Five Essentials of a Chief Compliance Officer Position

Five Essentials of a Chief Compliance Officer Position

Most of Shakespeare's histories involve issues relating to kingship and how a king might reign. In some of the plays, such as Henry V, the example is of a positive nature. In others, such as Richard III, you may need to draw from the inverse to see how one should decidedly not govern. The tragedies tend to emphasize a tragic flaw which brings down someone who is not necessarily a king, such as Hamlet or Coriolanus.

What are some of the characteristics of the position of a Chief Compliance Officer (CCO) for a company subject to the Foreign Corrupt Practices Act (FCPA), UK Bribery Act or other international anti-bribery and anti-corruption laws? That question was recently explored in an article in the Society of Corporate Compliance and Ethics (SCCE) bi-monthly magazine, Compliance & Ethics Professional, in an article entitled "Five essential features of the Chief Ethics and Compliance Officer position", by author Donna Boehme. She believes that while all CCO positions should be "fit-for-purpose" there are five essential features which are consistent to all such positions. They are as follows:

1.      Independence

It is incumbent that any CCO must have "sufficient authority and independence to oversee the integrity of the compliance program." Some indicia of independence would include a reporting line to the company's Board of Directors and Audit/Compliance Committee but more importantly "unfiltered" access to the Board. There should also be protection of employment including an employment contract with a "nondiscretionary escalation clause" and a requirement for Board approval for any change in the terms and conditions of employment, including termination. There must also be sufficient resources in the form of an independent budget and adequate staff to manage the overall compliance program.

2.      Empowerment

Boehme believes that a CCO must have "the appropriate unambiguous mandate, delegation of authority, senior-level positioning, and empowerment to carry out his/her duties. Such can be accomplished through a "board resolution and a compliance charter, adopted by the board." Additionally the CCO job description should be another manner in which to clarify the CCO "mandate, and at a minimum should encompass the single point accountability to develop, implement and oversee an effective compliance program." All of the above should lead in practice to a "close working relationship with an independent board committee."

3.      Seat at the Table

Boehme believes that the CCO must "have formal and informal connections into the business and functions of the organization - a seat at the table at important meetings where all major business matters (e.g., risk, major transactions, business plans) are discussed and decided." She argues that, at a minimum, the CCO should participate in "budget reviews, strategic planning meetings, disclosure committee meetings, operational reviews, and risk and crisis management meetings."

4.      Line of Sight

Here the author urges that the CCO should have "unfettered access to relevant information to be able to form independent opinions and manage the [compliance] program effectively." This does not mean that the CCO should have veto power over functions such as safety or environmental or that such functions must report to the CCO, but unless there is visibility to the CCO for these risk areas, the CCO will not able to adequately assess and manage such risks from the compliance perspective. The correct structuring of the CCO role to allow it visibility into these areas will help the CCO coordinate compliance convergence training.

5.      Resources

It is absolutely mandatory that the CCO be given both the physical resources in terms of personnel and monetary resources to "get the job done." I have worked at places where the CCO had neither and the CCOs did not succeed because they never even had the chance to do so. Boehme focuses on both types of resources. Under monetary resources she points, as an indicia, to the independence of the CCO from the General Counsel (GC), "rather than a shared budget". This can also bleed over to 'headcount' and shared or dotted line reporting resources. There should be independent resources reporting into the compliance function.

Unlike Shakespeare's histories or tragedies, the author gives you her opinion on what the role of the CCO should consist of in today's compliance arena. Boehme's article is an excellent guide for the CCO or Compliance Professional to use in reviewing the situation in his or her company. Her five essential features are based on the Department of Justice's (DOJ) thinking on the issue in the form of the US Sentencing Guidelines, FCPA enforcement actions and evolving best practices. If your company is not following these it may well not be deemed to have a commitment to compliance or meet the minimum best practices standards.

 Visit the FCPA Compliance and Ethics Blog, hosted by Thomas Fox, for more commentary on FCPA compliance, indemnities and other forms of risk management for a worldwide energy practice, tax issues faced by multi-national US companies, insurance coverage issues and protection of trade secrets.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

For more information about LexisNexis products and solutions connect with us through our corporate site.