A team of two - why GCs and chief compliance officers must work in tandem
The role of the chief compliance (and ethics) officer (CCO) is currently a hot, if confused topic. What does she do - ensure good process or enforce strict compliance? To whom does she report - general counsel/chief financial officer or to chief executive officer/board? What is her role in shaping the company's voluntary adoption of ethical standards beyond what the law requires? This issue has been thrust into high relief by regulators and enforcers who, in light of various scandals, want a more independent compliance function in corporations. For example, changes in the US federal sentencing guidelines would give corporations extra credit if the "specific individual" in the corporation with "day-to-day operational responsibility for the compliance and ethics programme" has direct access to the board of directors.
February 01, 2011 at 03:03 AM
9 minute read
Regulators are calling for a more independent compliance function within companies, but Ben Heineman says GCs and chief compliance officers must work in tandem
The role of the chief compliance (and ethics) officer (CCO) is currently a hot, if confused topic. What does she do – ensure good process or enforce strict compliance? To whom does she report – general counsel/chief financial officer or to chief executive officer/board? What is her role in shaping the company's voluntary adoption of ethical standards beyond what the law requires?
This issue has been thrust into high relief by regulators and enforcers who, in light of various scandals, want a more independent compliance function in corporations. For example, changes in the US federal sentencing guidelines would give corporations extra credit if the "specific individual" in the corporation with "day-to-day operational responsibility for the compliance and ethics programme" has direct access to the board of directors.
The issue has also received attention in the resolution of various high-profile cases, including a recent Pfizer settlement of criminal and civil matters with the US Department of Justice and the US Department of Health and Human Services, which required that the company's CCO bypass the GC and report directly to the chief executive.
Let me offer a somewhat contrary, more nuanced view about the critical importance of a CCO, but in a right-sized role. There are three broad organisational options:
- The CCO is independent of the GC and CFO and reports directly to the CEO and board.
- The GC is also the CCO.
- The CCO reports to the GC and the CFO, and deals primarily with the process of compliance across all substantive subject-matter areas.
I favour the last option as the practical ideal because it builds on the vital need in a corporation for a strong, broad-gauged GC, because it avoids significant organisational overlap and confusion and because it focuses the CCO on critical process management, uniformity and rigour across the corporation. Here are some of the key reasons for my view.
Many experts, not one. Compliance is not one substantive subject, it is many: competition law, employment law, environmental law, international law, accounting rules and disclosure law. Compliance also involves particular subject-matter areas governing specific industries (health law, communications law, banking law, etc).
Experts report to GC/CFO. The substantive experts in all those areas of formal rules, legal and financial, need to report either to the GC or to the CFO. They must not only be at the core of all compliance functions in their substantive areas but they are also involved in myriad business and policy issues beyond compliance. It makes absolutely no sense to duplicate that expertise by having a second set of experts who report to the CCO.
The GC's role in individual decisions. These substantive experts staff the GC or the CFO for meetings with the CEO and the board to define and discuss critical decisions with a legal or ethical component – a new deal, a new product, a new geography or a new government investigation. The GC and the CFO should be at the table, supported by substantive experts inside the company who work for them. Indeed, the growing importance of business-in-society issues in major companies means that the GC is becoming equal in importance to the CFO in the eyes of the CEO and the board of directors.
What is right? In these individual decisions, it should be the role of the GC not only to address the question of what is technically legal, but also to raise and help analyse the question of what is right. This second question requires assessment of the spirit of the law, ethics, reputation, public policy and societal expectations in light of the corporation's enlightened self-interest. It is ludicrous to suggest, as some do, that the GC only worries about what is legal and the CCO worries about what is right. The what-is-right set of issues is at the centre of the role of the modern, broad-gauged general counsel as wise counsellor and leader.
Compliance is a core GC job. At the dead centre of the GC (and CFO) job is responsibility for adherence to the formal and ethical rules binding the company. They must be partners to the chief executive, but first and foremost they must be guardians of the company on the three essentials of compliance: prevent, detect and respond.
Experts and compliance basics. The fundamental responsibility in a good organisation for fusing performance with integrity lies with the chief executive and top business leaders. But it is the substantive experts reporting to the GC and CFO who must work with businesspeople to map core commercial processes, assess where risks exist and then devise risk mitigation procedures. Their substantive expertise and involvement is vital in developing education and training, in devising techniques for checking and balancing, in creating appropriate monitoring mechanisms and in investigating, disciplining and rebuilding failed systems.
