(FotolEdhar – Fotolia)
It’s time to call it quits. The general counsel/chief compliance officer relationship debate, that is. The never-ending discourse as to whether the GC and CCO positions should be separate or can be combined; whether the compliance officer can report to the general counsel; whether one position, rather than the other, serves as the moral compass of the organization. And all of the absolutism that the positions must be structured “just so” in order to demonstrate compliance effectiveness or satisfy “best practices.”
In an increasingly compliance-conscious commercial world, thoughtful, law-abiding and ethical organizations are reaching their own, informed decisions as to how the GC-CCO relationship should work; how it can provide an effective best pathway for assuring adherence to law. As noted in a recent Corporate Counsel column, “GC v. CCO: The Big Debate,” credible survey results reflect a wide variety of corporate approaches to this important relationship. The rigid model promoted by some is not meeting with universal acceptance at companies that nevertheless share the same vigorous commitment to compliance.
This new data helps confirm that when it comes to coordination of compliance officer and general counsel roles, there is no one-size-fits-all approach. There is no right or wrong, there is no black or white, there is no one truly correct path to effectiveness. And it is neither fair nor proper to hold organizations to a single solution in structuring such an important, yet complex, relationship.
That’s particularly the case given the explosion of organizational sensitivity to the concept of “risk governance.” Sophisticated boards in every industry sector are focusing an increasing amount of governance time, effort and energy on the oversight of risk, in its every aspect. (See the Corporate Board Member article, “What Directors Think.”) The typical contemporary board is one that embraces the fiduciary imperative of risk governance. It’s not the ’80s or ’90s anymore when it comes to the (lack of) intensity of board oversight; although some appear very slow to accept that reality.
The “it must be done this way” approach that has dominated both the debate and the compliance landscape has, in some instances, been both harmful and counterproductive to effective compliance and risk management. It can foster “siloism” between legal and compliance departments. It can create confusion at every organizational level as to the proper roles of legal and compliance, respectively. It can allow critical issues to fall between the cracks of GC and CCO “jurisdiction.” It can cause the loss of attorney-client privilege when such protection is critically needed.
Perhaps more insidious to a compliance-sensitive organization, this “absolutism” can promote an aura of ethical purity of the compliance officer—at the expense of the general counsel. This is the perspective that the job of compliance officer is to advise on what is legally appropriate and legally inappropriate, as opposed to whether the organization should, or should not, take a particular action.
Oh, really? And I thought it’s the general counsel who’s supposed to be the “guardian of the corporate reputation.”
This concept of ethical purity is further manifested in concerns that a “conflict of interest” automatically arises when the compliance officer reports to the general counsel; that the general counsel could be “biased.” As if the Rules of Professional Responsibility (e.g., Rule 1.13(a)) were of no import.
People of good faith can debate these issues endlessly and not reach agreement. Yet, if organizational compliance efforts are to make the necessary leaps in effectiveness that the environment demands, there’s value in moving beyond these basic role/relationship issues. Let the board of directors fulfill its obligation to establish and maintain a structure that is best for the organization. Let the policy dialogue focus now on issues that relate more directly to compliance plan effectiveness.
Like requiring an unequivocal division of authority between the positions of GC and CCO that is clear to every level within the organization. Like confirming the ability of both the CCO and the GC to sidestep direct relationships and report to the board when necessary to do so. Like establishing expectations for timely reporting of legal and compliance risks, in a context the board can comprehend. Like implementing a communication protocol between the CCO and the GC that balances appropriate coordination with legitimate government concerns for transparency, bias and abuse of the attorney-client privilege. Like incorporating meaningful compliance goals within executive incentive compensation arrangements. Like letting cooperation, coordination and teamwork flourish.
These, and similar initiatives, are where significant improvements in compliance and legal risk profile management can be made. But to get there, we need to move beyond the current debate on roles and relationships—especially when survey data increasingly demonstrates that there may be a better way.
Don’t get me wrong: there is absolutely nothing wrong with a traditional approach to the separation of the compliance and general counsel roles and relationships. If that’s what works to enhance compliance effectiveness within a particular organization, so be it. But broader structural tolerance is needed in an environment that is much more attuned to risk management and legal compliance than in the past. There’s more than one way to skin this (particular) cat.
So let’s end the debate, call it a tie and move on to more productive efforts.
Michael W. Peregrine, a partner in McDermott Will & Emery, advises corporations, officers and directors on matters relating to corporate governance, fiduciary duties and officer-director liability issues. His views do not necessarily reflect the views of McDermott Will & Emery or its clients.