Troubling Trends: The CCO’s Authority, Independence and Access to Resources (Part II of III)
While my first posting highlighted the positive developments in the CCO’s role and professional development, the next two postings present troubling concerns.
We have to recognize that 2020 was a difficult and unusual year for CCOs, given the panoply of risks, the disruption to every organization, and devastating impact of the COVID-19 pandemic. CCOs were forced into a new environment where health and safety issues, along with remote working arrangements raised a number of new risks that had to be addressed. CCOs played an important role in reassuring employees, shareholders and other stakeholders in the community.
In response to the pandemic and the racial justice issues that arose during 2020, CCOs had to exercise even more responsibility for protecting the company’s culture and responding to these two significant issues. Diversity issues became an important priority for many organizations.
The ability of the CCOs to adapt depended on the financial continuity of the organization. Unless a CCO was operating in a line of business that grew during the pandemic, CCOs faced a difficult situation when it came to resources and other important aspects of their responsibilities. As we return to “normal” sometime in 2021, we will quickly observe continuing and important trends for CCOs.
Staffing and Resources
CCOs continue to cite “lack of support and resources” as major issues they have to address in the organization. This is recurring trend and the pandemic did little to improve the situation.
In a recent survey, only 18 percent of responding CCOs reported a significant drop in their budget. CCOs at regulated companies continue to maintain budgets and resources but are regularly denied needed increases to respond to evolving regulatory requirements or improve overall performance.
With respect to anti-corruption compliance, a major risk for many international companies, only 41 percent of responding companies reported an increase in compliance budgets as opposed to 88 percent of responding companies four years earlier. The unmistakable trend in compliance is a budget slowdown with either flat budget levels or slightly diminishing fundling leves.
Many compliance organizations are lifted by a corporate scandal or even a government investigation. CCOs are becoming more adept at internal budget issues and political turf battles. The importance of a compliance function to a company is often reflected in the compliance budget – whether resources and staff increase to improve functions and take advantage of technology innovations. A continuing complaint from CCOs is that they are being asked to do more with the same staff and budget.
Independence, Authority and Empowerment
CCOs face a crisis in independence, authority and empowerment. While CCOs enjoy broad new responsibilities, the real test for CCOs is their ability to exercise authority. There are frequent examples of cases in which CCOs are ignored or shut out when real questions are raised concerning compliance.
It has almost come to be expected when reading enforcement actions – FCPA, OFAC Sanctions, money laundering, antitrust or data privacy – compliance often raises concerns which are ignored, or they are circumvented. The factual statements of these enforcement actions set out ways in which the organization circumvented compliance.
Businesses have forgotten an important requirement for effective compliance – CCO have to maintain independence and authority to prevent misconduct before it occurs. Unfortunately, many businesses forget this point, thinking that placing a CCO in the C-Suite satisfies this requirement. In other words, the best kind of a CCO is the one that stays silent and defers to the business.
A recent survey of compliance functions found that over 50 percent of reporting CCOs knew that the company was not following established anti-corruption compliance program requirements. That is a devastating number, which means that in many companies, compliance is a request, not a requirement.
The Justice Department has recognized this fundamental gap in CCO authority, perhaps in reaction to the 2020 enforcement actions that revealed the problem – compliance programs are implemented but lack independence, authority and resources. In response, DOJ amended in July 2020 one of its three important questions from its Evaluation of Corporate Compliance Program guidance – specifically, the second question was amended to read:
Second, “Is the program being applied earnestly and in good faith?“ In other words, is the program adequately resourced and empowered to function effectively?
DOJ’s inquiry focuses on adequate resources and empowerment. I wonder (out loud) how many companies can answer that question affirmatively?
The troubling trend in compliance is the extent to which compliance is empowered and independent. Will the company adhere to compliance requirements when faced with a lucrative business opportunity. In other words, would a company akin to Goldman Sachs put a stop to bribery when the misconduct earns them significant revenues?
Compliance cannot be a part-time requirement when convenient to the business. The real test comes when a company has to choose between compliance and lawful conduct. Unfortunately, many companies have failed that test. CCOs have a responsibility in these cases to make sure they exercise their responsibilities – to the company, the shareholders, senior management and other stakeholders. Convenient compliance is not an option.