Monday, April 18, 2011

Chief Compliance Officers: The Evolving Picture

When designing and implementing robust compliance plans, companies face the age-old questions: Should we designate a corporate compliance officer? Who should the CCO report to in the company?

In the next five years, the position of CCO will take on a new and more dynamic role in every company. With the rise of enforcement, it is inevitable that the importance of the CCO will increase in every organization. CCOs are likely to rise in organizations to a level equal to General Counsels and Chief Financial Officers.

As I frequently tell groups of compliance officers, I have good news and I have bad news – the bad news is that federal enforcement efforts are increasing; the good news is that they can now go and successfully argue to top management that they need additional resources.

Companies that do not designate a CCO or strangle the CCO’s office by reducing resources are only asking for serious trouble. One way to ensure that an enforcement action is initiated against your company is to eliminate or merge the CCO functions into another position.

Companies need to appoint CCOs to implement compliance principles, identify and respond to risks, oversee day-to-day compliance activities, and relay compliance issues to the CEO and the Board. The debate regarding the optimal reporting structure for the ethics and compliance function is ongoing, and companies use an array of reporting structures.

The CCO role can be structured in several different ways:

1. The CCO is independent of the general counsel and CFO and reports directly to the CEO and board;

2. The general counsel also is the CCO; or

3. The CCO reports to the general counsel and the CFO.

According to 2010 corporate ethics survey, 41 percent of CCOs at publicly-traded companies report directly to the Board, 54 percent of CCOs at privately-held companies report directly to the Board, and 59 percent of CCOs at non-profit companies report directly to the Board.

The recent amendments to the United States Sentencing Guidelines provide further incentive for elevating the role of a CCO. Under the amendments, an organization can still be credited as having an effective compliance program even if high-level personnel participated in, condoned or were willfully ignorant of a criminal offense if the organization’s compliance program gives the individual with day-to-day operational responsibility for the compliance program “direct reporting obligations” to the members of the Board.

Companies should consider restructuring the CCO’s role to give the CCO the ability to communicate directly with the Board or Board Committee; requiring the CCO to provide the Board annual status updates on the compliance and ethics program; and documenting in writing the CCO’s authorization to bring matters to the Board or Board Committee by amending the appropriate committee charter, the audit committee complaint procedures or the CCO job description.


  1. As the compliance landscape develops on a daily basis requiring a high level of legal analytical skills, knowledge and understanding, CCO's and CO's must come equipped with solid legal training and backgrounds i.e. from an in-house or outside counsel training ground. The days of recruiting financial analysts, accountants or business graduates in such roles is not sufficient and falls short of the benchmark that is being set. It is frustrating to see fortune 500 and globally listed internationals still window-dressing the compliance function with inadequately qualified personnel.

  2. Envisioning the role of CCO with clarity and sense of purpose has always been a challenge. In country like India we are experiencing remarkable change in the understanding and manner in which cross border issues such as FCPA are being addressed. While we have developed IT enabled solution ( that are robust and cost effective), CCO of global corporation needs to look beyond the boundaries and ensure that the compliance program manages complex cross boarder issues in transparent manner.

  3. Designating the corporate compliance officer's responsibilities to the CCO or anyone in the company shouldn't be bias in his/her decisions and a person whom any employee could run to should they experience or observe unethical acts of other employees especially their superiors.