Empowering the Chief Compliance Officer
Sometimes the legal profession reminds me of the medieval guild system – a profession which is motivated more by self-preservation than change. You can always count on lawyers who cling to an outmoded perspective to try to stall inevitable change.
Make no mistake about the current trend in compliance – companies are now embracing change to empower chief compliance officers and create independent lines of responsibility. The catalyst for this change is very simple – an aggressive enforcement environment which threatens companies with serious consequences.
In response, companies are looking to enhance their compliance efforts. The old model of having the general counsel wear two hats as a chief legal officer and a chief compliance officer is quickly fading into the recesses of the medieval guild system. Change is occurring and companies are getting the message by creating compliance committees at the board level, and by empowering an independent chief compliance officer who reports directly to the CEO or the compliance committee.
Healthcare companies and oil and gas companies have embraced change and have recognized the importance of separating the general counsel from the CCO function. These industries have been the focus of government enforcement programs and have responded with new and innovative compliance programs.
Recently, financial institutions have started to recognize the importance of CCO empowerment. JP Morgan, Goldman Sachs Group, HSBC and Barclays all changed their compliance structures in response to significant violations and enforcement matters. Their CCOs report to their boards, CEOs, or a Chief Operating Officer. This trend was recognized in the US Sentencing Commission’s requirement for an “effective” compliance program – “[responsible compliance officer] shall be given adequate resources, appropriate authority, and direct access to the [board] or an appropriate subgroup of the [board]. Section 8B2.1(b)(2)(C).
Against this overwhelming trend, some lonely voices of opposition are still out there clinging to resistance. They continue to recommend that the chief compliance officer should be under either the general counsel, chief financial officer or human resources director. Some have even suggested that former prosecutors are ill-equipped to serve as CCOs. That view, which is hard to understand, can only be the product of a narrow-minded view of the compliance function in any organization. It is hard for anyone to argue that the two-hatted general counsel can serve both functions adequately and embrace some of the new, cutting edge compliance tools and procedures being created in the business community.
The arguments in favor of the primacy of the general counsel are outmoded. Some companies have very talented general counsels, but that does not mean they have the ability to make important compliance program judgments and the independence to analyze risks, develop internal controls and monitor company performance.
An independent CCO who reports directly to the board is invaluable as a resource to the board for learning about internal company operations, weighing potential risks and ensuring that compliance is given adequate resources.
The tide has turned in favor of those that have long advocated for an independent CCO in recognition of the need for an internal voice of reason within senior management and at the board level. They have the better of the argument. Boards, regulators, prosecutors, NGOs and investors are taking notice. The wave of change is overwhelming and the legal profession has to adapt to the new reality.