If one were to stage a retelling of Shakespeare’s Hamlet in a modern corporate boardroom, chances are the most likely source of the “conscience of the king” would not be the company’s general counsel, but the chief compliance officer instead. Recently, the position of chief compliance officer has moved beyond the shadow of the general counsel’s office and acquired an importance and level of independence that few envisioned. Once thought of as an unfortunately necessary offshoot of the legal department, CCOs are enjoying considerable autonomy as companies nationwide confront a bewildering thicket of regulatory activity and corporate integrity issues.
The rise of the CCO is the result of a number of factors. The Enron and WorldCom scandals a dozen years ago not only showed what weak corporate governance and compliance practices could lead to, but also helped usher in a new age of regulation and laws like the sweeping Sarbanes-Oxley Act. In addition to Sarbanes’ emphasis on corporate governance, the Federal Sentencing Guidelines were amended shortly thereafter to reward companies implementing compliance programs by protecting them from criminal liability in the first place, or at least entitling them to a reduction in sentence if they were found criminally liable. Among other changes, these amendments set forth critical elements that an effective compliance program should have in order for a company to be eligible for sentence reduction, such as a significant ethics component and a heightened role of senior management in operating and overseeing the compliance program.
More recent factors that pushed compliance into the spotlight include the Bernie Madoff and Mark Stanford Ponzi schemes that rocked the securities world. James Fanto, a specialist in publicly-held companies and broker-dealer compliance as well as a professor at Brooklyn Law School, noted that “there was a massive breakdown in compliance in the Madoff firm—a breakdown that was particularly highlighted by the obvious failing of compliance officers who were all Madoff family members.” The regulatory changes that followed, along with the Dodd-Frank Act and a record level of Foreign Corrupt Practices Act actions (and related fines or settlements), also put compliance programs front and center. Sometimes the very nature of the industry, like the highly-regulated healthcare and finance sectors, has helped elevate the role of chief compliance officer.
In fact, the experience of the healthcare and the financial industries in particular has helped compliance officers across the board carve out their own territory from general counsel, separate from and often equal to their legal department counterparts. As federal authorities observed in the record-setting 2009 corporate integrity agreement and $2.3 billion settlement reached with pharmaceutical giant Pfizer, “The lawyers tell you whether you can do something, and compliance tells you whether you should. We think upper management should hear both arguments.”
That’s a view that’s long been the mantra at Dallas-based Tenet Healthcare. As Chief Compliance Officer and Vanderbilt Law grad Vanessa Benavides puts it, “At Tenet, we look at issues through two lenses: what is legally required, and what decision upholds the core values of the company?” While it may have taken the weight of government to mandate the separation of the GC and the CCO for some healthcare leaders, four of the biggest players in the banking/financial services field have now separated and promoted their CCOs after years of keeping them under the direct authority of the general counsel: JP Morgan Chase, Goldman Sachs, Barclays, and HSBC. UK banking giant HSBC, in particular, elevated its CCO to the elite ranks of its top executives following a $1.92 billion settlement of money-laundering charges with the U.S. Department of Justice. No less a figure than Tom Rollauer of Deloitte and Touche has pronounced the CCO “an official member of the C-suite.”
While a large percentage of CCOs are lawyers, today’s compliance officers bring a broad array of skill sets to the boardroom, no doubt due to the evolving responsibilities of the job. Specialty backgrounds in training, communications, and audit are not uncommon, as CCOs find themselves dealing not only with the impact of new laws, but with data privacy issues, IT failures, and crisis management as well. The compliance field has witnessed a rise in the number of consulting and membership organizations—like the Society of Corporate Compliance and Ethics and the Health Care Compliance Association—that offer training, professional certifications, and platforms for the discussion and exchange of compliance best practices. North Texas is host to the Health Care Compliance Exchange, a group of chief compliance officers from the area’s healthcare leaders like Tenet, who meet quarterly to share information and discuss best practices. Todd Hartman, CCO and associate general counsel for Best Buy, explains that the post of CCO is “evolving into an expanded function to the point where it touches upon other roles in the enterprise that were previously distinct, such as those of the corporate secretary and general counsel. It’s also playing a bigger role in managing legal risk in the enterprise.”
As the CCO’s responsibilities have broadened for preventing and detecting misconduct while navigating an ever-shifting regulatory landscape, inevitable tensions have arisen over whether a GC can simultaneously wear the CCO hat, or whether the CCO reporting authority should run through the legal department. In January 2013, the Society of Corporate Compliance and Ethics surveyed 800 compliance and ethics professionals about both of these hot-button issues. Not surprisingly, 80 percent responded that the CCO should not report to the general counsel, and 88 percent felt that the GC also should not try to serve as the chief compliance officer. Some of the respondents’ comments shed light on the reasoning behind a “separate but equal” status for CCOs, with one recurring concern being the need for an information flow that wouldn’t be subject to interruption, spin control, or the fear of speaking harsh truth to the CEO or the board of directors. As Tenet’s Benavides explains, “An independent CCO provides a comprehensive view, and ensures processes and safeguards across the board.” The dangers of a compliance-reporting-to-legal structure can be seen in the Wal-Mart Mexican bribery scandal that made headlines in 2012. According to a New York Times investigative report on that case, the general counsel allegedly helped to silence an internal investigation of the bribery by referring it to the local counsel who purportedly approved the payoffs in the first place.
Being the person charged with making a corporation “do the right thing” is no easy task, particularly in an age of increasingly complex regulatory environments and global views that require taking into account the laws of multiple countries. (It’s hardly surprising that in one 2012 survey, 60 percent of chief compliance officers admitted to considering leaving their jobs entirely.) But as the laws regulating corporate conduct become more strict, and as the costs of non-compliance rise, giving chief compliance officers an equal and independent voice in the boardroom has become more important than ever.