The Myths Surrounding Ethics and Compliance Programs
Chief compliance officers have a difficult job. That is a real profound grasp of the obvious. CCOs face an unending onslaught of tasks, risks and juggling of concerns and activities. On many respects, a CCO’s job is never done – once they accomplish a project, they have an unending list of tasks to address.
CCOs are the unsung heroes of corporate governance. They get little credit for their work and they are prime receptacles of “blame” when something goes wrong. It is part of the territory.
By contrast, the Chief Legal Officer does not stand in the cross hairs of corporate leaders. Instead, General Counsels stand behind a reactive approach to managing legal risks and are not often judged on the basis of their proactive strategies.
CCOs are judged every day when a potential risk develops into a real risk or legal or reputational problem. Senior executives always ask why a specific risk was not mitigated and why the company’s compliance program did not “work” when a problem develops. Such questioning and perspective is unfair and represents a narrow understanding of ethics and compliance.
CCOs have to address this issue and nip it in the bud – the first place to start is training the board and the C-Suite on how to manage and oversee an ethics and compliance program. Education is the key to many issues in life and compliance is one area where education has to be robust.
Too many corporate boards and C-Suites are embracing an unrealistic view of ethics and compliance programs. All too often, they describe their company’s compliance program as a guarantee or insurance policy against future violations of company policies or laws. Such an approach is unfair to the company and to CCOs.
This attitude reflects wishful and unrealistic thinking on the part of senior leadership. Board members and senior executives have to move past this incorrect understanding.
CCOs have a real challenge in this area. First, they have to disabuse board members and senior executives as to the real capabilities of an ethics and compliance program. Of course, code of conduct and legal compliance are important objectives, but equally important is promoting a culture of compliance that helps to build a company’s reputational value and ultimately, the company’s sustainability and profitability.
CCOs are good at handling difficult conversations. It is a skill that many of them have as part of their commitment to ethics and compliance values. When discussing the objectives of a corporate ethics and compliance program, CCOs have to broaden their language to include education on the importance of a company’s culture. They must move beyond the narrow scope of code of conduct and legal compliance, and offer a broader view of the company’s most valuable intangible asset – its reputation for trust and integrity with its key stakeholders.
I do not mean to diminish the importance of legal and code of conduct compliance. These are prime objectives but they are part of an overall objective to promote and embed a culture of ethics and compliance. This broad framework reflects the real objective of an ethics and compliance program.
CCOs that play only in the legal risk sandbox risk undermine the very purpose of the company’s compliance program. A narrow focus, while facially attractive, plays right into the hands of the “uneducated” board members and senior executives who define ethics and compliance programs by one measure – did we prevent any violations of the law?
A broad focus on a company’s culture and its values is a proper focus but should never prevent CCOs from ensuring that their compliance programs address legal risks along the way. My point only is to raise the importance of a broader focus, a common understanding within the company, and a healthy perspective on a company’s reputation.
Michael,
Always good to read your blogs. Thank you for continuing that effort.
When you write in this article ‘They must move beyond the narrow scope of code of conduct and legal compliance, and offer a broader view of the company’s most valuable intangible asset – its reputation for trust and integrity with its key stakeholders’ you put your finger on the it! That’ what Ethics is all about, namely ‘doing the right thing’ and not just the ‘legally allowed thing’. Examples are easy to find: the Panama papers showed us examples and the Prime Minister in Iceland lost his job and in the UK Cameron had to try to explain why his father’ offshoring (which he inherited and maintained) was ok. The tax issues that Google, Facebook and Apple have in Europe and elsewhere outside the USA, show that the public is fed up with legally acceptable but socially unacceptable behaviour. Compliance Officers should be Ethics and Compliance Officer to make that clear distinction with the legal organisation that the General Counsel overseas.
Frankly, I am less concerned than you and others where the CCO reports organisationally, provided the CCO has unfettered access to a Board Committee made up of Independent Directors. They should appoint, appraise and Fire the CCO, thereby ensuring the independence necessary. I have seen it work adequately and would recommend companies that are serious about Ethics and Compliance to do the same