Board committees and the culture of compliance

Boards of directors in global companies are showing an increased interest in establishing financial crime committees and hiring notable experts to advise them.

Several well-publicized enforcement actions have provided the impetus by requiring companies to establish such board-level committees and add to their financial crime expertise.

In 2013, JPMorgan Chase, TCF Bank and HSBC were compelled by regulators to adopt enterprise-wide risk management, including taking such steps as creating board-level anti-money laundering committees and remedying weaknesses in their AML programs.

Regulators have provided instructions to companies in their rulemaking as well. Among other things, regulations require compliance officers to share suspicious activity reports with the board or a designated committee.

And guidance such as the Federal Financial Institutions Examination Council’s Bank Secrecy Act/AML Examination Manual and FCPA Resource Guide instruct boards to establish their company’s risk tolerance and create a company-wide culture of compliance.

“The board of directors sets the tone as to how compliance is regarded in a firm and can help ensure that the company has the resources to accomplish its compliance goals,” said Nathaniel Edmonds, a partner at Paul Hastings in D.C. and a former assistant chief of the FCPA Unit at DOJ.

Edmonds agreed that there is an increased focus at the board level on financial-crime compliance.

Investigations and enforcement actions absorb critical resources and attention, and the board must make sure the company keeps its focus on making profits — not on defending regulatory actions, he said.

How do multi-national companies manage compliance risk when doing business in high-risk regions?

“You don’t have to avoid doing business in places like China just because of the risks that it presents.” Edmonds said. Companies need to be cautious, though, and plan early.

“The compliance and audit teams need to do a risk analysis, using technology and expertise at the local level to shore up any vulnerable areas and enhance transparency in transactions at every stage,” he said.

Companies sometimes seek outside analysis for an evaluation of their compliance and audit programs.

“What third-party analysts can provide is a gap analysis to assess where a firm is and where it could be,” said Teresa Pesce, principal at KPMG and head of the Forensic Practice’s AML service line.

Outside experts can explain what a company is required to do, what it is expected to do, and what its competitors are doing in the same space, Pesce said.

Having well-established compliance experts join the company and sharpen the business’ focus on its regulatory obligations is another idea.

Jim Comey, who was U.S. deputy attorney general from 2003 to 2005, joined HSBC as a non-executive director in March.

Also at HSBC is Stuart Levey, a former undersecretary for terrorism and financial intelligence at the U.S. Treasury and now HSBC’s chief legal officer, and Bob Werner, former head of Treasury’s AML and sanctions enforcement units, and currently the bank’s head of financial crime compliance.

Internal, proven experts can help the board buy into a more robust AML-compliance model, Pesce said.

“The board must fully appreciate what the enforcement landscape looks like, what risks are specific to their line of business and why quarterly AML meetings – or even more frequent ones – are essential.”

____

Julie DiMauro is the executive editor of FCPA Blog and can be reached here.