My mom has a way of always picking out just the right card for every occasion. My very favorite one...
4 minute read ·
Hey, boards: is your company’s compliance program designed to work?
Or is it just designed to generate a lot of busywork?
And can you tell the difference?
It's tough. And it's especially tough when you only meet on the company a few times a year, are already drowning in a sea of pre-read materials, and have everyone with an internet connection screaming at you about how they think you should do your job.
That is, it's especially tough if you're a director.
So we made a short guide that gives directors the questions to ask their compliance officer—and the answers to listen for—to make it easy to figure that out.
It's built around four big questions. And for each of them, we tell directors what they should be listening for (and what would be a big red flag) so they can figure out if their compliance program is about preventing misconduct—or just trying to avoid liability once it happens.
We structured it this way because the difference between a real program and a busywork program isn’t whether the compliance team is doing things, but whether they're doing the right things.
That is, it's not enough to get answers to tough questions; you need to get the right answers. And spoiler alert: the right answers involve things like "measurement" and "results."
Not industry awards or employee surveys: business results.
Specifically, a real compliance program uses compliance monitoring to test if its initiatives actually work to prevent misconduct—while a busywork program just does an endless series of "best practices" initiatives that sound impressive but have nebulous value.
And for that reason, the guide gives directors a little more guidance on compliance monitoring so they can drive that conversation, too.
Now, if this sounds like operationalization, it's because it is. We were originally going to call this “Operationalized Compliance for Boards,” but—like we predicted back in April of last year—the term "operationalization" has been carelessly overused to the point that it lacks meaning.
(By the way: great job on that, compliance commentators. This is why we can’t have nice things.)
But yeah, that's exactly what this is about: helping directors determine if their compliance program is designed to prevent issues by being integrated into the business—or if it's just designed to create a lot of CYA records in case things go south.
Want to grab a copy? Go ahead and click here to grab one!
Why this matters to CCOs.
Now, for CCOs and in-house compliance folks: the immediate audience for this guide is your board of directors.
And that's not because your directors have liability for having an “operationalized” compliance program versus a “busywork” one—they almost definitely don’t. The legal standard for their duty of oversight is really low, and we go into that in the guide.
On this page, specifically. In re Caremark nerds, rejoice!
But directors don’t only care about liability; they also care about protecting their board seat from activist investors, and having a reputation that leads to other board opportunities, and not dealing with reporters and protestors and all other types of unwanted attention.
And that cuts against having a busywork compliance program that might satisfy their duty of oversight but does nothing to actually prevent bad stuff from happening in the first place.
So this matters to your directors. Not because of liability, but because of the reality that liability is not the only issue at play.
But it also matters to you, because working with your board the right way means thinking strategically about how they fit into the picture. And that also means thinking tactically about how to get aligned with them on a more complex concept—like operationalization—that you'll never get time to explain to them in person.
That's what this guide does for you.
We made it long enough to set up a discussion on operationalization, but short and conversational enough to actually get read.
You'll want to include it in their pre-read if one of these apply:
You need your board to clear a path.
You want to operationalize, but you keep getting roadblocked by other functions that need to help—IT, HR, Comms, and so on. This is normal turf war stuff in a big company, and nothing gets everyone to play nice like being able to say “this is a board objective.” Use this guide to get aligned with your board and clear a path.
You’re stuck in a “best practices” hole.
You’ve inherited (or inadvertently created) a busywork program and want to change course, but recognize that doing fewer things might make the board nervous. Use this guide to give your board freedom to believe that compliance is about focusing on high-value, high-return activities that produce measurable results—just like any other business function—so you can go ahead and cut out all of the fluff.
Of course, this also might matter to you if one of your board members sent the guide to you and asked you a bunch of awkward questions, and that's how you got to this page.
But don't jump straight into “doing things”—that's how people get trapped in busywork programs in the first place. Make sure you grasp that this is a totally different approach that focuses on employee behavior and business process (and not bolt-on compliance activities or abstract risk), and then make the call on what you want to do.
Get it and get going.
Whether you’re a board member or CCO, go ahead and grab this guide. (And if you’re on the in-house side, trust us: you’ll want to get this before someone on your board does, so you get can get out in front of it.)
You can download it with this button: