A Compliance Officer's Guide to Board Communication

Some members of governing boards are not entirely comfortable with their oversight responsibilities related to the organization’s compliance program.  

How is a compliance officer supposed to help the board in this regard? Below are some talking points that are likely to get the ball rolling. 

• Case law establishes “that a board of director’s fiduciary duties include establishing that management has an effective corporate compliance program in place, exercising oversight of that program and taking regular steps to stay informed of the program’s content and operation.” 1 

• The board’s exercise of this responsibility should include overseeing the compliance officer and the Compliance Committee and receiving and reviewing information necessary to understand the entity’s compliance risks. 

• The Board should ensure that a regular compliance program effectiveness reviewed is performed. This could be achieved through hiring an external, independent consultant or firm to evaluation the compliance program. 

• The U.S. Sentencing Guidelines states the company’s “governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight” of it; “high-level personnel … shall ensure that the organization has an effective compliance and ethics program.”2 

• The U.S. Department of Justice asks important probing questions about boards and their oversight in the document “Evaluation of Corporate Compliance Programs (Updated September 2024).”3 These are the types of questions they will ask when evaluating an organization’s compliance program: 
  • What compliance expertise has been available on the board of directors? 
  • Have the board of directors and/or external auditors held executive or private sessions with the compliance and control functions?  
  • What types of information have the board of directors and senior management examined in their exercise of oversight in the area in which the misconduct occurred?” 

• The Compliance Officer should have direct access to the board of directors or the board’s audit committee. The U.S. Department of Health and Human Services Office of Inspector General (HHS OIG) takes this a little further. They recommend that boards should consider creating a separate Board Compliance Committee with a charter to oversee health care compliance rather than have compliance report to the audit committee of a board. 

• The HHS OIG has been requiring, in certain circumstances, at least one individual on the board possesses compliance expertise at the board level. This requirement has been in some of their corporate integrity agreements (CIA). 

• There are significant resources for Boards as it relates to their compliance oversight responsibilities. These include: 

• Practical Guidance for Health Care Boards on Compliance Oversight  

• The Health Care Director's Compliance Duties: A Continued Focus of Attention and Enforcement  

• Driving for Quality in Acute Care: A Board of Directors Dashboard -- Government-Industry Roundtable  

• Driving for Quality in Long-Term Care: A Board of Directors Dashboard - Government-Industry Roundtable 

• Driving for Quality in Long-Term Care: A Board of Directors Dashboard - Government-Industry Roundtable 

We are not recommending dumping all these talking points on the board at one time. In fact, conversations around these talking points should occur on a regular basis. The building and maintenance of an effective compliance program with board oversight is more of a marathon than a sprint. 

To download this blog post as a pdf, click the button below.