When designing and implementing robust compliance plans, companies face the age-old questions: Should we designate a corporate compliance officer? Who should the CCO report to in the company?
In the next five years, the position of CCO will take on a new and more dynamic role in every company. With the rise of enforcement, it is inevitable that the importance of the CCO will increase in every organization. CCOs are likely to rise in organizations to a level equal to General Counsels and Chief Financial Officers.
As I frequently tell groups of compliance officers, I have good news and I have bad news – the bad news is that federal enforcement efforts are increasing; the good news is that they can now go and successfully argue to top management that they need additional resources.
Companies that do not designate a CCO or strangle the CCO’s office by reducing resources are only asking for serious trouble. One way to ensure that an enforcement action is initiated against your company is to eliminate or merge the CCO functions into another position.
Companies need to appoint CCOs to implement compliance principles, identify and respond to risks, oversee day-to-day compliance activities, and relay compliance issues to the CEO and the Board. The debate regarding the optimal reporting structure for the ethics and compliance function is ongoing, and companies use an array of reporting structures.
The CCO role can be structured in several different ways:
1. The CCO is independent of the general counsel and CFO and reports directly to the CEO and board;
2. The general counsel also is the CCO; or
3. The CCO reports to the general counsel and the CFO.
According to 2010 corporate ethics survey, 41 percent of CCOs at publicly-traded companies report directly to the Board, 54 percent of CCOs at privately-held companies report directly to the Board, and 59 percent of CCOs at non-profit companies report directly to the Board.
The recent amendments to the United States Sentencing Guidelines provide further incentive for elevating the role of a CCO. Under the amendments, an organization can still be credited as having an effective compliance program even if high-level personnel participated in, condoned or were willfully ignorant of a criminal offense if the organization’s compliance program gives the individual with day-to-day operational responsibility for the compliance program “direct reporting obligations” to the members of the Board.
Companies should consider restructuring the CCO’s role to give the CCO the ability to communicate directly with the Board or Board Committee; requiring the CCO to provide the Board annual status updates on the compliance and ethics program; and documenting in writing the CCO’s authorization to bring matters to the Board or Board Committee by amending the appropriate committee charter, the audit committee complaint procedures or the CCO job description.