Board Resolutions: Strengthening Compliance Programs

Although the need for board support in programs is widely recognized among E&C professionals, how this is evidenced is less frequently addressed. One practical approach for companies to demonstrate their board’s commitment to the E&C program is through the adoption of a formal board resolution regarding the program.

What is a Board Resolution?

A board resolution is the formal documentation of decisions that are made by a company’s board of directors. Resolutions are used to document those actions that the board has agreed to undertake or has authorized management to undertake. They are used to record a wide range of decisions, such as changes in company leadership, the approval of financial transactions, or adoption of new policies.

Why is the Board’s Support of Compliance Critical?

The necessity of board oversight to effective E&C programs is well-documented. The Sentencing Guidelines and the memorandum issued by the Criminal Division of the Justice Department on Evaluation of Corporate Compliance Programs (“ECCP”) both emphasize the role of the board in effective programs. In particular, the ECCP asks whether compliance has direct reporting to the board; how often they meet with directors; whether the board holds executive or private sessions with compliance; and what types of information the board of directors examines in their exercise of oversight. The memorandum also recognizes that direct access to the board or the audit committee can facilitate an appropriate level of autonomy.

The Delaware courts have also recognized the value of board oversight of compliance, establishing that directors have a fiduciary duty to oversee a company’s compliance program. (In re Caremark International, Delaware Chancery Court 1996). More recent Delaware cases have discussed the importance of a board’s oversight of compliance systems in critical risk areas. (Marchand v. Barnhill, Delaware Supreme Court 2019 and In re Boeing Company Derivative Litigation, Delaware Chancery Court 2022). These cases have emphasized the board’s duty to oversee a company’s compliance program generally, its compliance systems in critical risk areas, and the avenues made available to employees to report suspected misconduct.

While case law and government standards are important, those of us in the field have reams of anecdotal evidence that a board’s support can truly be the difference between an effective and an ineffective program. A board of directors is the highest authority in an organization. Its decisions and support have far-reaching consequences. While it is certainly possible for an organization to have an E&C program without board support, it is not possible – by definition – to have an effective program without it. And, in particular, when senior leadership’s support is absent, the board’s support is absolutely essential.

Why a Resolution about the Compliance Program?

Relevant board committee charters often address E&C program oversight. Indeed, the New York Stock Exchange requires listed companies’ audit committees to have a written charter that addresses the committee’s purpose, which, at minimum, must be to, among other things, assist board oversight of the listed company’s compliance with legal and regulatory requirements. However, the discussion of board oversight of compliance that appears in committee charters is typically at a high level.

Additional detail about the board’s support of E&C is helpful both to provide authority and independence to the program and to evidence the board’s satisfaction of its fiduciary duties. Board resolutions can make it crystal clear that the board supports the program, has provided appropriate direction for the program, and expects senior leadership, in turn, to provide appropriate support. Such resolutions can also prove helpful if a company needs to convince a regulator or enforcement official (or anyone else) about the strength of its program.  

What Should the Resolution Contain?

Board resolutions can vary, but there are a few areas that resolutions should cover. First, the resolution should discuss the board’s support of the E&C program and the role that the program has in preventing, detecting and responding to misconduct and in creating a culture of compliance. Second, the resolution should make clear that the program applies to everyone in the company, including the board and senior managers. Additional, important items to consider addressing include:

• Delegation of E&C program oversight responsibility to the relevant oversight committee of the board;
• Delegating responsibility for design and implementation of the program to the Chief Ethics and Compliance Officer’s (CECO);
• The CECO’s direct reporting relationship to the board oversight committee, including making clear that the CECO has the authority to access the committee at any time, without pre-authorization from other senior leaders, and that the CECO operates independently of the business and other functions;
• The responsibility of the CECO to notify the oversight committee regarding very serious allegations and investigations of suspected misconduct in a timely fashion;
• The oversight committee’s receipt of periodic reports regarding the design and implementation of the program, including the design and implementation of systems for employees and others to report suspected misconduct;
• The oversight committee’s receipt of periodic reports regarding the E&C risk assessment and E&C controls in the company’s most significant compliance risk areas;
• Periodic executive sessions with the CECO;
• The oversight committee’s role in the annual evaluation of, and setting of compensation and incentives for, the CECO;
• The oversight committee’s role in hiring and termination of the CECO;
• The CECO’s responsibility for the design and implementation of the program;
• The CECO’s ability to access data, information, and employees as necessary for the implementation of the program.

Joe Murphy will be publishing a template board resolution in a forthcoming edition of Ideas & Answers, which will undoubtedly provide a helpful place to start.

Escalation of Certain Significant Issues to the Board

While each of the areas listed above is important to consider for inclusion in the board resolution, it is worth emphasizing the third bullet – that the resolution discuss the CECO’s responsibility for notifying the oversight committee regarding very serious allegations and investigations. As noted above, Delaware case law discusses the board’s duty to oversee a company’s reporting systems and to respond appropriately to red flags. In both Marchand and Boeing, the court considered the failure of red flags to reach the board as evidence of the board’s failure of oversight. In addition, guidance issued by the Department of Justice (DOJ) and others contains an expectation that a CECO will have immediate access to report the most serious issues to the audit committee as necessary. 

In light of the case law, legal guidance, and best practices, companies should document the ability of compliance officers to access the board to report significant matters on a timely basis.  This access can be documented in a board resolution, as well as in relevant board committee charters, program charters and escalation protocols. Documentation can protect senior leaders, board members and compliance professionals at the company’s most vulnerable moments. 

Conclusion

While board oversight of compliance programs has significantly improved in recent years, there is still work to be done for most organizations. A board resolution can clarify and evidence the board’s commitment to compliance, which can be a very helpful tool for the program.