Bill Yeoman died this week. You have to be a knowledgeable fan of college football to recognize that name as he retired in 1986. He was the head coach for the University of Houston (UH) Cougars for 25 years. His contributions to college football included his innovative offense, the Houston Veer, which was based upon but updated the Chicago Bears T-formation from the 1940s. It was the forerunner of the University of Texas (UT) Wishbone and it still lives today in professional football as the Run/Pass Option (RPO) used by teams with a mobile quarterback. Using the almost unstoppable Veer, UH led the nation in total offense for three straight years, 1966-1968.
Yet it was Yeoman’s actions off the field which may be his greatest legacy. In 1964 when the Southwest Conference and most of the rest of southern schools were still segregated in their athletic teams, Yeoman brough Warren McVea to UH as the school’s first African-American football player. To say that McVea was a sensation sadly understates just how great a running back he was in high school, college and the pros. Together with UH head basketball coach, Guy Lewis, Yeomen did as much to desegregate college football programs in the state of Texas as anyone. The Southwest Conference did not have its first African-American until 1966, Jerry Levias at Southern Methodist University (SMU), and my alma mater, UT, did not until 1969.
I did not appreciate UH beating UT back in the day but I always appreciated Yeoman and what he stood for. That great coaching fraternity in the sky has a new member and I am sure they are plotting more offenses to throw out in the next game they all coach.
Yeoman’s leadership informs today’s post on what are some compliance metrics for a Board of Directors around compliance. Former Assistant Attorney General Leslie Caldwell laid out some that the Department of Justice (DOJ) would consider in a review of compliance programs. These metrics are:
- Does the institution ensure that its directors and senior managers provide strong, explicit and visible support for its corporate compliance policies?
- Does the Board maintain a material role in overseeing a company’s overall compliance framework?
These requirements move beyond simply having the correct tone at the top, which every Board should articulate. The 2020 Update to the Evaluation of Corporate Compliance Programs added the following, under Oversight by posing the following questions: What compliance expertise has been available on the board of directors? Have the board of directors and/or external auditors held executive or private sessions with the compliance and control functions? What types of information have the board of directors and senior management examined in their exercise of oversight in the area in which the misconduct occurred?
Based on the foregoing, when determining the Board’s role, begin with two questions. First, does the Board of Directors exercise independent review of a company’s compliance program? Second, is the Board of Directors provided information sufficient to enable the exercise of independent judgment?
A Board of Directors should take a more active role in overseeing the management of risk within a company. Now this includes having a compliance program in place and actively overseeing that function. This means if a company’s business plan includes a high-risk proposition, there should be additional oversight. In other words, there is an affirmative duty to ask the tough questions. But it is more than simply having a compliance program in place; the Board must exercise appropriate oversight of the compliance program and indeed the compliance function. The Board needs to ask the hard questions and be fully informed of the company’s overall compliance strategy going forward. Some of the areas for hard questions include:
Corporate compliance policy and Code of Conduct. Is there an overall governance document that will inform the company, its employees, stakeholders, and third parties of the conduct the company expects from an employee, translated into appropriate local languages? Is there documentation regarding delivery and training on this or these documents? What information is there on training effectiveness?
Risk assessment. Has the Board assessed the compliance risks associated with its business? Have the highest risk areas received sufficient attention in the risk management process? Has the Risk Assessment been used as a road map to manage the risk determined? What is the status of this risk management road map?
Implementing procedures. The Board should determine if the company has a written set of procedures in place that instructs employees on the details of how to comply with the company’s compliance policy. Once again, have these implementing procedures been translated as appropriate and do employees understand these procedures? Are all of the above documented?
Training. Has the Board been trained to understand its role in an effective compliance program?
Monitor compliance. Has the Board independently tested, assessed and audited to determine if its compliance policies and procedures are a living and breathing program, and not just a paper tiger? What expertise is available either on the Board or to the Board?
There are several paths a Board can take to fulfill this duty. Obviously, the full Board can be apprised of compliance issues and handle them appropriately. However, this may be unwieldy or not workable if there is a large Board and the compliance function only has limited time to present a quarterly and annual report. The Board Compliance Committee is usually considered a natural venue for the compliance function to report to at the Board level.
It is time for companies to create a committee separate and apart from the Audit Committee. This Board-level compliance committee should be charged with oversight of compliance and ethics but could also be the reporting venue for anti-money laundering (AML) compliance, export control compliance and all other such disciplines within an organization. Further, after the numerous corporate scandals over the past few years (Wells Fargo, Boeing, Uber, Facebook, only to name a few); not only has a robust compliance program become a must but direct and transparent Board oversight may be the only thing stopping injury to your reputation from a competitor’s illegal or unethical conduct.