Joan Ruff (jruff@aarp.org) is the Chair of the Board of Directors of AARP in Washington, DC. Ellen M. Hunt (ehunt@aarp.org) is the Senior Vice President – Audit, Ethics & Compliance Officer for AARP in Washington, DC.
Your best friend forever or “BFF” is that person you can have the difficult conversations with, even when it might be something that that person might not want to hear. A BFF always makes time to listen and provides sage advice and counsel. You respect your BFF for their wisdom, experience, and knowledge. During large and very public scandals, consumers, shareholders, employees, and the public at large have rejected the Sergeant Schultz defense (from TV’s Hogan’s Heroes): “I see nothing! I hear nothing! I know nothing!” from the boards, so it would seem that a BFF relationship between the board and the chief ethics and compliance officer (CECO) is a match made in heaven. However, according to a recent study by LRN,[1] most CECOs feel that more can be done to strengthen that relationship, particularly in setting ethical standards for senior management, developing a deeper understanding of ethics and compliance initiatives, being a partner for meaningful metrics, as well as establishing confidential and direct lines of communication between the board and the CECO. So how can the CECO nurture the compliance/board relationship?
Connecting ethics and compliance to the bottom line
One of the reasons the board and the CECO are not BFFs is maybe the doom-and-gloom approach of CECOs. The importance of investing in and fostering an ethical culture might be better received when put forth in the context of achieving the organization’s mission and strategic goals. If you want the board to see the ethics and compliance program as an operational imperative, you need to articulate the business case that ethical organizations have the competitive advantages of attracting the best talent, brand loyalty, and greater profits.
The Business Roundtable recently issued its Statement on the Purpose of a Corporation;[2] it is much more than just making a profit for shareholders and now includes other stakeholders such as consumers, employees, suppliers, and communities. These stakeholders prefer to do business with and will stand by the brands that they believe are ethical.[3] Ethical organizations win the battle to attract and retain talent.[4] They enjoy what has been dubbed the “Ethics Premium,” which can yield profits as much as 14.4% higher over a five-year period than other organizations.[5] In addition to not only making more profit, ethical organizations have more value and are better positioned to survive a scandal.[6] We live in an increasingly connected and data-driven world. The more that the CECO can draw connections between the interrelationships of the ethics and compliance program and the organization’s mission, strategy, risks, and key business processes, the better.
Setting ethical expectations: Could it happen here?
Every board and CECO want to foster an ethical culture where proactive action can prevent misconduct and avoid scandal. Use large and very public scandals as case studies to ask the question of “Could it happen here?” and to engage the board on its obligation to set the tone from the top. It is not uncommon for the board to have a separate and different code of conduct than the C-suite and the employees. One way to make the message clear that ethical expectations are the same for everyone is to have one code of conduct that includes the code that applies to the board.
Every organization should be clear about what acts of misconduct lead to termination, no matter who you are. The tone set by the board and the C-suite determines if misconduct will be tolerated by some but result in punishment for others. Are there rules for the higher-ups wherein “superstars” and “high potentials” get a pass and another set of rules that results in discipline for those lower down the corporate ladder? The CECO should advise the board as to how they can determine how the C-suite handles misconduct and administers discipline. The CECO should advise the governance and nominating committee as to how they can ascertain how board candidates and the next CEO will handle misconduct concerns. If the approaches are wildly divergent, then the board needs to drive the tone from the top.
Creating better understanding
Board members want to be good directors, and the CECO plays a role in helping them and the organization succeed by giving them the information, support, and counsel they need to fulfill their fiduciary duties. This is about creating one board ally at a time and creating a relationship with the directors that focuses on dialogue rather than monologue. Ask them what would help them be successful and what information they want to know. Also, set up touch points before board meetings to discuss recent developments, new initiatives, and other items. Share articles, podcasts, and benchmarking surveys about ethics and compliance to build your relationship with the board.
The 1996 landmark Caremark case[7] established that the board owes a duty of care and loyalty that requires oversight of the organization’s ethics and compliance program. What has been less clear, until now, is what “oversight” means. With the ruling in Marchand v. Barnhill, oversight requires that there is a “Board level system of mandatory reporting” related to the organization’s most critical risks.[8] Viewed in light of the recent Department of Justice guidance on the Evaluation of Corporate Compliance Program (DOJ Guidance),[9] boards need to play a more active role in determining metrics, obtaining information from sources besides the C-suite, and establishing how often they should receive it. One critical metric could be whether disciplinary actions are administered fairly at all levels of the organization. Another could be how many questions about the code and policies are asked compared to the number of concerns. To get a feel for whether the organization’s culture really encourages people to speak up and not have a fear of retaliation, the board should know how many reporters feel comfortable identifying themselves compared to how many reporters elect to remain anonymous.
Getting on the agenda
In Marchand v. Barnhill,[10] the board received rosy reports only from management and never discussed the critical risks to the organization. The recent DOJ Guidance focuses on whether the board is regularly interacting with those who are independent, have required knowledge and expertise, and possess relevant information. In conjunction with corporate strategy, the board should, at least annually and more frequently if necessary, discuss the critical risks of the company. Because the execution of the strategy is connected to the ethics and compliance program, the CECO should have a seat at the table and be on the agenda for these discussions, in both regular sessions as well as executive sessions, to assist the board with identifying, managing, and overseeing the mitigation of those risks. The CECO should also be on the agenda to discuss the metrics that will establish a board-level system of mandatory reporting that measures the culture and the tone at the top, as well as to assist with raising issues that might not be brought forth by management.
To have a BFF in the board, you have to be a BFF to the board. The CECO can nurture the compliance/board relationship by making the business case that the ethics and compliance program is connected to the bottom line, assisting with setting the ethical expectations, and increasing the board’s knowledge of and attention to the ethics and compliance program by establishing meaningful metrics. Providing such invaluable counsel and building trust should result in the CECO being a regular on the agenda.
Takeaways
-
Connect to the bottom line with the business case that ethical organizations enjoy the competitive advantages of having better talent, brand loyalty, and greater profits.
-
Help the board set ethical expectations by using scandals as examples and asking the question, “Could it happen here?”
-
Send the message that ethical expectations are the same for everyone by having one code of conduct that includes the code for the board.
-
Set the board up for success in meeting their fiduciary and oversight duties for the ethics and compliance program through greater understanding.
-
Provide the board invaluable counsel and help to develop a board-level system for mandatory reporting that considers critical, strategic risks to the organization.