Tuesday, June 7, 2011

Empowering Compliance Officers

For those companies dedicated to compliance, the first and most critical step is a commitment to empower its compliance office.  A company must assign adequate personnel and allocate adequate resources to fulfill its mission.  An effective compliance officer must be regarded as equal to, or even senior to, the company's Chief Financial Officer or General Counsel. 

Gone are the days when compliance offices are a backwater for auditors or management specialists with no authority to address compliance issues.  The challenge today is to empower compliance functions by integrating the required elements for success: legal, auditing, human resources and investigative resources. 

The structural keys to ensure success are:

1.  Designating a Chief Compliance Officer and assigning them responsibilities at a senior executive level commensurate with the Chief Financial Officer and General Counsel.

2.  Creating a Compliance Committee separate from the Audit Committee on the Board of Directors to which the Chief Compliance Officer may directly report if necessary.  While approximately one quarter of all companies have created Compliance Committees, it is the new trend and in most cases is an important step for companies to underscore compliance.

3.  Preserving attorney-client privilege within the compliance office and functions.  In the internal turf battles between attorneys and compliance offices, the general counsel frequently wins by asserting that he or she has the attorney-client privilege which can protect any communications from disclosure.  A compliance office can establish the attorney-client privilege by staffing the office with attorneys, ensuring that communications related to compliance concern legal advice related to compliance matters.  This is not hard to do; after all, attorneys, accountants and other staff work together in many contexts and regularly work to preserve the privilege.  This same strategy can be applied in the compliance context so long as lawyers are strategically used in the conduct of compliance operations. 

4.  Creating a new office for corporate compliance consisting of key officers and employees with cross-cutting access to information and responsibilities across the legal, accounting, human resources and investigative fields.  With innovative ideas, and staff and support from top management, the new compliance office should be elevated within the organization and empowered with real authority.


  1. Could not agree more although I recently saw a company establish a compliance council that had representatives of all business units within the organisation. What they have created is their own UN council of 26 people. This structure has taken the concept to the extreme to the extent the intent of the council has been forgotten from a compliance standpoint and is now in place so management can pat themselves on the back and demonstrate they have a compliance function and it represents the business. The aforementioned council is expects to report, review, discuss and guide the company through its compliance programme, all it will do is bog it down, miss guide it and air the companies confidential dirty laundry to a large group of non-lawyers. At this point, I will comment, this companies model has no lawyers either on the council or within the compliance unit. In addition, all 26 persons on the council have no formal or experience in compliance. Most are either HR managers, finance or the business heads themselves, who are more than likely unwilling to launder their dirt in such a big group. I am surprised companies still simply just don't get it.

  2. Sounds like a crazy set up -- you are exactly on point. Companies just do not get it.

  3. Unfortunately Michael, I voiced my opinion on this and other issues, recently escorted from the building. No anybody who needs a good compliance counsel who calls it as it is?

  4. Having gone through a similar situation, I was told by my supervisor, a fellow learned colleague, that an agent agreement intended to procure government approvals was simply a "bad business decision". Has the bad business decision ever got up as a defense? We wouldn't know because no one has been so stupid to run that chest nut! Or have they? In addition, the same astute counsel pointed out that emails explicitly describing the conduct underlying the corrupt intent were inadmissible under the hearsay rule. Bright spark had obviously forgotten exceptions to the Hearsay rule, specifically, the business purpose test. Desperate!