I’ve watched for several years now the supposed controversy regarding the requirement of separating the general counsel and chief compliance officer roles. The arguments against combining the roles have ranged from a single individual simply not having enough time to devote to both roles to there being an inherent conflict between the roles. I say “faux” and “supposed” when describing the conversations because these discussions usually miss the point they should be focused on: How do you create and manage an effective ethics and compliance program for your organization?
Requirement or Best Practice?
I’ve noted with interest that several commentators disingenuously hold the dual role up as a requirement to avoid a laundry-list of horrible outcomes.
Others have indicated that having a CCO report to the general counsel (or, presumably having that person be one and the same) results in a company not having an effective ethics and compliance program, as provided in the U.S. Sentencing Commission Guidelines.
To be clear, the Sentencing Commission did indicate that to qualify for less culpability and receive more favorable treatment, your compliance program needs to satisfy certain criteria. To paraphrase, the Commission Guidelines require that an organization,
“…shall have specific individuals with operational responsibility for the compliance and ethics program that shall report periodically to ‘high-level’ personnel and shall be given adequate resources, appropriate authority and direct access to the governing authority or appropriate subgroup.”
This best practice is used to evaluate compliance efforts when prosecutors decide to charge or prosecute a matter, determine fines or other remedies and recommendations for sentencing. It is not an insubstantial matter to be found compliant. But nothing in that requirement speaks to having a singular or dual role managing your ethics and compliance program. To suggest otherwise is very misleading.
Will having compliance functions performed by the general counsel ensure that your program is not effective or compliant? Will having the functions performed by two, separate individuals ensure that your programs are effective and compliant?
Industry Statistics on the Role
If the answer to either of the questions immediately above is “yes,” then clearly a significant percentage of the companies that report such things are getting it wrong.
According to PricewaterhouseCoopers’ State of Compliance Survey 2014, 69 percent of U.S. companies have a CCO. Fifty-four percent of the respondents said their CCO “wears multiple hats”—most often that person is also the general counsel.
The list of Fortune 500 companies that have dual role GC and CCOs is extensive, including one of the world’s largest software companies, a leading foodservice distributor, a leading global beauty company and a global pharmaceutical and healthcare IT company.
Clearly all these companies care passionately about ensuring that they have effective ethics and compliance programs.
So how do you decide the “right way” to structure your compliance leadership?
The One Right Way is the Best Way for Your Organization
Ultimately, whether the compliance function is led by one or two executives, or by a compliance committee that involves multiple stakeholders across an organization is a moot point. The best approach is whatever works best within the structure of your organization. The GC or CCO isn't inherently better or worse at leading a compliance program—although I’ve seen arguments that a GC is more concerned with the “letter of the law” and the CCO is more concerned with the “spirit of the law.” I think that is one of the more ridiculous assertions.
No matter which executive is at the helm, the focus of a strong program must be on promoting and encouraging an ethical and legally compliant organization. A company has to create a culture where every single employee is a compliance regulator, understanding what is permitted and not permitted, and holding themselves and others to that standard.
Once a company has developed that level of integrity and compliance, the titles of the people who helped get it there don’t—and shouldn't—matter.