CCOs and the C-Suite
Let’s start out with something ironic – the C-Suite typically resists the need for ethics and compliance training, as well as other compliance controls, claiming that they know everything about ethics and compliance. Unfortunately, when a member or members of the C-Suite commit misconduct, the consequences can be devastating for the company.
We all know high-profile instances of C-Suite misconduct involving bribery, fraud, and theft.
In a recent criminal case against Wellcare in Florida, four C-Suite members – the CEO, CFO, Vice President and Chief Legal Officer – were convicted for committing Medicaid fraud by submitting false claims for behavioral healthcare services. Wellcare operates HMOs around the country, and relies on Medicaid payments for services to many of its patients. The fraud scheme was hatched and orchestrated by the four members of the C-Suite. The CEO, CFO, and Vice President were convicted after a trial, and the CLO plead guilty. Wellcare entered into a deferred prosecution agreement, paid a $40 million fine, and cooperated in the criminal cases against the former executives.
The Wellcare example is just that – one of many examples underscoring the risk and consequences of C-Suite misconduct. Even a single bad actor in the C-Suite can have serious consequences to a company.
A CCO has to prioritize C-Suite risks and mitigation strategies. All too often, a CCO avoids confronting the C-Suite with requirements for a risk assessment and specific mitigation strategies. CCOs can no longer avoid these significant risks, and have to turn the C-Suite into allies and ambassadors for the company’s compliance program.
A company’s C-Suite has to lead a compliance program by example. The C-Suite should be the first to participate in training programs, and should publicize their attendance and commitment.
Each C-Suite member should assume responsibility for an aspect of the compliance program as an annual performance requirement. A C-Suite member’s compensation should be contingent (in part) on completion of required compliance tasks.
If the C-Suite resists compliance participation and responsibilities, a CCO has to address this issue. It is difficult for a CCO to walk into the C-Suite and announce that the C-Suite has to attend training and complete compliance tasks. Instead, a CCO has to address the issue step-by-step:
First, the CCO should push for an opportunity to “train” the C-Suite (as well as the board). The training session is an important opportunity to educate the C-Suite on the importance of compliance and their specific role in the operationa and success of the program. A CCO should train the C-Suite each year, at a minimum.
Second, the CCO should enlist the support of its internal ethics and compliance committee. Some members of the committee may be from the C-Suite, but that should not dissuade the CCO from seeking the committee’s support.
The CCO should use the internal compliance committee to “speak” to the C-Suite through coordinated recommendations and guidance from the committee. With the support of the internal compliance committee, a CCO’s message to encourage the C-Suite to take on a broader role can be more effective.
Third, the CCO needs the support of the CEO to require C-Suite members to participate in training and assume compliance program responsibilities. If the CEO is unwilling to do so, a CCO has to consider alternative strategies – speaking to the Audit Chair, and reporting to the Audit Committee in executive session.
A CCO cannot implement an effective ethics and compliance program without the assistance and support of the CEO and the C-Suite. A CCO cannot rationalize the C-Suite’s non-participation, and is just wasting time at a company if the C-Suite will not join the effort.