An Independent CCO Is A Compliance Program Requirement
I have reprinted below an article I wrote this week for Corporate Counsel — link is here
I thought the debate was over on this issue: The train has clearly left the station for the “best practice” of separating the legal and compliance functions—empowering a separate chief compliance officer with direct reporting authority to the board of directors. As a former prosecutor and now defense counsel, what surprises me isn’t the overwhelming momentum for the independent CCO voice in the C-suite, but the head-in-the-sand resistance of those who refuse to recognize the significance of the empowered CCO as an effective way to elevate compliance and improve corporate governance.
In a recent column for CorpCounsel.com, “The CCO as an Independent Voice: Another View,” Michael W. Peregrine and Joshua Buchman appear to re-argue the case, claiming that a general counsel can serve as the chief compliance officer. I do not doubt that a general counsel can serve as the chief compliance officer but the question is: Should the general counsel serve as the chief compliance officer?
As prosecution risks have increased, so has the role of the chief compliance officer. Companies are fast recognizing the importance of elevating a CCO and protecting their independence with direct reporting authority to the board or a board committee. Separation of the legal and compliance functions ensures independent and objective legal reviews and promotes an internal system of checks and balances.
The parade of corporate scandals where the compliance officer reporting to the GC, or the GC acting as CCO, hasn’t worked tells us that we need to structure these positions for success, rather than depend on the personal attributes and relationships of a single individual GC to carry the day.
It is striking that the authors characterize the separation of the general counsel and chief compliance officer as something that is preferred by “federal law enforcement agencies,” or mandated by the government as part of a settlement of civil or criminal violations. Even more curious is their statement that there is “no credible authority that mandates the separation of the two positions.”
This position ignores the overwhelming weight of corporate governance experts, compliance experts, the United States Sentencing Commission, federal prosecutors and regulators, and numerous studies that support the proposition that separation of such functions is a best practice—one that should be encouraged by everyone in the governance field. Of course, there are exceptions to any rule based on the size of a company or the specific company characteristics that may suggest a different solution. However, arguing the issue as if nothing has changed in the last few years is ignoring reality.
Make no mistake about the current trend in compliance—companies are now embracing change to empower CCOs and create independent lines of responsibility. The catalyst for this change is very simple—an aggressive enforcement environment that threatens companies with serious consequences.
In response, companies are looking to enhance their compliance efforts. The old model of having the general counsel wear two hats as a chief legal officer and a chief compliance officer is quickly fading into the recesses of the medieval guild system. Change is occurring—companies are getting the message by creating compliance committees at the board level, and by empowering an independent CCO who reports directly to the CEO or the compliance committee. Just last year, a joint PwC and Compliance Week study [PDF] indicated that the number of chief compliance officers separate from the legal department and with reporting obligations to a board committee, CEO, or other senior manager had increased significantly from prior years. What is most critical is that the two roles have to coordinate and work well together. There is no question that the two roles are completely different, and two different people need to carry out their respective responsibilities.
The trend of an independent CCO has now been embraced by scores of leading companies, including more recently some major players in the finance industry such as Barclays, HSBC, and J.P. Morgan, which empowered their CCOs by separating them from their respective legal departments. These innovative solutions to real governance problems only increase the trend across all industries—an empowered chief compliance officer creates a significant check and balance against misconduct.