Board on board
Since a company's culture will always "trump any external rules," to get at the root causes of—and the root solutions to—compliance
issues, "you have to go up to the top of the food chain," says Mary Bennett, VP, ethical leadership group, at Navex Global,
a corporate ethics and compliance services firm.
Regardless of whether compliance structures are centralized through a global hub that dictates strategy to local units across
the business, or separated into functional compliance divisions built around specific risk areas, it's important for the chief
compliance officer to meet with the board of directors more than once a year, says Bennett.
And the responsibility of the board, when it comes to compliance issues, extends beyond staying awake during a program briefing.
At the OIG-hosted Pharmaceutical Roundtable on Compliance last February, which convened 42 compliance officers representing
23 pharma companies currently working under CIAs, participants said that in addition to being trained and educated on compliance
issues, board members should consult with third-party, independent compliance experts; provide review and oversight of audits
and identified risk areas; interact routinely with internal compliance officers; and "convey messages about the value and
importance of compliance (including as a competitive business advantage)," according to a report on the roundtable's findings.
On the subject of a third-party compliance consultant to the board of directors, Cynthia Cetani, VP, ethics and compliance,
chief compliance officer at Novartis Pharmaceuticals Corporation, singled out the board expert provision in Novartis's CIA
as a helpful one. "A board compliance expert is an interesting concept from the government (OIG) and it can be helpful to
have an independent view that can aid the board," says Cetani. "It's another source of information and perspective, and I
think the board should have various sources of information from which to assess the company's compliance program." As CIAs
have expanded to include board responsibilities, compliance officers now are "very much involved in the education of their
board of directors," says Eve Costopoulos, VP, chief ethics and compliance officer at Eisai. Formerly VP, global compliance
and business practices at Schering-Plough, Costopoulos says she reports directly to the CEO, and meets with Eisai's board
of directors on a quarterly basis. Eisai doesn't have a CIA, but company leaders decided to separate compliance from the legal
department, and to have Costopoulos report to the CEO, at the beginning on 2011. Before that, "we were reporting on trends
in the industry, and I think the CEO saw [restructuring] as one way to further elevate the compliance function" at Eisai,
While the board of directors shouldn't muscle its way into developing specific processes and solutions for mitigating risk—the
remit of the compliance team—they should be getting regular progress reports from their compliance officers, says Bennett.
"One of the biggest questions that a board member can ask the compliance officer when they meet is: 'what are you doing to
mitigate our risks? What do you have in place, and how do you know it's working?'"