Tips on Reporting to the Board
The other week I had the good fortune to moderate a webinar on how compliance officers can have a better relationship with the board of directors, which is a top priority for pretty much all of you. The conversation was great and the advice excellent, so I took plenty of notes and now pass them along to you.
First I asked panelists what sort of issues a compliance officer should typically report to the board — and I was struck by the “it depends” answers that they gave. I had assumed that compliance officers would typically report on key performance metrics, incidents that might be under investigation, and the like.
Yes, panelists answered, those are all potential subjects of conversation; but compliance officers should consider discussing many other subjects with the board, too. It simply depends on the nature of your relationship.
For example, if your compliance program is young and immature, you might want to discuss its basic structure. If you personally are new to the board, you might want to discuss how you perform a compliance risk assessment, to give the board confidence that you’re a trustworthy leader of the compliance function. If you, your compliance program, and your board have all been working together for years, you might report on compliance program activities.
Table 1, below, shows numerous potential issues for board reporting. Find your place on it and see the ideas suggested by the webinars’ panelists and attendees. (If you have another good suggestion that’s not there, drop me a line at [email protected] and tell us what we missed.)
What you don’t want is a long, boring presentation of facts and figures; we all know that already. But choosing the right substantive issue to report — the good stuff that gets directors engaged and thoughtful about what the compliance program does — will depend on the nature of your relationship with the board. Give that relationship honest, careful thought, and you’ll have a much better sense of what would be a meaty, impactful issue.
Preparing for the Meeting
We also spent a lot of time talking about what a compliance officer should do before the big meeting with the board, so that you’re better prepared during the meeting.
For example, craft the actual written report you give to the board carefully. That report should have an executive summary to explain what else is inside, but the summary should be brief (like, one page). The rest of the written material should be facts and statistics that directors can refer to, while you lead them through your presentation verbally (perhaps with a simple PPT deck if that’s your bag).
How might that work in practice? Let’s say you’re going to do a presentation reviewing your organization’s three biggest compliance risks. The summary might define what those risks are (anti-corruption, privacy, forced labor in the supply chain), while the report includes key statistics about how many compliance violations you had in each category for the last 12 quarters. The report could also list various laws driving those three risks, and bullet points about liability.
Then perhaps you have a three-slide PPT presentation about how you manage each risk; and you deliver spoken remarks walking through that risk management process, perhaps three minutes per risk. That gets the whole presentation done in 10-15 minutes, with another 10-15 for questions.
My point: the numbers within your report support the summary at the start of it, and the summary supports your spoken remarks. That’s how you build a cohesive narrative that (1) conveys information; (2) keeps the board engaged; and (3) demonstrates your mastery of the compliance function.
One especially good point raised by an attendee: ‘Your report will be thoughtfully drafted and written. Board members’ notes will be all over the map. Both might be discoverable in litigation — so you want to be sure that your materials help to frame the board members’ thinking, so that what they scribble down won’t create more trouble in a lawsuit.”
When a Crisis Happens
Eventually you’ll need to brief the board about a compliance crisis. So what becomes important then?
First, be honest with the board. Be ready to explain (to the best of your knowledge) what the compliance violation was, how it happened, and what the potential legal and regulatory consequences might be. This is one place where the compliance officer could particularly shine, since you’re the one who knows the intricacies of your compliance program best.
Second, everyone said, come to the board with proposed solutions to every problem. After all, the board is not there to solve the company’s problems; the board is there to assure that the right management and systems are in place to solve the company’s problems. So if you present a problem for them to solve, they’ll start wondering whether the real problem is that they have the wrong people in place — including you.
That said, the compliance officer will be only one part of the team presenting that proposed solution. So while you might have a chance to shine explaining how the violation happened and its potential implications; you might then take a back seat to the general counsel when it comes time to talk about legal strategy to resolve the violation, or to the CFO about how to pay for it.
Which means, of course, that the compliance officer should be working to forge good, healthy relationships with First- and Second-Line leaders long before any particular crisis comes along. You want close, trusted ties with First Line operations leaders so you can understand their compliance concerns, and what compliance policies and controls will work well with them. You want close, trusted ties with the Second Line leaders of risk management functions so that you all work together as a team for the benefit of the company.
Otherwise, an isolated compliance leader could find him- or herself set up as the company scapegoat.
Anyway, those are only a few of the excellent tips and insights that came up during the webinar. Have a listen to the full session yourself and let me know what else we should have covered!