Most compliance programs include some form of internal compliance committee separate from the company’s audit committee. An internal compliance committee can play a very important role in advancing a compliance program. But there are a number of pitfalls in how such committees are organized and how they operate.
Let’s start with one critical preliminary question:
Does your company’s compliance program have the full support of senior management?
If so, then we can move on to the compliance committee design and implementation.
If not, then the compliance committee will have to devote a significant amount of time to push issues up the chain to “educate” and ]encourage senior management to embrace ethics and compliance through communications and actions. Such a task is the most important priority in a company lacking senior management commitment.
On the other hand, if your company has the support of senior management, a compliance committee can play an important role in operationalizing a compliance program. To do so, however, requires careful consideration of the following issues.
Organization: A compliance committee should be established by a formal charter, designating the CCO as the Chair of the committee, outlining the functions; listing representative members, and requiring monthly meetings.
Purpose: A valuable compliance committee is a working committee consisting of members who are problem solvers and capable of assigning and ensuring that tasks are completed. A working compliance committee is built on strong operationalization principles, finding common areas of concern and implementing solutions.
A compliance committee consisting of important “representatives” can fall victim to failing to achieve objectives and posturing support for compliance without providing meaningful support or commitments. The danger of a “representative” compliance committee is that it will become merely a rehersal for compliance presentations to senior management and the audit committee.
Membership: An effective ethics and compliance committee should include representation from key stakeholders and partners: (1) business; (2) human resources; (3) legal; (4) internal audit; (5) security; (6) information technology; (7) finance; (8) privacy; (9) procurement and (10) senior management. Each function is an important partner for compliance.
The committee, if these partners are included, can help coordinate objectives, manage and hold accountable specific functions, and share important information. Rather than attempting to schedule individual meetings with these important functions, the compliance committee creates a structure and format to accomplish tasks, share input on compliance functions and responsibilities, and ensure accountability.
If you are able to establish a working compliance committee, the regular meetings of the committee can be an important mechanism to break down silos and advance coordination with important functions. A compliance committee can be a valuable mechanism to report to senior management on the progress of a compliance program. Such a committee brings to the table the credibility of a cross-section of the company’s operations.
Proper Perspective: As with any corporate function, the CCO has to ensure that a compliance committee is a problem-solving committee and does not bogged down in micro-management of specific functions and responsibilities. A CCO should prepare in advance a chart listing the overlap of functions among the various committee members and prioritize the specific tasks. A compliance committee, if properly focused, will become a valuable asset