Whitepaper

Best Practices for Compliance Reporting to the Board

Jul 17, 2019

Compliance Officers can face significant challenges when it comes to reporting to Senior Management and the Board — given that oftentimes such executives lack a strong compliance background.

INTRODUCTION

As a Compliance Officer, one of your responsibilities is keeping both senior management and the board of directors for your company informed about the compliance department’s progress – and its challenges. This can be a struggle for some Chief Compliance Officers, especially because board members and other leaders don’t always have strong compliance backgrounds. Of course, board members have overall accountability for their firms. So, they depend on CCOs to provide them with timely, relevant information they can use to make strategic decisions for their companies. 

When it comes to board reporting, what you report is important, of course. However, how you report information is also critical.

When compliance leaders are able to effectively convey messaging, they are more likely to get the support and funding the department needs. 

The following best practices can help you improve the quality of compliance board reporting, ultimately strengthening the relationship between compliance professionals and board members.

BEST PRACTICE ONE: TRAIN THE BOARD

Your role in board reporting is to relay information. In order to do that effectively, it’s important that the board of directors be on the same page as the compliance department and the rest of the firm. One of the best ways to do that is to provide the same training for board members as the firm provides for employees on key issues. This helps ensure everyone is speaking the same language, and sets the stage for you to later report on those key issues. 

According to PwC’s 2018 State of Compliance Study, only 49 percent of “Leaders,” defined as firms that are “very satisfied with the effectiveness of their compliance programs,” provide training to their boards of directors. Of those firms that provide training, top subjects include privacy (71 percent), cybersecurity (71 percent), and conflicts of interest (64 percent.) 

By increasing compliance education and communication for board members, you’re also helping build a stronger board – one that understands the firm’s challenges and is better equipped to address those challenges.

BEST PRACTICE TWO: PROVIDE FREQUENT UPDATES

The frequency with which you report to the board in person may depend to a certain extent on the firm’s makeup and risk. In some firms, CCOs are on the agenda for every quarterly board meeting as regularly-scheduled speakers. In other firms, compliance officers provide written reports as part of the board books each quarter but only give live reports once a year. 

While the CCO may only address the full board of directors annually, he or she should at least provide updates to the Audit Committee or Compliance Committee every quarter. 

NAVEX Global suggests CCOs can maximize the effectiveness of periodic board reporting by asking the board about their expectations. Do board members feel compliance reports occur with the right frequency? Adjust reporting as needed, based on feedback received.

BEST PRACTICE THREE: CAREFULLY CURATE THE INFO YOU PROVIDE

While specific information included in compliance reports to the board should differ and be updated for each new report, the template and format of reports should be consistent from one quarterly (or annual) report to the next. This provides a measure of comfort to board members, helping ensure they focus on the content of the presentation rather than on trying to anticipate what’s coming next. 

It’s also important to include all relevant data in your reports, but to not overwhelm board members with too much information that isn’t necessary to help them make governance decisions. 

One of the best ways to do that is by using RegTech to automate the collection of data you compile and report to the board. When you do so, you can be confident you’re capturing all data, that the information is current, and that the format remains consistent. By automating data collection and reporting, you are also reducing the likelihood of errors. To ensure that reports meet the needs of the end recipient, choose a solution that offers configurable reporting according to role and required parameters.

BEST PRACTICE FOUR: EXPLAIN HOW INFORMATION PROVIDED RELATES TO THE COMPANY AND ITS RISK FACTORS

Remember that the overarching goal of board compliance reporting is to give board members the detail they need to make strategic decisions. To make such decisions, board members need context for the numbers and data you share in your reports. 

If it’s not immediately obvious to an audience that is not solely focused on compliance, explain how the information you are sharing fits into the firm’s risk assessment and current controls. If there are new regulations or new threats impacting the company, provide a high-level overview to set the stage. When possible, provide numbers to benchmark your compliance department’s performance against its competition.

NAVEX Global recommends providing a summary that includes: 

  • Top risks facing the firm.
  • Policy exceptions.
  • Gaps in existing controls.
  • Emerging risks.
  • Report of risk mitigation strategies.

Including these elements and proactively addressing risk assessment demonstrates how involved the CCO is in the firm’s risk assessment process.

BEST PRACTICE FIVE: ENGAGE THE BOARD

Effective compliance board reporting hinges on how engaged the board is with the information being presented – and with its presenter. 

A 2018 survey by the Society of Corporate Compliance and Ethics revealed that, in general, compliance professionals felt their interaction with the board was positive with 46 percent rating it “very positive” and 25 percent saying their interaction was “somewhat positive.”

CCOs can increase board member engagement and investment in the firm’s compliance function by encouraging and fostering an ongoing dialogue with board members. Being a trusted resource and keeping the lines of communication open between regularly-scheduled meetings can help give the board confidence in the firm’s risk mitigation efforts and in their own ability to help steer the organization in today’s heavily regulated environment

CONCLUSIONS: EFFECTIVE COMPLIANCE BOARD REPORTING ULTIMATELY HELPS EVERYONE

When the compliance department and board of directors speak the same language, and when CCOs are able to convey timely, relevant information in a consistent, concise manner, everyone benefits. 

The board gets the data and context it needs to make informed decisions and compliance is more likely to get the support from the top and funding to carry out its mission. The firm’s clients, employees, and key stakeholders also reap the rewards of a compliance structure designed to protect their respective interests.

Reaching the perfect balance between the right content, level of detail, and tone for compliance board reporting may take some time. Implementing these best practices can help CCOs fine-tune their board presentations and build more effective relationships with their governing bodies.

Download “Best Practices for Compliance Reporting to the Board” for 5 useful tips on how to effectively convey compliance program performance.