The 19th annual edition of the “Law in the Boardroom” study, which surveys U.S. public company directors on the legal risks and challenges the organizations they serve face, took an in-depth look into anti-corruption and anti-bribery oversight practices in the boardroom. More than 300 board members, representing organizations from many different industries, provided their perspective on these matters. The results? Confidence in ethics and compliance programs is eroding, despite growing opportunities for enhanced monitoring.
This year’s survey, indeed, shows that only 35 percent of directors report feeling “very confident” that their anti-corruption, ethics and compliance programs are working effectively, compared to 46 percent just a year prior. Even more telling: 11 percent say they are not confident, compared to 1 percent in 2018.
Directors say this can be attributed to a host of reasons, including emerging risks that are more challenging to define and monitor, as well as the fact that boards’ scope of oversight has increased exponentially over the past decades amidst increasing complexity of rules and regulations and the increased scrutiny of regulators and auditors.
But it could be the lack of preparedness that makes this matter more concerning, as six directors out of 10 report not having measurable guidelines for compliance monitoring, despite saying that whistleblower reports and internal investigations are exposing an increasing number of potential or existing compliance problems. This finding is concerning. Without formal metrics for measuring the effectiveness of compliance and ethics programs, organizations under scrutiny by regulators will have difficulty demonstrating that their boards and management teams had conducted adequate oversight. Based on recent enforcement cases, this can lead to additional criminal and civil penalties, not to mention the reputational damage to the organization.
Case in point: in 2018, the U.S. Department of Justice (DOJ) brought 21 criminal enforcement actions against organizations for violating the U.S. Foreign Corrupt Practices Act (FCPA). The U.S. Securities and Exchange Commission (SEC) brought 17 civil enforcement actions. Together, these criminal and civil enforcement actions totaled more than $1 billion in fines and penalties. In many instances, the amounts of the fines and penalties imposed by the DOJ and SEC were predicated, in part, on the organizations’ failure to maintain adequate compliance programs and internal controls.
On the other hand, the DOJ and SEC also have recognized organizations that have properly designed ethics and compliance programs in place. In certain cases, those programs played a role in the declination to bring enforcement action against an organization. For instance, the DOJ recently declined to bring an enforcement action against a leading UK-based technology solution provider due, in part, to the existence and effectiveness of the company’s pre-existing compliance program and internal accounting controls. Of the more than 360 enforcement actions brought by the DOJ since 1977, this declination was only one of a dozen in the history of FCPA enforcement, four of which were issued in 2018.
In April 2019, the DOJ released guidance related to ethics and compliance programs. In this guidance, the DOJ made clear that when reviewing ethics and compliance programs, the agency inquires:
1. Whether compliance has direct reporting lines to the board of directors and/or audit committees?
2. How often do compliance and relevant control functions meet with directors?
3. Are members of senior management present for these meetings?
4. How does the company ensure the independence of the compliance and control personnel?
There’s no doubt that regulatory focus in that area is intensifying. To help boards improve their oversight and meet compliance requirements, advanced technologies are generating significant opportunities and efficiencies. But when we asked public company directors whether their organization was leveraging such technologies to support compliance monitoring, a third (32 percent) said they weren’t.
The case for adopting new technologies as a way to improve compliance monitoring is an easy one to make: directors at companies that recently updated to advanced technologies have reported a higher confidence level in their compliance programs than directors from other groups. Furthermore, it has been shown that compliance teams supported by new technologies are better equipped to focus on high-risk activities and to protect the business from the reputational damage and hefty fines we’ve seen in recent history.
As an example, by leveraging the capabilities of machine learning to analyze historic events and identify typical red flags, compliance teams can proactively assess and prevent potential adverse events from occurring in the future. Others have developed KPIs and bespoke analytical dashboards to monitor activities for transactional red flags. For instance, web-based tracking tools can also help companies log, approve, track and report previously untracked events, such as gifts, donations and non-routine meetings with government officials.
As companies grow, so does their need for technology. While the upfront investment to develop these monitoring tools is considerable, the ability to monitor compliance risks routinely and efficiently in this fashion has proven to be extremely valuable and can pay off over time. Advanced technology will be extremely valuable for corporations to monitor and manage compliance requirements successfully going forward. And the successful boards of tomorrow are grasping the opportunities to leverage technology in their ethics and compliance oversight function.
Read more about how boards can improve their oversight of compliance and ethics programs by downloading the full research report, Confidence in Compliance.