Strengthening Your Compliance and Ethics Program By Engaging Your Board Members

Transcription

1 SCCE 6th Annual Compliance & Ethics Institute Strengthening Your Compliance and Ethics Program By Engaging Your Board Members Camille Cohen 3M HIS Division Stacey L. Murphy, Esq. Fulbright & Jaworski September 11, 2007 Current Landscape High profile corporate controversies in recent years WorldCom Enron In re Caremark International Inc. Derivative Litigation, 698 A. 2d 959 (Del. Ch. 1996) Public Companies are Subject to Increased Oversight Sarbanes-Oxley Act of 2002 NYSE and NASD code of conduct and compliance procedure requirements Securities Exchange Act of 1933 (Section 11 requires directors to insure that accurate information is conveyed to prospective purchasers) SEC Enforcement Director (2004 speech): we intend to continue focusing closely in our investigations on whether outside directors have lived up to their role as guardians of the shareholders they serve. US Federal Sentencing Guidelines Lighter sentences for corporations with effective compliance programs Industry Guidance Health care and pharma industry have developed codes of conduct/compliance guidance for industry providers IRS Good Governance Practices Guidelines for tax-exempt organizations (February 2007) 2 1

2 Traditional Board Functions Selection, evaluation and, if necessary, replacement of CEO Review and approval of major financial objectives, strategic and business plans Provide advice and counsel to CEO and senior management Adopt and review adequacy of systems to comply with all applicable laws and regulations Oversight of management to ensure ethical, compliant and effective operations 3 Director Duties Fiduciary duties Duty of Care Duty of Loyalty Duty of Obedience to Purpose Directors can also be liable for violations of federal and state laws and regulations beyond fiduciary duties 4 2

3 Fiduciary Duties Duty of Care What is the duty of care? A director is required to act in good faith with the care an ordinarily prudent person would exercise under similar circumstances Generally encompasses a responsibility to exercise appropriate diligence when making decisions Duty to make reasonable inquiry -- committing time to be adequately informed regarding a corporate action and to prepare for, attend and participate in meetings regarding the action Relying on others is appropriate in certain circumstances (but, the directors retain ultimate oversight responsibility) Reliance must be in good faith, Only as to matters the directors reasonably believe are within such person s professional competence Only if such person was selected with reasonable care Directors obligations with respect to duty of care arise in context of decision-making function and oversight function 5 Fiduciary Duties Duty of Care What is the business judgment rule? Judicial review of a director s decision will normally be governed by this rule Consists of a presumption that directors have acted with due care in making a business decision so long as the decision was made: 1. in good faith, 2. based upon reasonable information, 3. in the rational belief that the decision made was in the best interests of the corporation, and 4. in a disinterested manner Courts apply the business judgment rule based upon Whether the board timely received and reviewed documentation related to the issue Whether the board has formally adopted any guidelines that address the relevant issue Any other documentation that reflects on the board s course of conduct with respect to the issues (e.g., minutes) 6 3

4 Fiduciary Duties Duty of Care Generally board members are not liable for bad business decisions; only if grossly negligent in the process of making the decision (e.g., failure to adequately consider all reasonably available material information) Possible consequences of breach of duty of care Caremark case: Delaware court issued a landmark opinion warning that directors who fail to take adequate compliance measures (including that an adequate corporate information and reporting system exists) can face liability for breach of fiduciary duty of care Potential for personal liability, including removal, civil damages and tax liability Damage to reputation 7 Fiduciary Duties Duty of Loyalty What is the duty of loyalty? Exercises powers in good faith in the best interests of the company Not taking actions in the director s own interest Focus is on conflicts of interest What is a conflict of interest? Where a director has a financial or other personal interest (direct or indirect) in a transaction to which the corporation is a party Conflict itself is not improper it is the manner in which the interested director and the board deal with the conflict that determines the propriety of the transaction and the director s conduct 8 4

