Resolutions regarding compliance matters for the board of directors miss the mark if they don’t touch all of the bases and put the ball squarely in the board’s hands. That’s because corporate compliance oversight is a team sport. It requires the careful management by the board and compliance committee to assure that all of the significant players—the general counsel, the compliance officer, the internal auditor, the privacy officer, you name it—are in the loop, collaborating and communicating. Promoting the focus of one player (e.g., the compliance officer) to the exclusion of the other players presents an incomplete picture of the playing field, and creates barriers for the board in the performance of its oversight duties.

So if there’s to be a New Year’s compliance message to the board, let’s make sure that it’s the right one: a coordinated one, and one that helps the board to better understand and effect its oversight obligation in the context of all of the organizational players on the compliance team.

That message: The board has a responsibility to make sure that the compliance effort is team-oriented, collaborative and inclusive; that the players are talking to each other; that we’re not unintentionally building noncommunicative silos in the name of protecting independence matters or establishing conflict-free reporting relationships; that’s there’s no uncoordinated compliance freelancing that could increase the organization’s risk. For one of the most related responsibilities of the board is to make sure that the compliance process is an integrated one.

And what does that mean, specifically? First and foremost, a board-level recognition that there are a number of organizational officers who have a stake in the compliance process and whose job responsibilities encompass compliance-related tasks. It’s not just the chief compliance officer, as critical as that person is to the process. It certainly includes the general counsel, to whom the board and management assign supervisory responsibility for the legal affairs of the corporation. It also includes the internal auditor, who may be responsible for the implementation of internal accounting and other controls that have a direct overlap with compliance matters. It may also include executives with responsibility for cybersecurity and customer/consumer privacy. All of these executives play a position on the compliance playing field. There may be others.

It also means that the board is responsible, albeit at a high level, for minimizing the potential for confusion and/or tension between the efforts of the various executives with a compliance function. It can achieve this in part by directing the following: (a) a clarification of the respective roles and job descriptions of the various compliance-related executives—and how they interface with each other; (b) the establishment of consistent reporting relationships for these parties (especially for the chief compliance officer and general counsel); (c) the implementation of appropriate protocols by which the executives (especially the chief compliance officer and the general counsel) can communicate and coordinate in a legally appropriate manner, without doing harm to the independence of the respective executives; and (d) adopting an informed approach to assertion of the attorney-client privilege. Kind of “right hand, left hand” stuff.

As case law, federal sentencing guidelines and regulatory principles make clear that the board has the ultimate responsibility for assuring the effectiveness of the organization’s compliance plan. Regular, informed and comprehensive board contact with compliance executives is a critical means of supporting this responsibility. But it is important that such contact reflects a coordinated staff perspective on compliance matters. Not that everyone is expected to “toe the party line,” subjugate individual views to the collective vision or otherwise weaken the independence of key compliance officers. Nor is it meant to limit the rights of the chief compliance officer to separately report to the board in executive session. Rather, it means that when the board is addressing compliance oversight issues it is capable of seeing—and hearing from—all of the positions on the playing field.

Much valuable effort has been expended on preserving the separateness and independence of the chief compliance officer, and for good and extraordinarily necessary reasons. Yet it is vitally important for the board to understand the responsibilities and contributions of all of the corporate officers with direct responsibility for legal and regulatory matters—including the general counsel, and to a lesser extent the independent auditor and other officers. Each contributes importantly to the overall legal and compliance profile of the organization. To the extent that the portfolio of one such officer is advanced at the expense of another such officer, there is an increased risk of compliance issues “falling between the cracks.” It is the responsibility of the board to reduce that risk, and it is best equipped to do that when it looks at legal and compliance resources as a team, hearing all the players’ voices.


Michael W. Peregrine, a partner in the law firm of McDermott Will & Emery, advises corporations, officers and directors on matters relating to corporate governance, fiduciary duties and officer-director liability issues. His views do not necessarily reflect the views of McDermott Will & Emery or its clients.