It was like a bolt out of the blue – United Airlines’ CEO and two senior executives hastily announced their resignation as a result of their involvement in a bribery scandal with the New York Port Authority.
As alleged in various news reports, the United executives secured some concessions for its Newark operations in exchange for United’s operation of a specific flight from Newark to South Carolina to benefit the head of the New York Port Authority.
Apparently, an internal investigation conducted by United revealed the bribery arrangement, leading to the abrupt resignation of the CEO and two executives.
The United scandal is yet another reminder of the impact that C-Suite misconduct can have and the need for Chief Compliance Officers to focus on C-Suite misconduct risks. Some might say that I am incredibly naïve for thinking that ethics and compliance has to include the C-Suite. Given the risks and the impact of senior executive misconduct, a CCO would be negligent in failing to focus attention to this issue.
The amount of criminal conduct within the C-suite is on the rise. Statistics compiled by DOJ, KPMG, and the Compliance and Ethics Leadership Council suggest increasing rates of criminal prosecution and conviction of C-suite executives; high prevalence of top management involvement in serious compliance violations; and a growing percentage of CEOs, CFOs, and board members complicit in observed episodes of corporate fraud.
We all hear the constant refrain about the importance of tone-at-the-top. Everyone understands the importance of such a culture but what happens when there is no tone and affirmative misconduct occurring at the C-Suite level?
Despite the widely repeated leadership refrain about the importance of tone-at-the-top, C-Suite misconduct can have a disastrous impact on a company’s reputation. No longer can a board of directors fulfill its obligations by appointing a CEO and hoping that the CEO will implement a culture of ethics and compliance.
Corporate boards have to step up and play a more active role in monitoring the C-Suite. To carry this out, corporate boards have to empower an independent CCO with access to the Board and adequate resources to carry out the compliance function.
A company can have robust controls and compliance procedures but those controls can be meaningless when the C-Suite itself is involved in corporate misconduct.
When compliance is visibly lacking at the C-suite level, this omission sends a contradictory message downward through the organization about whether the institutional commitment to compliance and transparency is truly meaningful. The cultural costs can be severe, as illustrated in the United scandal.
Corporate directors need to conduct a rigorous self-examination of their own performance and responsibility and to identify ways to minimize compliance risks throughout the company. Proactive steps that can be taken at the board level include (1) setting up a board-level compliance committee, (2) empowering the CCO and ensuring a direct report relationship to the board or its compliance committee or both, and (3) supporting the CCO in the formation of a rigorous compliance and ethics program. In order to carry out board-level responsibilities for monitoring compliance, including at the C-suite level, boards need a flow of performance information that can be provided only by an empowered CCO sitting at the helm of an effective compliance program.
In order for the CCO to address compliance risk at the C-suite level, he or she needs to have the authority, resourcing, and board access to make this role practical. This being granted, the next step is for the CCO to apply the same professional tools used in other aspects of the job, beginning with a formal risk assessment. Such an assessment can ground subsequent compliance training, certification, and communication efforts within the C-suite and once again spotlights the importance of the CCO’s reporting tie back to the board. To the extent that compliance risk assessment or subsequent compliance activity identifies specific vulnerabilities or resistance within the C-suite, only an empowered CCO and a board that is actively monitoring the program are likely to be able to address those compliance risks.