Has “Compliance” Had its Fifteen (Years) of Fame?

by Michael W. Peregrine

A series of recent developments calls into question to what extent corporate leadership remains committed to organizational compliance efforts.

The modern emphasis on maintaining an “effective” compliance program was one of the principal corporate responsibility reforms to emerge from the embers of Enron, and from the broader Sarbanes-Oxley environment. The provisions of the Federal Sentencing Guidelines establishing the parameters of an effective compliance program (PDF: 527 KB) were adopted in direct response to this environment. The compliance program provisions of the Department of Justice’s (PDF: 2,791 KB) corporate prosecution guidelines also reflect that era. Over the ensuing years, compliance oversight has become a principal responsibility of corporate leadership both as a matter of regulatory expectation and of fiduciary stewardship.

Yet, as the 15th anniversaries of both the Enron bankruptcy and the enactment of the Sarbanes-Oxley Act beckon, anecdotal evidence suggests that corporate compliance may no longer occupy the highest level of interest amongst corporate leadership. That it is no longer the principal corporate imperative that it once was–and may need to be, in order to compete with other legitimate organizational initiatives for leadership attention and support. This is a trend which should, and may well, be reversed.

The most prominent indicator of this trend comes from the recent release of two important, separate commentaries on corporate governance, and what those commentaries say–and don’t say–about compliance. The first of these, the “Commonsense Principles of Corporate Governance” (PDF: 385 KB), was prepared by a diverse consortium of leading corporate, finance and investment executives including Warren Buffet, Laurence Fink and Jamie Dimon. The second of the commentaries was the 2016 edition of the Business Roundtable (PDF: 783 KB) (BRT)’s well-known “Governance Principles” series. Business Roundtable is an association of chief executive officers of leading U.S. companies. While differing in style, detail and background, the commentaries reflect a shared interest in focusing on long term, sustainable corporate value and on confirming essentially the same basic principles of corporate governance.

It is this context that their relative lack of reference to the board’s compliance oversight duties is notable. For example, neither the words “compliance” nor “compliance program” appear anywhere in the Commonsense Principles. The closest they come are in short references to the board’s obligations to monitor “significant risks” and “material corporate responsibility matters”. With the 2016 BRT Principles, it’s more of a matter of emphasis. The Principles include clear, short, but unequivocal statements regarding “tone at the top”, the obligation to oversee a compliance program, the audit committee’s related role and compliance as an element of corporate citizenship. Yet much of the detailed, substantive compliance oversight references contained in the 2012 edition of the Principles are missing in the 2016 edition. For example, the 2016 edition’s version of BRT’s “Guiding Principles of Governance” do not include the explicit compliance references that the 2012 edition did in prominent fashion.

What to make of this very limited reference to compliance? These two commentaries are perhaps the most consequential statements on corporate governance principles arising in the last several years. They are the byproduct of leading corporate executives, not academics, lawyers or consultants.  Whether due to a simple matter of editing or a more substantive editorial decision, it seems that the ‘executives-authors’ weren’t compelled to emphasize compliance oversight obligations.

Other indicators of the trend are more diverse in source. First is the increased emphasis on enterprise risk management, which by its very nature tends to eclipse corporate compliance as a prominent organizational activity. In addition, a new survey suggests that executives are less visible to employees as leaders of the organizational compliance programs.

Then there are concerns, first raised by the late venture capitalist Thomas Perkins, that excessive board focus on compliance can limit board effectiveness. This is the so-called “compliance board”, that relies too much on consultants and lawyers to the detriment of technical familiarity with the company. Another consideration may be limited individual exposure to breach of duty claims for failure to monitor compliance program effectiveness. Delaware decisions continue to characterize such claims as “possibly the most difficult theory in corporation law upon which a plaintiff might hope to win a judgment.”

And then, as recent controversies suggest, even the most focused and well-supported compliance program may be unable to prevent wide-scale alleged wrongdoing, when corporate culture has not been fully embraced by segments of employees.

What, then, to make of this? Is compliance no longer a primary organizational force? Is it taking a “back seat” to other business imperatives? The view here is “NO”, for at least five reasons.

First, most leading US companies remain totally committed to their compliance programs (PDF: 439 KB); a culture of ethics is deeply ingrained in the organizational core. Second, corporate compliance officers, working in collaboration with their general counsel colleagues, continue to implement effective programs. Third, recent, credible surveys demonstrate the value–added of effective compliance plans. Fourth, the flood of media coverage that is certain to follow the upcoming anniversaries of Enron and Sarbanes-Oxley will no doubt re-tell the familiar, related stories of executive abuse and board inattentiveness. This will help acquaint a new generation of corporate officers and directors (and re-acquaint the old) with reasons why compliance is an essential component of corporate responsibility.

But no factor will be as powerful as self-interest in continuing strong leadership support for compliance programming. And, as recent developments strongly suggest (PDF: 271 KB), the “Yates” pipeline is filling, and producing prosecutorial results with a flow of complaints naming, and settlements penalizing, individual officers and directors. A CEO here, a board chair there, and soon it becomes more difficult to explain away. The conscientious fiduciary, when faced with concerns about individual accountability, is likely to see a strong, effective, board-supported corporate compliance program as his or her best protection.

Michael W. Peregrine, a partner at McDermott Will & Emery, advises corporations, officers and directors on matters relating to corporate governance, fiduciary duties and officer-director liability issues. His views do not necessarily represent the views of McDermott Will & Emery or its clients.

Disclaimer

The views, opinions and positions expressed within all posts are those of the author alone and do not represent those of the Program on Corporate Compliance and Enforcement or of New York University School of Law.  The accuracy, completeness and validity of any statements made within this article are not guaranteed.  We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.