5 Fiduciary Duties Duty of Obedience to Purpose What is the duty of obedience to purpose? Most relevant in the context of non-profit corporations Obligation to further the purposes of the corporation as set forth in its articles of incorporation and bylaws (in contrast, a typical for-profit corporation is often formed to pursue a general corporate purpose) Assuring processes are in place to accomplish and promote the mission and purposes of the corporation and comply with applicable laws in accomplishing such mission and purpose 9 Federal and State Laws Sarbanes-Oxley, NASDAQ and NYSE Requirements: Applicable to for-profit firms with publicly traded stock Requires a separate and entirely independent audit committee, responsible for appointing and overseeing the audit firm, with at least one member who is a financial expert, as defined by the SEC Independence requirements for the Board; strengthening of role of independent directors in compensation and director nomination decisions Requires CEOs and CFOs to certify the accuracy of financial reports and existence and effectiveness of internal control systems Requires an audited annual internal control evaluation Requires rapid and current disclosure of material changes in financial condition or operations Prohibits officers or directors (or any other person acting under the direction of an officer or director) from influencing, coercing, manipulating or misleading auditors to cause material misleading financial statements Requires adoption of ethics codes and codes of conduct covering conflicts of interest, corporate opportunities, fair dealing, proper use of company assets and compliance with laws and regulations Mandated continuing education for all directors 10 5

6 Federal and State Laws Effect of Sarbanes-Oxley on Non-profit Organizations IRS proposes Good Governance Practices IRS focus is on conflicts of interest, executive compensation and excess benefits, with concern that governing boards are not exercising adequate oversight Increased governing board orientation and education programs on fiduciary duties and responsibilities, including particularly the topics of conflicts of interest and financial literacy Call for greater transparency and fuller disclosure State attorneys general exercising oversight Bond-rating agencies setting ratings criteria 11 Federal and State Laws Federal Sentencing Guidelines (as amended in 2004) Two factors that mitigate monetary penalties for violation of federal criminal laws the existence of an effective compliance and ethics program; and self-reporting, cooperation, or acceptance of responsibility To have an effective compliance and ethics program, an organization shall exercise due diligence to prevent and detect criminal conduct otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the laws Expectation is that the governing board will be knowledgeable about the content and operation of the compliance and ethics program and will exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program The requirement for periodic training and updates on compliance and ethics has been expanded from the organization s employees as a whole to include the governing board, high-level personnel, personnel with substantial authority, and, as appropriate, the organization s agents 12 6

7 Board Member Expectations Assure that corporate information and reporting system is adequate Consider role of Audit Committee/Corporate Compliance Committee to what extent is General Counsel utilized by governing board and involved in fundamental elements of compliance program how is governing board notified when there are disagreements among management, Chief Compliance Office and General Counsel relating to a specific compliance matter Practice disruptive governance the antithesis of status quo governance exercise independence in oversight and decision-making board leadership should foster a culture of open and candid debate do not act as mere passive recipients of information 13 Balancing Act for Board Members Serving as a Board member today requires more time, effort and care than in the past May expose the Board member to higher visibility and closer scrutiny Serving also offers the potential for more useful and meaningful service Balancing the two is important for both the Board and management 14 7

8 Key Players in Corporate Governance Recent Trends in Corporate Governance Research, Presentation by Lori Verstegan Ryan, Corporate Governance Institute, San Diego State University 15 Moving to Oversight Health Care as an Example Federal Sentencing Guidelines raise the stakes for compliance programs and in turn for the directors (amended in 2004) Governing authority shall be knowledgeable about the compliance and ethics program and shall exercise reasonable oversight Requirement for training and education now includes the governing body Oversight of quality of care becomes a board member s responsibility The Joint Commission defines governance as setting the framework for supporting quality patient care, treatment and services P4P driving quality transparency Quality and patient safety are at the forefront Quality is an emerging enforcement priority for regulators Corporate Responsibility and Health Care Quality: A Resource for Health Care Boards of Directors, American Health Lawyers Association Annual Meeting, June

