The agile board of directors
Preparing for compliance amid uncertainty
INSIGHT ARTICLE |
Most directors will tell you that a growing percentage of their board’s time is spent on ensuring regulatory compliance. The specific issues they will focus on, however, are always subject to change, and while boards can make educated guesses about what will change, no one knows for sure. As a result, boards have to hedge their bets and prepare for the most likely scenarios if they are to be agile enough to shift gears when necessary to effectively deal with regulatory changes.
In the absence of certainty, boards should not wait until the last minute when preparing to comply with regulations. In most cases, the general framework for necessary compliance obligations is available well in advance, and prep work can be done to avoid scrambling to catch up and potentially creating vulnerabilities or deficiencies. Regulations often require complex calculations and judgment calls, and boards should plan in advance and investigate what data is needed to proactively choose a path forward.
Boards must bear in mind that they should focus not only on complying with regulations but also on the perceptions of the investment community. Boards can be in strict compliance but not be able to share a winning narrative with current and prospective shareholders who are crucial to a company’s future. In fact, boards need to consider the full range of stakeholders and tailor messaging to address the issues of critical concern of each group.
Important areas of change
Much of the added regulatory compliance work for boards is linked to requirements of the Dodd-Frank Wall Street Reform and Consumer Protection Act, which was signed into law in 2010. While President Donald Trump has frequently mentioned the burdens of Dodd-Frank during his campaign and presidency, which provisions of the mammoth law will be repealed remains to be seen. The CEO pay disclosure rule was initially a target for elimination, but boards must be flexible and aware to efficiently address additional potential changes to the law.
As borders continue to fall for companies to provide goods and services on a global scale, boards also must contend with increased compliance measures. Case in point: enhanced anti-corruption standards are a key focus of both United States and international regulators, aiming to eliminate illicit payments to foreign officials and create a fair business environment. Boards must not only understand the scope of evolving U.S. Foreign Corrupt Practices Act (FCPA) legislation, but also emerging laws in the countries they operate, such as new standards in Mexico and several European nations.
In addition, information security and privacy guidelines continue to evolve and expand to address growing cybersecurity threats and protect key internal data. Compliance demands are extensive, with cybersecurity regulations introduced from federal entities, as well as industry organizations. Many companies are also subject to emerging international data security guidelines, such as the General Data Protection Regulation (GDPR), which is designed to protect the personal information of European Union residents.
Cybersecurity is a particularly important topic for boards, as meeting regulatory expectations also typically means that key customer and company data is sufficiently protected. Therefore, projecting and efficiently complying with regulatory changes is critical to protect the company’s operations and reputation.
Preparation and communication—The decisions that matter most
With regulatory requirements expanding and evolving, these are only a few of the myriad compliance demands that boards must prepare for. Many regulations are not set and completely established, but boards must keep upcoming obligations on their radar and establish necessary process adjustments in advance if possible. Deadlines approach quickly, and noncompliance can be damaging. Staying ahead of compliance guidelines can help boards protect their environment and stay ahead of any threats.
Executing a communications plan that takes all stakeholders and other factors into account is increasingly important. This is an ongoing responsibility where key messages and the duty for delivering them need to be overseen by the board. Anticipating regulatory change and being prepared to comply is only one half of a success story. Without the buy-in of stakeholders—those who invest and those who get the work done—that compliance effort will be a Pyrrhic victory.
Article originally appeared in NACD's Directorship magazine March/April 2017 issue.