Making the CCO an Independent Voice in the C-Suite
This article is the debut of a new regular CorpCounsel.com column, The Compliance Strategist.
In January/February 2013, the Society of Corporate Compliance and Ethics (SCCE) polled 800 compliance and ethics professionals on the topic of whether the chief compliance officer should report to the general counsel, and 80 percent said: No. The same group overwhelmingly said that the GC should not attempt to also serve as the CCOa whopping 88 percent.
Here is my shocked face :-0
No doubt some will dismiss these results as the C&E profession questing for power, a turf battle between GC and CCOa kind of Hunger Games competition with each trying to convince top management and boards of their primacy. But such blithe cynicism would be overlooking the complexity of issues, common-sense reasoning, and wealth of settlement agreements, government guidance, regulatory action, and anecdotal data in support of separating the two roles.
Ive also heard some complain that the momentum for CCO independence is being driven by non-lawyers. Nonsense. A large percentage of CCOs are lawyers (although the significant number of successful CCOs without legal backgrounds testifies to the fact that compliance is not a legal function). Also, as illustrated by the SCCE survey, CCOs regard their in-house legal colleagues as close and valued allies with whom they enjoy a positive working relationship.
But none of that changes the fact that compliance and ethics is an entirely separate profession that requires distinct competencies and expertiseand autonomy from managementto do its job well. As some of the survey comments specifically noted, it is pretty hard to make a case for that autonomy when the CCO reports to the GC, and essentially impossible where the CCO is the GC.
Having spent years on the ground in both camps (as both in-house counsel and chief compliance officer) and hearing countless anecdotal stories on the topic, I can say with absolute conviction that a turf battle is the least of the C&E professions concerns. These are the folks that former federal prosecutor Michael Volkov has called the unsung heroes of the workplace and his 2011 Person of the Year.
Compliance officers are often the least political, least power-hungry folks at the company holiday party. It may sound cliché, but most CCOs are driven by their own internal desire to do the right thing,i.e., just what they ask their company colleagues to do every day. And they do this, more often than not, without personal recognition, career protection, or understanding of the job by others whose support they need to do the job well. Many work under extraordinarily difficult circumstancesunder so much stress, in fact, that in a 2012 survey 60 percent pondered leaving their jobs.
Does that sound like a power-hungry professional profile to you? Id say there are safer ways to get ahead in life, like bank robbery. Because at least then you have a gun and a getaway car . . .
The CCO mandate is ambitious, broad, and complex: no less than to oversee their organizations ability to prevent and detect misconduct. It requires, as its basic platform, an appropriate reporting structure, access to top management and the board, and resources that will enable the CCO to discharge that mission. The SCCE survey results show that most CCOs do not believe that either a double-hatted GC/CCO role or a reporting line through the legal department meet these standards, as further illustrated by the following comments by participants:
- The GC and the CO must be separate but equal.
- The great majority of GC's do not have the background, worldview, and experience to be, or be in a position to veto/filter, the CCO.
- Compliance should be independent of Legal to ensure that information flow is not interrupted or spun.
- GC tends to have a defensive outlook and approaches issues differently than Compliance.
- If the (Ethics) and Compliance officer is to be most effective they must feel confident to speak truth to power and be the disruptive thinker when necessary.
That last truth-to-power comment takes on dramatic real-life significance when viewed against the alleged vast Wal-Mart Mexican bribery scheme that hit media headlines in 2012 . Evidently, the compliance-reporting-to-legal structure didnt work out so well for Wal-Mart. According to the exhaustive 8,000-word New York Times investigative report on that case, the general counsel is alleged to have had a key role in advising the CEO to hush up an internal investigation by referring it to the local counsel who had approved the bribes in the first place.
An independent CCO voice in the C-suite may have helped the company to choose a very different path. As the government noted in 2009s record-breaking $2.3 billion Pfizer corporate integrity agreement [PDF]: The lawyers tell you whether you can do something, and compliance tells you whether you should. We think upper management should hear both arguments. Recent reports indicate that Wal-Mart is already paying the price for its bad C-suite decisionsover $600,000 a day in legal costs and expenses (not to mention reputational damage), to be exact.
The SCCE survey results also track developments in the healthcare and finance sectors, two highly regulated industries that have helped to define the meaning of modern compliance. In the former, the heavy hand of government has regularly resulted in a mandatory separation of legal and compliance. In the latter, after years of subordinating the CCO to the GC, at least four big banks have now separated the functions and elevated their CCOs to a more impactful position. At least one of those firms also boosted its CCO to the ranks of its top 50 managers.
Developments like these are what led Deloitte and Touche Director Tom Rollauer to declare the CCO an official member of the C-suite.
The SCCE survey results confirm that Volkovs unsung heroes are more than ready to emerge from under the shadow of the GC, a result that boards, regulators, investors, and other stakeholders are increasingly demanding.
Donna Boehme is an internationally recognized authority and practitioner in the field of organizational compliance and ethics, designing and managing compliance and ethics solutions within the U.S. and worldwide. As principal of Compliance Strategists LLC, Boehme is the former group compliance and ethics officer for two leading multinationals and currently advises a wide spectrum of private, public, governmental, academic, and nonprofit entities through her NJ-based consulting firm. She was named by ComplianceX to its list of "Who Compliance Professionals Should Follow on Twitter in 2013," so follow her on Twitter @DonnaCBoehme.