9 Moving to Oversight Health Care as an Example Directors have a duty to oversee quality Fiduciary duty of care or duty of obedience to charitable mission (non-profit) Expected to obtain information necessary Directors are to be reasonably informed May rely upon advice of senior management and outside advisors Obligations arise in making decisions as well as in overseeing operations Corporate Responsibility and Health Care Quality: A Resource for Health Care Boards of Directors, American Health Lawyers Association Annual Meeting, June Moving to Oversight Health Care as an Example Office of Inspector General (OIG) advocates having a Compliance Committee Empower a select group within an organization to assist with compliance Compliance Officer is not expected to go it alone OIG Compliance Guidance for Hospitals, Federal Register, Vol. 63, No. 35, February 23, 1998 Health care organizations not consistently engaging directors at this level Only 17 percent have board members on a Compliance Committee Health Care Compliance Association (HCCA), 9 th Annual Survey, 2007 Profile of Health Care Compliance Officers 18 9

10 Compliance Committee as a Means for Oversight Stand alone committee or merged with Audit Committee Compliance issues have a financial impact on an organization With guidance, Audit Committee members make good advisors Some organizations adopting Compliance Committees as part of a Final Judgment or Consent Order 19 Key Functions of a Compliance Committee Role is to support the compliance officer and overall program OIG Compliance Program Guidance for Hospitals (1998) includes suggested functions 1. Assess requirements and risks Ensure committee members have knowledge of applicable laws and operations of the organization Review and monitor the organization s risk assessment Can serve as the roadmap for compliance efforts 20 10

11 Key Functions of a Compliance Committee 2. Assess and develop policies and procedures Committee should be responsible for final review and approval of high risk policies Gift and gratuities policy Vendor relationship policies 3. Develop standards of conduct Ensure standards are well documented, current, applicable and widely distributed 21 Key Functions of a Compliance Committee 4. Recommend and monitor internal controls Ensure compliance and internal audit are coordinating efforts relative to SOX Assist compliance department in developing annual audit plan Monitor results 5. Promote reporting mechanisms Creates an additional reporting channel through a committee Review hotline and other reports periodically to determine areas for improvement 22 11

12 Key Functions of a Compliance Committee 6. Respond to complaints Periodically review the compliance function and methods of investigation Use committee as advisors for specific investigations 7. Promote compliance Review compliance and ethics educational plans for the organization 23 Steps to Develop a Compliance Committee The following steps will help position the committee for maximum effectiveness 1. Draft a compliance committee charter, defining the following Role of the committee Membership requirements Length of membership term Frequency of meetings Mechanisms for reporting results of meetings 24 12

13 Steps to Develop a Compliance Committee 2. Gain support from executive management and the board Buy in from the top is essential 3. Identify the committee chairperson Locate the champion for compliance and ethics Chairperson typically reports to the entire board of directors 4. Seek input from executive management and the Chairman of the Board when selecting committee members Include directors with knowledge of high-risk areas and are known as representative of ethical behavior 25 Steps to Develop a Compliance Committee 5. Educate committee members Schedule orientation and ongoing training on topics such as: Role of the committee based upon the charter Laws, regulations and policies applicable to your industry - Include penalties for failure to comply Review trend reports from compliance Industry trends Develop an orientation manual for directors in additional to specific board training 26 13

14 Steps to Develop a Compliance Committee 6. Schedule committee meetings Start with a review of the company s risk assessment Use the results as a guide for future committee activities Use the charter as a guide to committee activities Assists in assessing committee effectiveness on annual basis Maintain minutes according to board rules Develop a reporting system from management to the board May include dashboards Include management from various functions to report directly to the committee Provides directors access to management 27 Steps to Develop a Compliance Committee 7. Assess the effectiveness of the compliance committee annually Develop a committee schedule based upon the Charter XYZ Corporation Compliance Committee Schedule Responsibility Q1 Q2 Q3 Q4 Ongoing Comments Related to Completion Committee has approval over selection & removal of Compliance Officer Review compliance program policies and revise as necessary Committee will meet with the Compliance Officer regularly to receive timely notice of issues of noncompliance and corrective actions 28 14

15 Benefit of a Compliance Committee While the federal government does not expect a flawless organization it is expected that systems are in place to prevent, detect and resolve issues of compliance Your compliance committee is one method of ensuring compliance is at the forefront of the organization s activities 29 Opportunities for Board of Directors Boards should consider which corporate governance best practices make good business and ethical sense for their organizations Practice disruptive governance the antithesis of status quo governance 30 15