What Happens When the CCO is Buried in the Organization?
Let me paint a picture for you. It is not pretty. Unfortunately, this picture occurs all too often in the corporate governance landscape.
The first picture captures the presence of chief compliance officer in a stand-alone office in a mid-size public company. The company is not subject to any robust regulatory regime. The CCO has a staff of one or two people, coordinates some compliance activities (e.g. internal investigations) with the legal department. The CCO does not sit on the senior management team and is not a member of the C-Suite.
The CCO is energetic and committed to the compliance mission. And the CCO’s staff of one or two junior professionals share this enthusiasm.
While the senior management team often speak about the importance of compliance, emphasizing that the company is committed to “doing the right thing,” compliance is not an elevated function nor does it have a robust agenda of responsibilities. Instead, the CCO and staff have identified several important tasks and have to generate interest in topics such as third-party risk management, policies and procedures and a Code of Conduct rewrite.
The second picture is equally bleak — a CCO or Director of Ethics and Compliance is assigned to the company’s legal department and reports directly to the General Counsel. The CCO has its own budget, but it is contained in the overall legal budget. The CCO may have a staff of one or two professionals. Again, the CCO is not a part of the senior executive team. Every quarter, the CCO reports to the board of directors with the General Counsel on compliance matters, internal investigations, training and other basic compliance functions.
These pictures represent common, real-world compliance situations. From my perspective, the two scenarios are more common than we recognize. We often hear about the gold-plated ethics and compliance programs for large global organizations. However, in the unregulated world, this type of compliance governance structure occurs on a regular basis.
In these scenarios, I often characterize the compliance function as “buried” in the organization. Of course, in certain situations, senior management may reach down and pluck out the CCO for a specific task but on a day-to-day basis, the message from the board of directors and senior management is clear — compliance is not a priority; indeed, compliance is just an obligatory operation on the corporate organizational chart. In fact, compliance has become basically a check-the-box exercise.
By definition, the two scenarios reflect a failure to even attempt to achieve an effective ethics and compliance program. The missing elements of such a program are readily apparent.
A CCO, as required under DOJ Guidance, has to stand at the top of a compliance function that operates with independence, authority and adequate resources. As outlined above, the CCO meets none of these requirements, each of which is important but based on their inter-dependency reinforce the glaring defective compliance function.
When a CCO is “buried” in an organization, the CCO lacks any shred of independence or authority within the organization. As reflected in the hypothetical scenarios, the CCO lacks any capability of designing and implementing an effective ethics and compliance program. It has neither the independence within the organization nor the independence to ensure that compliance functions are carried out in accordance with relevant standards.
Indeed, the most glaring omission is the CCO’s lack of adequate resources needed to implement an effective ethics and compliance program. Sure, CCOs operating in this environment will do the best they can but eventually they will leave the organization out of frustration — they will suffer from organizational fatigue. A CCO cannot be expected to remain in a situation when it has neither the authority nor the resources to accomplish the compliance mission.
We all know CCOs who operate in this kind of environment. It is difficult to watch but many CCOs persevere because of their dedication and commitment to the compliance mission. In many cases, they hope for a change in attitude and their respective situations. More often, however, these CCOs eventually leave and find a better home to execute to their real potential.