Compliance and the board: Challenges and best practices

By Brian D. Annulis, JD, MHA, CHC, CHPC; Sarah M. Couture, RN, CHC, CHRC; and Kayla M. Teune, CHC

Brian D. Annulis (brian.annulis@ankura.com) is Senior Managing Director, Sarah M. Couture (sarah.couture@ankura.com) is Managing Director, and Kayla M. Teune (kayla.teune@ankura.com) is Senior Associate at Ankura in Chicago.

Chief compliance officers (CCOs) understand the importance of creating a culture that identifies and mitigates risks. In fact, not having a culture that timely identifies risks and escalates them was in the top 10 risks according to “Executive Perspectives on Top Risks in 2019.”[1] One of the first steps in establishing a compliant culture is educating and involving the governing body/board in compliance. Guidance documents from both the U.S. Department of Justice (DOJ)[2] and the U.S. Department of Health & Human Services Office of Inspector General (OIG)[3] discuss the importance of a culture of compliance being driven by organizational leaders, or “tone at the top,” and creating and fostering a culture of ethics and compliance with the law.[4] Additionally, the U.S. Federal Sentencing Guidelines indicate that the company’s “governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight.”[5]

Although it is clear that board needs to be involved, it is common for CCOs to struggle with what the compliance–board relationship should look like in their organization. The reasons a CCO may have difficulty fostering a meaningful board relationship may include:

  • The CCO having limited access to the board in general;

  • Not knowing the best way to engage the board and help board members understand their compliance oversight responsibility;

  • Being unsure of the balance between information overload and not enough information when reporting to the board on the compliance program;

  • Being unsure of the best way to educate the board on compliance and which compliance topics should be included;

  • Lack of certainty as to whom to engage with on the board and how frequently;

  • Compliance may not be a priority in the organization, so the CCO may not get adequate time with the board; and

  • Compliance being looked at as a regulatory necessity to check the box vs. a valuable business partner that reinforces a positive corporate culture.

This article is intended to share a road map on how to effectively create and manage board engagement and interactions to strengthen your compliance program and overall corporate culture.

Understanding challenges to effective board management

When it comes to board engagement and management, the CCO must navigate how to effectively spend time with the board and how to make sure board members are educated about the compliance program and compliance activities happening in the organization. However, this may be easier said than done. There are several challenges that the CCO must overcome to effectively communicate with the board.

First, the CCO must have access to the board. Lack of access can be caused by several reasons, including lack of precedent access to board, senior leadership preventing board access or wanting to be the in-between, or the organization being concerned about reporting compliance information in meeting notes that are required to be publicly available because of various states’ Open Meetings acts. Additionally, access may be further complicated if a central board oversees multiple entities and it is unclear how the CCO should interact with the central board. Whatever the challenge the organization may face, the DOJ emphasizes the importance of a compliance officer having direct access to the board and that this access is key to effectively communicating with the board members.[6] So, access must be the first challenge to overcome to establish a meaningful board relationship.

A second challenge a CCO may face is having an unengaged or uneducated board. According to Society of Corporate Compliance and Ethics & Health Care Compliance Association’s September 2017 survey, only 18% of board members are highly satisfied with the amount of compliance training they receive to the extent they receive training at all.[7] Common challenges the CCO may face regarding board education and engagement include:

  • The board has had inconsistent past interaction with or education about compliance;

  • Board members have a lack of understanding of their compliance and oversight responsibility;

  • They have insufficient awareness of what compliance risks exist and the benefits of an effective compliance program;

  • They view compliance as a checklist rather than a dynamic tool to prevent and detect fraud, waste, and abuse;

  • Members do not understand that they set the tone for compliance and culture in the organization; and

  • They are more focused on financial performance and lack focus and attention on compliance.

A third challenge for the compliance officer is knowing what to report to the board or how detailed the reported content should be. It is important for the CCO to understand what kind of information and level of detail the board prefers and ensure the compliance report (and compliance program) is aligned to the risks in the organization. Some boards want only high-level details, while other boards would like the compliance officer to share some information that is more “in the weeds.” What type of information and level of detail does the board request to aid in its oversight responsibility? As the CCO’s communication with the board evolves, the CCO should have ongoing conversation with board members about their desired depth and breadth of compliance reporting. This will allow the CCO to be the most efficient and effective in communicating with the board.

Once a compliance officer understands and identifies their challenges regarding board participation in compliance, then they can strategically plan how to overcome and manage these challenges.

This document is only available to members. Please log in or become a member.
Become a Member Login
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook X LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings