Skip to content.

Secondary navigation

Get Your Demo
Two people in a modern office setting, smiling and conversing. The person on the left, with curly hair, is wearing a blue blazer and striped shirt, while the person on the right, with a beard and glasses, is also in a blazer. A coffee and juice are on the table.

Board involvement in Compliance signals program maturity

Robust oversight of the compliance program by a company’s board of directors makes a meaningful – and often critical – difference. Boards can provide chief compliance officers (CCOs) with the independence and authority required for an effective program.  It is not uncommon to see faltering programs that regain their footing when guided by an engaged audit committee chair, or, conversely, wither because the board failed to act when the CCO needed support. 

Over the past two decades, progress in board oversight of compliance programs has been substantial. Many boards now view compliance not as a legal formality but as a central pillar of governance. Yet, even with that progress, there is still significant room to grow. 

In 2026, regulators, investors, and employees alike expect boards to do more than simply be the recipients of a quarterly report on hotline activity. There is now an expectation that boards actively oversee the compliance program and the company’s reporting and response systems. The very best boards, however, go further still.  They use their oversight role to help shape an organization’s ethical culture.  Boards can set the expectation for integrity, accountability and transparency.  When that expectation is clear, the effect cascades across the enterprise, shaping management priorities, influencing employee behavior, and building enduring organizational values. 

The elevation of compliance oversight at the board level is reinforced by both legal precedent and regulatory guidance. A line of Delaware cases (C_aremark_ in 1996, Marchand v. Barnhill in 2019, and In re Boeing Company Derivative Litigation in 2021) underscores directors’ duty to oversee compliance systems. These decisions make clear that boards have a fiduciary obligation to ensure: 

  • Mechanisms exist in an organization to identify and escalate red flags 
  • Compliance systems and internal controls are in place 
  • Controls exist in mission-critical risk areas

Regulators echo this expectation. The U.S. Department of Justice’s Evaluation of Corporate Compliance Programs (ECCP) highlights the importance of board-level access for CCOs and timely escalation of significant issues. The ECCP asks whether Compliance has direct reporting to the board; how frequently the CCO meets with directors; whether the board holds executive sessions with Compliance; and what information the board actually examines in their exercise of oversight. The memorandum also recognizes that the CCO’s direct access to the board facilitates an appropriate level of autonomy. The DOJ has emphasized that effective oversight is not solely structural; it depends on the board’s informed involvement in risk discussions and in the program more generally. 

Together, these legal expectations set a clear standard: boards must not only receive compliance information but use it to exercise active, documented oversight. Because the board of directors is the highest governing authority, its support has far-reaching consequences. While a company can have an E&C program without board support, it cannot – by definition – have an effective program without it. And when senior leadership’s support is uneven, board support becomes even more essential.

What the data shows

While most large organizations now have formal mechanisms for board oversight of compliance, recent NAVEX benchmarking data suggests there is still significant room for improvement. In the 2025 State of Risk & Compliance Report – which surveyed nearly 1,000 risk and compliance professionals:  

  • 64% said their boards receive periodic compliance reports, which is below expected and essentially unchanged from 2024 findings (66%) 
  • Only 52% said their boards have formal oversight of the compliance program 
  • 43% said their boards include members with compliance experience or expertise 
  • Only 37% reported that boards hold executive or private sessions with compliance 
  • Only 33% reported that their boards are “highly engaged”

These figures undoubtedly represent meaningful progress compared to a decade ago, but they also point to significant opportunity for improvement.  

The data also reveal a clear maturity gap. Among organizations with more developed compliance programs, half reported that their boards have compliance expertise, 43% said they hold private sessions, and 39% described their boards as highly engaged, much greater levels than indicated for the least mature organizations.

Webinars

Top 10 Compliance Trends: Preparing for 2026’s New Rules of Risk

Explore expert predictions for the year ahead in compliance. This NAVEX webinar covers AI regulation, enforcement updates, and emerging global standards shaping the next era of ethics and risk …

Why board oversight matters 

Board engagement matters not just to meet regulatory expectations, but because it strengthens both the compliance program and the organization’s culture. Boards that actively oversee compliance programs help create an environment in which management models ethical conduct under pressure. 

The 2025 State of Risk & Compliance Report revealed a critical connection between board oversight and leadership support of compliance programs. When there is above average board engagement in a program, management behaviors – from senior leadership, all the way down to first-line managers – are significantly more supportive of compliance. In other words, the board’s engagement contributes not only to greater independence and authority for the CCO, but also more engaged leadership support. The link between governance and performance is no longer theoretical – it is measurable. 

Characteristics of strong board/Compliance relationships 

Across industries, several common practices distinguish organizations where effective board oversight meaningfully advances the compliance program.  

Clarity of oversight: Effective boards have defined responsibilities for compliance oversight – often captured in the charter of the oversight committee as well as in the compliance program charter – and receive regular reports on program performance and risk trends. Board reporting should be live, as well as written. This ensures consistency and prevents oversight from becoming diffuse or episodic. 

CCO access to the board: The CCO must have unfiltered access to the board or its designated committee, including regularly scheduled executive sessions. These discussions reinforce independence and build trust between the board and compliance leadership. 

Values and culture: Sophisticated boards understand that C&E programs are about far more than compliance. They help create a culture of integrity, where doing the right thing (including acting in compliance with law and policy) is simply expected. These boards understand that culture is the single greatest driver of ethical behavior and that the compliance function plays a central role in supporting and measuring culture.   

Visible support for ethical leadership: The board plays a critical role in setting the tone at the top of an organization when they emphasize the importance of creating a culture of integrity. As noted earlier, NAVEX research shows that organizations with more active board oversight report stronger ethical leadership behaviors at the managerial level – reinforcing the link between governance and culture. 

Integration into risk governance: Effective boards view compliance not as a silo but as part of the organization’s risk governance framework, informing board discussions about emerging technologies, supply chain integrity and other strategic areas. 

Data-driven oversight: Boards increasingly expect to see not only summaries of program activity but also trend data – including hotline metrics, investigation outcomes, training completion and culture survey results, but extending to data analytics of business performance, procurement information, gifts and entertainment, and conflicts of interest, among other areas. The focus has shifted from “what compliance did” to “what the data reveals.”

A smiling woman with long gray hair in a red sweater stands in front of a whiteboard, engaging with two people seated and clapping. The table holds a laptop and a plant. The setting appears to be a meeting or presentation.

From oversight to insight

The most advanced organizations have moved beyond viewing compliance reports as backward-looking summaries. Instead, they treat the board/compliance dialogue as a forward-looking discussion about risk, opportunity and culture. 

This shift is partly a function of data analytics and technology, which now allow compliance teams to deliver timely insights rather than static reports. But it is also a matter of mindset. Boards that ask probing questions about topics such as the root causes of misconduct, the effectiveness of training or the implications of new business strategies signal that compliance is integral to performance. 

This dynamic partnership changes how decisions are made. Ethical considerations enter earlier into strategic planning, and compliance leaders are viewed as contributors to value creation rather than custodians of policy adherence.

Practical steps for 2026 

Organizations seeking to strengthen the alignment between boards and compliance can take several practical steps: 

  • Revisit charters and escalation protocols. Document the board’s oversight role and the CCO’s access. 
  • Schedule regular executive sessions. Regularly scheduled time for discussion with the CCO, separate from management. In addition, consider periodic pre-meetings or informal check-ins between the CCO and the committee chair to reinforce the relationship. 
  • Enhance information quality. Replace static reporting with dashboards and analysis that highlight trends, root causes, and potential systemic risks. 
  • Invest in director education. Provide training that links compliance oversight to fiduciary duties and emerging risks such as AI and supply chain integrity. 
  • Assess culture and speak-up health. Encourage the board to review culture metrics, hotline data, and survey insights as part of regular oversight. 
  • Benchmark and reassess. Use tools such as NAVEX benchmarking data to evaluate how the organization’s oversight practices compare to peers and to identify gaps and track progress. 
  • These measures not only strengthen compliance governance but also protect directors and senior leaders by ensuring that oversight responsibilities are demonstrably fulfilled.

2026 prediction

The coming year will see boards and Compliance continue to converge. As regulatory expectations expand and stakeholder scrutiny intensifies, boards will evolve from periodic overseers to more continuous partners with compliance leaders. Organizations that invest now in building this alignment will stand out not only for their ethical cultures but also for their resilience in navigating complex global risks. The next frontier of compliance excellence will be defined in part by how effectively boards and compliance officers shape the organization’s culture. For many organizations, the boardroom will be not just where strategic decisions are deliberated, but also where ethical culture is nurtured.

This article is part of our 2026 Top 10 Risk & Compliance Trends eBook. Check out the full eBook for more expert predictions for the year ahead.

eBooks

Top 10 Risk & Compliance Trends for 2026

Stay ahead of AI regulation, cultural pressure, and global governance change with insights that prepare you for what’s next.

You may also like…

Ready for more? Check out our latest related articles.

See more on similar topics: