Big Banks Giving the CCO a Seat at the Table
Something interesting is afoot in the financial services sector: one by one, big banks are following the lead of big pharma and giving their chief compliance officers a seat at the tableand more.
After a parade of scandals that has seen bank after bank slapped with penalties or rocked with reports of LIBOR rigging, mortgage fraud, money-laundering, tax fraud, high-risk rogue trading, and a host of other misconduct, prosecutors and regulators are scrutinizing all aspects of compliance functionsand the financial sector is reacting. These developments are much more than a wake-up call for a single highly regulated industry; they are a bellwether of a strategic response to heightened compliance challenges across all industries. Boards and senior management teams serious about compliance should take note.
In quick succession, Goldman Sachs, HSBC, Barclays, and JPMorgan Chase have all taken their CCOs out from under the thumb of their general counsel and bolstered the roles positioning, empowerment, and resources. They join the growing ranks of U.S. companies across industries that have recognized the inherent conflicts in the mandates of the CCO and the GC, and the critical need for both voices to be heard in the C-suite as a part of a healthy checks-and-balances system for the organization. As highlighted in the landmark 2009 Pfizer $2.3 billion settlement (which also separated legal and compliance): The lawyers tell you whether you can do something, and compliance tells you whether you should. We think upper management should hear both arguments.
In January, JPMorgan offered a rare glimpse into its inner angst when it released a 129-page internal management report on the causes of its infamous London Whale trading debacle. But it is in a shorter companion report that noted governance expert Michael Peregrine has found some important lessons for boards of directors on elevating the firms compliance and risk officers as a boost to their oversight duties. He cites an emerging view that these managers should now report directly to the chief executive and not to a companys general counsel. After decades of subordinating compliance to legal, the financial sector appears to be at a tipping point.
Although some banks are reorganizing their compliance functions quietly and without fanfare, some have released details of their enhancements to the media, and still others have had their remedial steps laid bare in publicly available settlement agreements. Last December, U.K. banking giant HSBC agreed to a record $1.92 billion penalty for widespread anti-money laundering violations, and a deferred prosecution agreement with the U.S. Department of Justice setting out sweeping changes to the banks compliance organization, including splitting its legal and compliance functions, elevating its CCO to the ranks of its top 50 managers, and increasing its anti-money laundering budget nine-fold and its compliance staff ten-fold. This month, after a string of scandals at Barclays that resulted in the resignations of its top three execs (and also one COO who commissioned, then shredded and denied the existence of, an outside report on firm culture), new CEO Antony Jenkins announced as part of his Project Transform that all compliance officers will now report directly to him. Looking through a Malcolm Gladwell-like lens: If one is an example, two is a coincidence, and three is a trend, we may be looking at a wave.
The push for an independent CCO as an enterprise-wide focal point for how companies assess, manage, and monitor their compliance risks is not new. Healthcare companies started taking steps to elevate their CCOs a decade ago, though not without the heavy hand of regulators and prosecutors. In a 2003 letter to Tenet Healthcare in the midst of its Medicare and Medicaid fraud scandal, Senator Charles Grassley (R-Iowa) famously pointed out the inherent conflict of the firms dual GC-CCO role: You dont have to be a pig farmer from Iowa to smell the stench of conflict in that arrangement. Healthcare settlements now routinely include an undertaking that the chief compliance officer shall not be, or be subordinate to, the general counsel or the chief financial officer. Today, the focus on an elevated compliance function has expanded to include multiple levers of independence, broad mandate, adequate resources, line of sight, and the all-important seat at the table.
Companies outside the healthcare and financial services sectors have also followed suit, many in response to the 2010 amendments to the Federal Sentencing Guidelines reflecting the governments strong preference for CCOs to have direct reporting obligations to the board of directors. Similarly, the recent joint DOJ/SEC Resource Guide to the Foreign Corrupt Practice Act lists in its hallmarks of an effective compliance program the need for a CCO with adequate autonomy from management and sufficient resources. As observed by Deloitte director Tom Rollauer: The role of the chief compliance officer has been elevated, because of the importance of the role and the visibility that it has now with the stakeholders, including the regulators. So the chief compliance officer is now, typically, an official member of the C-suite.
In matters of compliance, forward-looking boards would do well to help their companies get ahead of the tipping pointbefore they are forced to do so by others. As noted in the JPMorgan report, boards need to know, in a timely fashion, about the issues that keep management awake at night. But judging by the current momentum for an elevated CCO, boards are also realizing that they, and their companies, should also know, on a timely and unfiltered basis, what keeps the CCO awake at night.
Donna Boehme is an internationally recognized authority and practitioner in the field of organizational compliance and ethics, designing and managing compliance and ethics solutions within the U.S. and worldwide. As principal of Compliance Strategists LLC, Boehme is the former group compliance and ethics officer for two leading multinationals and currently advises a wide spectrum of private, public, governmental, academic, and nonprofit entities through her NJ-based consulting firm. Follow her on Twitter @DonnaCBoehme.