There’s a new question on the compliance scene that is quickly gaining traction—and you’ll likely hear a lot more about it before the dust settles. Can and should the same person within an organization hold the title of General Counsel and Chief Compliance Officer? What is a CCO? And on a broader level, should compliance be seated within the legal department or be a standalone function?
It’s not uncommon for these separate responsibilities to be shared by the same person. According to the most recent PwC State of Compliance Survey, the general counsel functions as the “de facto CCO” at 48% of companies that do not have a dedicated CCO (even though they may have a Director of Compliance). The study also noted that while 26% of CCOs report to the CEO, “in many cases, CCOs who report to the CEO are dual hatted; that is, they’re both general counsel and CCO.”
The reason this fairly well-established practice is now coming under the magnifying glass is two fold, in my opinion. First, compliance (while still a relatively young field) is coming into its own and starting to establish its importance in relation to business health and objectives. And second, people are beginning to question how two roles with fundamentally different objectives can successfully and effectively co-exist within the same person.
“It’s not hard to see the natural tension that this model presents, because the need to protect the business is balanced against the need for compliance transparency” – PwC State of Compliance 2015
While both roles ultimately protect the business, the general counsel is dedicated to maintaining business health and momentum. If this doesn’t jive with abiding by legal mandates and regulations you can see where the conflict arises. A chief compliance officer wants the company to stay compliant to protect reputation and avoid penalties and suits, but at the end of the day the CCO’s responsibility is to the laws and regulations that need to be followed. (This has become more apparent as CCOs are beginning to be held personally liable for weak programs or compliance misconduct.) If a GC isn’t comfortable standing up to the executive staff or board of directors and declaring that changes must be made—even if those changes are costly or will effect the business—they’ll have a difficult time truly and effectively fulfilling the role of the chief compliance officer.
Tom Fox recently recapped Donna Boehme’s “five essential features of the Chief Ethics and Compliance Officer position” (which originally appeared as an article in Compliance & Ethics Professional in 2012). While the article as written three years ago, the five features Donna, a well-known name in the compliance space, outlined still hold water today.
- Seat at the Table
- Line of Sight
These five features that are essential to a successful CCO should be kept top of mind when trying to decide if someone who holds the general counsel position can also act as the chief compliance officer. While a dual-hatter may have all these features in their role as general counsel, they need to meet the same five criteria separately as the head of compliance, even when you take the GC tag out of the picture. For what it’s worth, Donna seems to be in favor of separate functions with autonomy. When you read more about her thoughts behind the five features it becomes clear that meeting those standards would be extremely difficult if someone was straddling the line between GC and compliance.
But as with all great discussions, the other side of the argument also has support.
In the current state of organizations, GCs still tend to have more power and voice when it comes to contributing to strategic business decisions, which can lend power to the compliance program. The 2015 Ethics and Compliance Effectiveness Report from LRN noted that roughly half of the 29% of respondents with CCOs reporting directly to the CEO are actually dual-hatter CCO/GCs. “These two-hatted stalwarts run programs significantly more effective than those of their one-capped colleagues,” the report stated. LRN believes this increased effectiveness is likely tied to the pre-existing relationships General Counsels tend to have with other C-level executives.
“Our hypothesis, one clearly borne out by the data, is that generally speaking, the dedicated CECO [Chief Ethics & Compliance Officer] today has neither the corporate stature nor the internal relationships associated with the GC.” – LRN 2015 Ethics and Compliance Effectiveness Report.
Because of the increased success experienced by dual-hatted GC/CCOs, some think the rush to completely and definitively split the roles might be a little premature. Jeff Kaplan chimed in on this topic recently on the Conflicts of Interest Blog (after all, the argument is whether being a company’s general counsel and chief compliance officer is inherently a conflict of interest). Jeff erred on the side of deciding what’s best for each individual organization.
“Senator Charles Grassley’s famously [said]: “It doesn’t take a pig farmer from Iowa to smell the stench of conflict in that arrangement.” But based on my experience with hundreds of companies’ C&E programs, the Senator’s sweeping proclamation doesn’t hold up for all organizations. While there are indeed certain situations where the CECO should be independent of the GC – e.g., the company is in an industry where the government has voiced a preference for such reporting structures – plenty of times the opposite is true and the principal effect of being “independent” is being powerless.” – Conflicts of Interest Blog
Jeff’s argument is, in essence, that in some cases the compliance department currently doesn’t have the amount of buy-in or support that legal does and separating the two functions could chop compliance off at the knees, making their job even harder and ultimately less effective. (The blog also takes a deeper look at LRN’s dual-hat findings and is definitely worth a read.)
In a Corporate Compliance Insights article on whether or not compliance should be completely separated from the legal function, Rebecca Walker (Jeff’s partner at Kaplan & Walker) also supported the idea that rather than a blanket approach, the individual company’s goals should be taken into account. Before deciding if the General Counsel can also act as the CCO, the company’s compliance goals and the purpose of the compliance function within the organization should be revisited, Rebecca said. She also notes that hastily and unnecessarily separating compliance and legal could have more negative affects than the benefits driven by ending a potential conflict of interest.
“Whether combining E&C and Legal creates a “conflict” because of E&C’s role in serving as a check on the business and other functions is a more nuanced question than some commentators indicate. In considering this question, it is important to consider whether the Legal Department is a foreseeable source of risk to the Company (and hence would benefit from the “checks” that could be performed by a separate department). It is also important to consider whether E&C’s ability to serve as a check on the business and other functions would be diminished by separating E&C from Legal.” – Rebecca Walker, Corporate Compliance Insights.
It certainly is a nuanced question and clearly there are several camps of thought about the best plan of action.
This isn’t a topic that I or The Compliance Report can lay out best practices for, because frankly, there is not a best practice standard yet. It is a question that legal experts, federal enforcement agencies, compliance and legal professionals, companies and boards of directors are going to have to continue discussing and debating to determine what is ultimately best for organizations and the profession of compliance.
What are your thoughts on this topic? How is your company approaching legal and compliance, and do you feel it’s working successfully?