Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Board committees and the culture of compliance

Boards of directors in global companies are showing an increased interest in establishing financial crime committees and hiring notable experts to advise them.

Several well-publicized enforcement actions have provided the impetus by requiring companies to establish such board-level committees and add to their financial crime expertise.

In 2013, JPMorgan Chase, TCF Bank and HSBC were compelled by regulators to adopt enterprise-wide risk management, including taking such steps as creating board-level anti-money laundering committees and remedying weaknesses in their AML programs.

Regulators have provided instructions to companies in their rulemaking as well. Among other things, regulations require compliance officers to share suspicious activity reports with the board or a designated committee.

And guidance such as the Federal Financial Institutions Examination Council’s Bank Secrecy Act/AML Examination Manual and FCPA Resource Guide instruct boards to establish their company’s risk tolerance and create a company-wide culture of compliance.

“The board of directors sets the tone as to how compliance is regarded in a firm and can help ensure that the company has the resources to accomplish its compliance goals,” said Nathaniel Edmonds, a partner at Paul Hastings in D.C. and a former assistant chief of the FCPA Unit at DOJ.

Edmonds agreed that there is an increased focus at the board level on financial-crime compliance.

Investigations and enforcement actions absorb critical resources and attention, and the board must make sure the company keeps its focus on making profits — not on defending regulatory actions, he said.

How do multi-national companies manage compliance risk when doing business in high-risk regions?

“You don’t have to avoid doing business in places like China just because of the risks that it presents.” Edmonds said. Companies need to be cautious, though, and plan early.

“The compliance and audit teams need to do a risk analysis, using technology and expertise at the local level to shore up any vulnerable areas and enhance transparency in transactions at every stage,” he said.

Companies sometimes seek outside analysis for an evaluation of their compliance and audit programs.

“What third-party analysts can provide is a gap analysis to assess where a firm is and where it could be,” said Teresa Pesce, principal at KPMG and head of the Forensic Practice’s AML service line.

Outside experts can explain what a company is required to do, what it is expected to do, and what its competitors are doing in the same space, Pesce said.

Having well-established compliance experts join the company and sharpen the business’ focus on its regulatory obligations is another idea.

Jim Comey, who was U.S. deputy attorney general from 2003 to 2005, joined HSBC as a non-executive director in March.

Also at HSBC is Stuart Levey, a former undersecretary for terrorism and financial intelligence at the U.S. Treasury and now HSBC’s chief legal officer, and Bob Werner, former head of Treasury’s AML and sanctions enforcement units, and currently the bank’s head of financial crime compliance.

Internal, proven experts can help the board buy into a more robust AML-compliance model, Pesce said.

“The board must fully appreciate what the enforcement landscape looks like, what risks are specific to their line of business and why quarterly AML meetings – or even more frequent ones – are essential.”


Julie DiMauro is the executive editor of FCPA Blog and can be reached here

Share this post


1 Comment

  1. The rapid growth of social media, mobile technologies, cloud computing, data mining and multi-channeled global money flows exposes all organizations to enormous new risks. Assessing yesterday's risks is a starting point, but anticipating and detecting tomorrow's risks is critical. In this environment, therefore, there are vastly expanded expectations of boards and top executives. More focused attention from the top, along with appropriate resources for front-line risks managers, is essential to build the mitigations necessary to fortify against rising new reputation risks.

Comments are closed for this article!