference from other executives, including the CEO.
An effectively designed ethics and compliance program ultimately relies on the expectation that the compliance leader will have direct and autonomous access to the board to report on its effectiveness. This expectation of both direct and autonomous reporting has been increasingly validated by guiding frameworks and regulatory agency guidance in various ways over the past several years, culminating with the U.S. Department of Justice’s April 2019 updated guidance, “Evaluation of Corporate Compliance Programs.”
This new guidance heightens the obligation imposed on organizations not just to have an ethics and compliance program, but to have one that is operating effectively.
The DOJ’s guidance makes clear that any interference with the board’s ability to protect the organization through direct and autonomous compliance reporting will be a factor in a hypothetical enforcement action. This includes systemic infringement, such as an internal “review” that attempts to modify, filter or censor compliance reporting.
Any aspect of an organization’s structure or reporting process that inhibits the board’s oversight of ethics and compliance ultimately exposes the organization to increased risk from corporate malfeasance.