C-Suite Risks and Compliance
A nickel ain’t worth a dime anymore. – Yogi Berra
With all the hubbub about ethics and compliance, senior managers somehow are able to escape any focus or responsibility for compliance programs except in a managerial context. Senior managers need to be held accountable for their own personal ethics and compliance performance as senior executives with significant responsibilities.
The GM debacle is a perfect example of how middle managers and career attorneys were blamed and fired for failing to stand up and stop GM from failing to address faulty ignition switches. No one from the C-Suite was held responsible and, of course, no one lost his or her job.
Almost two years ago, I participated in a RAND symposium that examined the issue of C-Suite compliance. The report from that symposium is available here.
Hopefully, by reviewing this report again, we can redouble our efforts to support CCOs to renew focus on this issue.
Every risk assessment demonstrates that C-Suite misconduct can have a devastating impact on a company. All it takes is one key C-Suite executive to engage in misconduct and the company’s very existence can be threatened, especially if that executive is responsible for company finances.
If you look down the roster of corporate scandals, many started and did not end in the C-Suite. One question to ask every Chief Compliance Officer (assuming they are in the C-Suite) is whether the CCO assessed the risk of misconduct in the C-Suite and what steps did he or she take to minimize such risks?
One important area that is always overlooked is training. CCOs report to the CEO and the Board about how many employees are being trained and certified. The CCO’s report rarely includes reports on C-Suite participation in training and certification programs. This is fundamental mistake and sets the wrong tone within a company.
Senior management has to set an example and then they must be held accountable. The same goes for corporate boards. It is fundamentally unfair for a board and senior managers to hold other employees accountable for a standard that they themselves cannot meet.
To set the proper tone, the Board and the C-Suite should be the first to attend training and the first to certify their compliance with the company’s ethics and compliance program. It is an important symbolic step but one that is easy to complete.
Training, however, is just the tip of the iceberg. Senior managers need to be held accountable on the Code of Conduct and specific ethics and compliance policies and procedures. To the extent these policies apply to their job functions, they should be assessed, audited and evaluated on compliance with these basic requirements.
A CCO needs to include a C-Suite compliance audit to ensure that this risk is addressed, that audit findings are documented and then remediated within a specific period of time. A CCO and other compliance personnel cannot avoid or ignore the C-Suite – there is too much to lose by not subjecting senior executives to the full scope of the company’s ethics and compliance program.
Yogi Berra recognized the incongruity of a nickel that was not worth a dime. Similarly, an ethics and compliance program that does not apply to the C-Suite in every aspect of its operations will suffer from a similar incongruity. The implications of failing to address the C-Suite risks has been at the core of numerous corporate scandals that have had disastrous consequences for companies, employees and shareholders.