What, then, is the role of the CCO when he or she reports to the GC and CFO? Put simply: process integration and rigour. Because there are so many different substantive areas of compliance handled by different experts, it is vital that these threads be woven together into a coherent compliance programme. There must be a single code of conduct and uniform set of policy guides. There must be integrated general education and training for all employees. There must be an integrated method for tracking individuals who move into high-risk jobs: risk-assessing those jobs across several compliance areas and providing tailored, individualised courses.
There must be a systematic company method to process map, assess risk and mitigate risk. There must be oversight of the ombuds system to ensure that it is being operated fairly, promptly and without retaliation. There must be a continuing, energetic search for best compliance practices outside the company. In summation, there must be an overall assessment of how compliance processes are working beyond reviews of particular substantive areas (for example, competition law or environmental protection) and beyond individual business units.
Although substantive lawyers have expertise and knowledge to assess legal and ethical risks in their areas and to design specific mitigants, they may not have the process skills that great compliance leaders possess. (Compliance leaders may not even be lawyers but can, for example, be ex-military officers with outstanding organisational skills). Working with the GC and CFO and with the substantive compliance experts, the CCO assists business leaders in embedding integrity processes deep into business operations. Make no mistake, I believe process management across the whole compliance system is a central and vital job.
But as noted, it makes no sense for the CCO to be independent and hire the various substantive experts who must work on compliance but also on business problems for the GC and CFO. That doesn't amount to appropriate checks and balances, but is a source of bureaucratic waste, confusion and possible turf-fighting. Similarly, the GC should not be CCO in the sense that I have used it here because rigorous oversight of the compliance processes demands too much time, and a direct report to the GC (and CFO) needs an important title like CCO to command the respect this critical job requires.
The main objection to the position I am advocating is expressed in one phrase: lack of independence. At headquarters, the GC and CFO will be compromised by their relationship to the chief executive, and their fear of losing unvested options or deferred compensation. Down in the organisation, division lawyers or finance people will be afraid to speak candidly to their business leaders and afraid to report up to the company GC or CFO.
The short response to this objection is one word: culture. In a good company – a company with a high-performance and high-integrity culture – the chief executive leads personally and directly on integrity and, with the board's explicit support, makes clear that she wants the GC and CFO to be rigorous and candid on issues of legal, financial and ethical rules. Creation of such a culture turns on top leadership, not on the CCO.
In such a culture, the CCO attends all integrity reviews with top leadership and, like the head of the company audit staff, can report directly to the audit committee of the board periodically on the strengths and weaknesses of compliance processes. Indeed, I would go so far as to have the board and the chief executive commit to give the CCO access to them at any time when the CCO believes that the company is not handling a compliance issue properly, including misbehaviour by the GC or CFO.
In a bad company, with a poor culture, a distant board and an indifferent chief executive (or worse), independent voices – whether from a CCO or the GC/CFO – will be muffled and discouraged. Neither a general counsel nor an independent CCO can change a bad environment, which deeply affects how people feel, think and act. If the tone at the top is rotten, then little can be done without the chief executive or board being removed. Indeed, the misguided enforcement thrust for a CCO wholly independent of the GC and CFO has stemmed from major scandals caused by senior leadership's unlawful, unethical or negligent behaviour and by board indifference or negligence. If the GCs (or CFOs) were complicit or negligent, enforcers should press for their replacement, not for supplanting them.
To me, one good example of the approach suggested here is Siemens. Following a massive bribery scandal, its new chief executive (Peter Loscher) and new general counsel (Peter Solmssen) undertook an intense effort to resolve outstanding cases, change the culture, redesign compliance processes and make adherence to law and ethics a critical part of performance appraisals. To help address integrity issues in the future, a newly energised CCO and compliance function have been established. They report to the general counsel.
This article first appeared in Corporate Counsel, a US affiliate title of Legal Week. Ben Heineman is a former General Electric senior vice president-general counsel and is now senior fellow at Harvard's law and government schools.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
'Almost Impossible'?: Squire Challenge to Sanctions Spotlights Difficulty of Getting Off Administration's List
4 minute read
'Never Been More Dynamic': US Law Firm Leaders Reflect on 2024 and Expectations Next Year
7 minute readTrending Stories
- 1Call for Nominations: Elite Trial Lawyers 2025
- 2Senate Judiciary Dems Release Report on Supreme Court Ethics
- 3Senate Confirms Last 2 of Biden's California Judicial Nominees
- 4Morrison & Foerster Doles Out Year-End and Special Bonuses, Raises Base Compensation for Associates
- 5Tom Girardi to Surrender to Federal Authorities on Jan. 7
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
