There is an ongoing debate in the compliance world about
whether a company can or should combine or separate the role of the Chief
Compliance Officer (CCO) from that of the General Counsel (GC). However, before
a company can answer this question, it must meet No. 6 of the Department of
Justice's (DOJ) minimum best practices requirement for a Foreign Corrupt
Practices Act (FCPA) based compliance program. Requirement No. 6 reads:
The company will assign responsibility to one
or more senior corporate executives for the implementation and oversight of the
company's anti-corruption policies, standards, and procedures. Such corporate
official(s) shall have direct reporting obligations to independent monitoring
bodies, including internal audit, Company's Board of Directors, or any
appropriate committee of the Board of Directors, and shall have an adequate
level of autonomy from management as well as sufficient resources and authority
to maintain such autonomy.
This requirement clearly mandates that a company must
have one or more senior level executives to oversee the company's compliance
program. At the recent Ethisphere 2012 Global Ethics Summit this issue was
explored. Alan Yuspeh, Senior Vice President and Chief Compliance and Ethics
Officer for Hospital Corporation of America, said that he believed there were
three keys to the role of a company's head of compliance.
Yuspeh believes that whoever heads compliance at a
company must be included in the ranks of the company's senior management. This
is because when such a person speaks, they need to do so as a peer and not as a
subordinate, to company management. Senior management status is also important
when dealing with the Board of Directors.
Here Yuspeh spoke about a clear commitment from the top
management of the company to the position of the head of compliance. This is
more than simply the ubiquitous "Tone-at-the-Top" as it means a commitment to
the position of head of compliance; a commitment to funding and achieving the
goals of meeting a minimum best practices compliance program. This means
that top management cannot simply cut-off compliance at the knees every time it
makes an unpopular decision. Further, the money must be made available to hire
the necessary staff, travel and train employees, implement and help to perform
the requisite investigations of third parties. If such monies are not made
available, your company truly has a paper program.
The third element that Yuspeh mentioned was whoever heads
compliance must "constantly fight to keep compliance involved" in all
appropriate aspects of the company's business. This is more than compliance
simply having a seat at the table. The head of compliance must insure that the
compliance function is inculcated down into the DNA of the company. So, just as
a Chief Executive Officer (CEO) might ask what is the Legal Department's view
on a certain contract or issue facing the company, the head of a company's
Compliance function should also be thought of as a person who's group is a
"go-to" group within the company for advice.
Smaller companies may not have a Compliance function
within their organization but it is clear from the DOJ's minimum best
practices that there must be a person who heads that function within a
company. Yuspeh has laid out what he believes the practical guidelines are for
a head of compliance within an organization. His comments speak to the
requirements of the DOJ as laid out in requirement No. 6. Does the head of compliance
in your organization meet these criteria?
Visit the FCPA Compliance and Ethics Blog,
hosted by Thomas Fox, for more commentary on FCPA compliance, indemnities and
other forms of risk management for a worldwide energy practice, tax issues
faced by multi-national US companies, insurance coverage issues and protection
of trade secrets.
This publication contains general information
only and is based on the experiences and research of the author. The author is
not, by means of this publication, rendering business, legal advice, or other
professional advice or services. This publication is not a substitute for such
legal advice or services, nor should it be used as a basis for any decision or
action that may affect your business. Before making any decision or taking any
action that may affect your business, you should consult a qualified legal
advisor. The author, his affiliates, and related entities shall not be
responsible for any loss sustained by any person or entity that relies on this
publication. The Author gives his permission to link, post, distribute, or
reference this article for any lawful purpose, provided attribution is made to
the author. The author can be reached at email@example.com.
© Thomas R. Fox, 2012
For more information about LexisNexis
products and solutions connect with us through our corporate site.