Board Compliance

Do corporate boards care about compliance? Surely, they should, because of the potentially catastrophic consequences of ignoring it. Take the example of the recent compliance failures at Wells Fargo, the large bank, which pioneered a strategy of “cross-selling” financial products to its customers. This turned out to be profitable, and the bank sought to maximize its roll-out by setting branch staff powerful financial incentives to maximize sales of financial products to its customers. Unfortunately, these incentives triggered widespread fraud on the part of the bank’s employees, with customers discovering products had been charged to their names without their consent. After the Wells Fargo scandal broke, regulators identified numerous weaknesses in the firm’s compliance programs that had permitted the misconduct to go unchecked. The bank paid about $2 billion in fines and fired over 5,000 employees; the CEO resigned after Congressional hearings. In response, the Board commissioned an outside investigation into how this compliance failure happened on its watch. Yet, federal regulators were deeply unsatisfied with the Board’s response. In early 2018, the Federal Reserve took the unusual step of restricting the growth of the bank as four Board members departed; the Fed also sent a letter to the former lead independent director, describing his “many pervasive and serious compliance and conduct failures.”

This regulatory intervention and Board shakeup was unprecedented, but similarly massive failures involving some of the largest corporations have been common in recent years—from Enron and WorldCom to BP, HSBC, General Motors and Volkswagen—resulting in billions paid to enforcers in the United States and corporate governance shake-ups. Amidst the notoriety of these failures, have sanguine corporate boards taken on a more substantial oversight role in compliance? Surprisingly little literature exists on the role of boards in compliance.

In an article forthcoming in the Minnesota Law Review, we present the first empirical examination of this question, using data from public filings and corporate prosecutions. The article, Board Compliance, offers an empirical account of public companies’ engagement with compliance at the board level, drawing on director-level data from BoardEx and data on federal organizational prosecutions from the Duke University and University of Virginia Corporate Prosecution Registry.

Compliance programs are internal enforcement programs whereby firms train, monitor and discipline employees with respect to applicable laws and regulation. For the past quarter-century, U.S. authorities have offered explicit incentives for corporations to implement such programs. Yet we find that, despite a standard account that compliance has boomed, few boards actually adopt compliance committees. We regard a board-level compliance committee as one proxy for the intensity of a firm’s compliance commitment because an adoption of board compliance committee is voluntary (unlike Audit Committees), information on board compliance committees is disclosed in SEC filings (unlike executive compliance committees), and such a committee entails a compliance-focused use of scarce board time.

Our result shows that less than five per cent of U.S. public companies have adopted a compliance committee, although the proportion has grown steadily over time. This finding appears starkly at odds with the practitioner literature asserting a compliance “revolution.”  We then use our data to explore when firms establish board compliance committees. Our results suggest that there is room for more constructive engagement with compliance by many boards.

We present three main findings.

First, companies with a recent prosecution record are much more likely to establish board compliance committees. Yet this is not because prosecutors tell them to. We review a comprehensive dataset of DPAs and plea bargains entered into by public companies from 2001 onwards. In only five of 374 cases (less than two per cent) do these agreements stipulate the creation of some kind of board compliance committee.  Rather, the link appears indirect. Prosecutors do frequently demand enhancements to a firm’s compliance activities as part of these settlements; this creates a sharp increase in the need for compliance oversight, which boards meet by establishing committees.

Second, we find only weak links between factors that might heighten a firm’s exposure to potential prosecution—such as being in a heavily regulated sector, or a high rate of prior prosecution in their industry. This suggests that even firms for which compliance might be very important are not taking it sufficiently seriously to justify establishment of a dedicated committee. These results suggest that boards take compliance more seriously only after their firm has got caught. Does this imply a troublingly low background level of board compliance oversight? Our other results give further cause for concern.

Third, we find that prior experience of board compliance oversight makes a difference. Companies with a director overlap with a firm that already has a compliance committee are much more likely to establish one themselves. This finding is consistent with the general literature of diffusion of innovations. Moreover, it suggests that these directors’ prior experience of board compliance is generally positive, as it increases the likelihood of subsequent adoption by other boards on which they serve. Why, then, are compliance committees not more widely adopted?

Fourth, we find that firms with compliance committees tend to be larger and find suggestive evidence that they have bigger boards. This reinforces the idea that compliance oversight entails real costs for the firms: bigger firms have more capacity for compliance expenditures; bigger boards can more easily manage the use of board resources.  This may mean that boards often lack the capacity to do compliance oversight other than as an Audit Committee addendum.

Taken together, these results are intriguing and troubling. While our data do not permit any causal interpretation of the findings, they are consistent with theoretical claims that compliance is more often overlooked, rather than overseen, by boards. Moreover, they raise a question within corporate governance about optimal board size. Small boards may be best from the own-firm shareholder point of view but not from the social or diversified shareholder point of view, when compliance is taken into account. A small board lacks resources for sufficient compliance oversight, and it also creates a baseline in which adoption of a compliance committee becomes a signal the board believes the firm has an above average compliance problem, which may negatively affect stock price. More generally, avoidance of such a signal becomes a reason for a board to avoid a compliance committee even when such a committee would be warranted.

In our final section, we consider ways in which board compliance might be facilitated, or encouraged: reconsidering norms about board size and independence, enhancing accountability of directors to regulators, and tightening state law fiduciary duties regarding oversight. We emphasize that our results are just a first step— albeit an important one—and our conclusions are correspondingly tentative. We hope that others will engage with the puzzles they raise, and that the nature and success of board compliance will attract the attention that its importance to policy deserves.

The complete article is available for download here.