Companies have growing compliance requirements with a clear responsibility for respecting laws and regulations that go all the way to the top of the organization. Since our blog posts typically concern ways to meet compliance requirements, we thought it would be interesting to explain why those with decision-making powers need to understand and meet the obligations found in laws and regulations. Of course, companies, like persons, are expected to respect the laws and regulations in the jurisdictions they operate in, but a company must be aware that it is their board which are ultimately responsible for compliance. This is doubly true in publicly-traded corporations as securities laws increase requirements related to corporate governance.
Most companies rely on in-house and external council along with specialist consultants to determine legal compliance. This can work, but it is not enough to ensure constant compliance with an ever evolving regulatory framework and changing operations. As companies acquire new divisions, change their operations and see changes to legislation, they must constantly stay aware and take action to ensure compliance. Doing this manually, with lawyers and consultants can quickly become cost prohibitive. To tackle this issue in a cost-effective manner, a modern organization should have robust systems in place to ensure that everyone from front-line staff to the CEO to board members are in line with the law. This requirement is particularly true for publicly-traded companies, whose boards are legally liable for compliance to all applicable laws and regulations. Though the implementation of these legal compliance management systems can be delegated to committees and operations staff, final liability does lie with the board.
In the book Governance of Publicly Listed Corporations, author Thierry Dorval explains that the responsibility of board members to ensure that operations are in compliance with all relevant laws and regulations is clearly outlined. A recognized expert in corporate governance and partner at Norton Rose Fulbright, Thierry Dorval states on page 193,
“The Board has the following responsibilities: … ‘(5)Taking all reasonable measures to ensure that appropriate systems are in place to identify business risks and opportunities and overseeing the implementation of processes to manage these risks and opportunities…. (7) Monitoring the Corporation’s compliance with applicable legal and regulatory requirements.” In our work with large organizations, we have seen a wide array of systems to manage this requirement. From simple excel files and emails, to nothing at all to a very high legal bill every year, companies are clearly struggling to implement a robust solution to their complex regulatory requirements.”
He goes on to explain on page 96-197 that
“The Audit Committee has the following responsibilities… With respect to risk management and internal controls … (4) Assisting the Board with the oversight of the Corporation’s compliance with applicable legal and regulatory requirements.”
Therefore, not only does the board of a publicly listed corporation have a responsibility to put in place systems to manage regulatory compliance, but the audit committee must also assist in this process. These requirements are outlined by both the NYSE Company Manual and the National Policy 58-201.
In Canada, we can take a look at the Consolidated Ontario Securities Act, Regulations and Rules, which outline the requirement of boards to implement regulatory compliance systems in their companies. For example in Part V – Ongoing Requirements for Issuers and Insiders page 58-201 states,
“The Board should adopt a written code of business conduct and ethics (a code). The code should be applicable to directors, officers and employees of the issuer…. In particular, it should address the following issues: … (e) compliance with laws, rules and regulations;”.
This requirement is fairly typical of securities law, and any publicly-traded company (and most likely many large private companies) will have it in their corporate by-laws in any jurisdiction and will be subject to it.
Though many board members and corporate executives are aware of these requirements, they fail to take a systematic approach to the problem. Instead of putting in place a vigorous legal compliance and risk-management solution, they rely on periodic audits and legal services. Only when something goes wrong – a spill, a death, an explosion or a lawsuit – does the board realize they are personally liable. Of course even a robust system needs a periodic audit, but the first step to meeting the securities requirements and ensuring board members are meeting their obligations is to establish a framework for ensuring compliance throughout the organization. Nimonik works with companies of all sizes to help structure such a system and train staff members, allowing the entire operation to demonstrate constant compliance. In this way, the organization’s board of directors can meet the requirements to comply with all laws, rules and regulations of the jurisdiction in which they operate.