Compliance and the Board: Challenges and Best Practices

Contact: Brian Annulis, Sarah Couture

June 9, 2021

Copyright 2021 Compliance Today, a publication of the Health Care Compliance Association (HCCA).

Chief compliance officers (CCOs) understand the importance of creating a culture that identifies and mitigates risks. In fact, not having a culture that timely identifies risks and escalates them was in the top ten risks according to Executive Perspectives on Top Risks in 2019.[1] One of the first steps in establishing a compliant culture is educating and involving the governing body/Board in compliance. Guidance documents from both the Department of Justice (DOJ) and the Health and Human Services Office of Inspector General (OIG) discuss the importance of “tone at the top” and creating and fostering a culture of ethics and compliance with the law.[2] Additionally, the U.S. Federal Sentencing Guidelines indicate that the company’s “governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight.”

Although it is clear the Board needs to be involved, it is common for CCOs to struggle with what the compliance/Board relationship should look like in their organization. The reasons a CCO may have difficulty fostering a meaningful board relationship may include:

  • The CCO having limited access to the board in general.
  • Not knowing the best way to engage the board and help the members to understand their compliance oversight responsibility.
  • Unsure of the balance between information overload and not enough information when reporting to the Board on the compliance program.
  • Unsure of the best way to educate the board on compliance and what compliance topics should be included.
  • Lack of certainty as to who to engage with on the board and how frequently.
  • Compliance may not be a priority in the organization, so the CCO may not get adequate time with the board.
  • Compliance being looked at as a regulatory necessity to “check the box” vs. a valuable business partner that reinforces a positive corporate culture.

This article is intended to share a roadmap on how to effectively create and manage Board engagement and interactions to strengthen your compliance program and overall corporate culture.

Ankura is not a law firm and cannot provide legal advice.

[1]North Carolina State University’s ERM Initiative and Protiviti: “Executive Perspectives on Top Risks 2019”; 2019. Available at

[2]Office of Inspector General: “Practical Guidelines for Health Care Governing Boards on Compliance Oversight”; 2015. Available at


“Compliance and the Board: Challenges and Best Practices”; Annulis, Brian; Couture, Sarah; Teune, Kayla.