Let me paint a picture for you. It’s not pretty. Unfortunately, this image occurs too often in the corporate governance landscape.
The first photo shows the presence of the chief compliance officer in a freestanding office of a medium-sized public company. The company is not subject to any stringent regulatory regime. The CCO has a team of one or two people, coordinates certain compliance activities (eg internal investigations) with the legal department. The CCO does not sit on the management team and is not a member of the C-Suite.
The CCO is energetic and committed to the compliance mission. And the CCO team, made up of one or two young professionals, shares this enthusiasm.
While the leadership team often talks about the importance of compliance, emphasizing that the company is committed to “doing the right thing”, compliance is not a senior function and has no plus a strong accountability program. Instead, the CCO and staff have identified several important tasks and need to generate interest in topics such as third party risk management, policies and procedures and a rewrite of the code of conduct.
The second picture is equally bleak: a CCO, or director of ethics and compliance, is assigned to the corporate legal department and reports directly to the general counsel. The CCO has its own budget, but it is contained within the overall legal budget. The CCO may have a staff of one or two professionals. Again, the CCO is not part of the senior management team. Quarterly, the CCO reports to the Board of Directors with the General Counsel on compliance matters, internal investigations, training and other basic compliance functions.
These images depict common, real-life compliance situations. From my perspective, both scenarios are more common than we recognize. We often hear about gold-plated ethics and compliance programs for large global organizations. However, in the unregulated world, this type of compliance governance structure happens regularly.
In these scenarios, I often characterize the compliance function as “buried” in the organization. Of course, in some situations, senior management may turn to the chief compliance officer for a specific task, but on a day-to-day basis, the message from the board and senior management is clear: compliance is not a priority ; indeed, compliance is only a mandatory operation in the organization chart of the company. In fact, compliance has essentially become a tick box exercise.
By definition, both scenarios reflect a failure to even try to implement an effective ethics and compliance program. The missing elements of such a program are obvious.
A CCO, as required by DOJ guidelines, should sit at the top of a compliance function that operates with independence, authority, and adequate resources. As noted above, the CCO fails to meet any of these requirements, each of which is important but which, due to their interdependence, reinforces the glaringly flawed compliance function.
When a CCO is “buried” in an organization, the CCO has no trace of independence or authority within the organization. As reflected in the what-if scenarios, the CCO has no ability to design and implement an effective ethics and compliance program. He has neither the independence within the organization nor the independence to ensure compliance functions are performed in accordance with applicable standards.
Indeed, the most glaring omission is the CCO’s lack of adequate resources to implement an effective ethics and compliance program. Of course, CCOs operating in this environment will do their best, but will eventually leave the organization out of frustration – they will suffer from organizational fatigue. A CCO cannot be expected to remain in a situation where they have neither the authority nor the resources to accomplish the compliance mission.
We all know CCOs who operate in this kind of environment. It’s hard to observe, but many CCOs persevere because of their dedication and commitment to the compliance mission. In many cases, they hope for a change in attitude and respective situation. More often than not, though, these CCOs end up leaving and finding a better home to fulfill their true potential.