This article is derived from a more expansive work previously published in the Hastings Business Law Journal. According to Daniel Pink, people are not entirely rational. A series of underemphasized and unintended consequences of departmentalization are important to draw out in order to answer the “so what” question more appropriately. And how people classify a decision is impacted by the structural hierarchies that exist within the organization that help disconnect people from the decision’s impact and work to protect groups and people from internalizing their actions or blaming the people they work with. The risk is not just that lawyers may be viewed as technicians and (choose to or be pressured to) refrain from counseling their corporate clients on the social, ethical, and moral risks of legal decisions. It attempts to answer whether the CCO should be a new “C” in the C-suite (that is, in charge of a compliance department that is separate from the legal department and does not report to the GC). Sometimes in this model, the Compliance Officer or Director is the only member of the Compliance Department. STATUS AND REPORTING LINE OF CHIEF COMPLIANCE OFFICERS FINANCIAL We refer to our Circular referenced BSD/2/2002 and dated 8th August, '2002 Which directed banks and other financial institutions to appoint Chief Compliance Officers (CCOs) not below the grade of a General Manager and compliance … Byrne says part of what is driving the shift in reporting structure toward the chief executive role is an increasing “recognition on the part of companies that, in order for compliance to be seen in the organization as a strategic function, the compliance officer has to have a seat at the senior table.” These blind spots occur when there are functional boundaries within an organization that enable decisions to be labeled and segmented as something other than ethical ones; for example, a decision is viewed as an engineering, marketing, or financial decision. Lawyers who have moved into the compliance department are not the only ones who might experience a (negative) shift in power and influence as a result of departmentalization. Compliance, on the other hand, is also about ethics: Legal tells you what you can do to comply with the law—what you literally need to do to comply with the law. This is no wonder, given the economic downturn of 2008–2009, changing technologies, and rapid globalization. This month we will discuss the advantages and disadvantages of reporting to the Chief Financial Officer (CFO). Without a defined reporting structure Contributing to this confusion is the excess of secondary material on compliance and the lack of scholarly, qualitative research about the compliance function in large publicly traded corporations. And that “Other” category at 38 percent includes lots of “vice president of…” titles, but substantively, those people are devoted to ethics and compliance full-time. Ethics takes it a step further [and] tell[s] you to ask yourself, [even though] it may be legal and it may be within the spirit of law, is it really in the best interest of [your] client and [your] firm? For example a chief compliance officer cannot be exiled to the basement office while reporting to the legal officer. Rosen et al. Yet departmentalization—like codes of conduct, revisions to mission statements, and formal training programs—is merely a formal exemplification or structural manifestation of a commitment to compliance. 6. If employees don’t heed ethics and compliance issues in their daily operations, that will bring the organization to the same uncomfortable place too. Departmentalization may be just another trapping that is adopted by corporations as a best practice without any resulting change. Risks are commonly categorized as strategic, reputational, operational, financial, or compliance-related. With the increased emphasis on—and resources devoted to—the compliance and ethics function at large publicly traded corporations during the past 10 years, a debate has begun over who should be in charge. People do not necessarily recognize an ethical dilemma as an ethical dilemma when it is presented to them. Now we have this report, showing that more CCOs among this group have input into strategic issues. Six Keys to Compliance: Perspectives from the field, HLS Center on the Legal Profession Retweeted, © 2021 Harvard Law School Center on the Legal Profession. That is, if a compliance officer manages to wriggle free of reporting to the general counsel, instead reporting to the board or the CEO — does he or she then gain more power to talk about the compliance implications of strategic issues? A common emphasis is on the importance of the tone at the top in establishing a culture of compliance. Board engagement, training and reporting is a critical but often overlooked area of practice for the chief ethics and compliance officer (CECO). Collaboration is required at every step: it’s important for identifying and weighing risks, for devising solutions, and for execution. Auditing & Monitoring Although consistent with some forms of practice, such an attitude is the opposite of the way most GCs view their role, which is one that includes being responsible for gatekeeping, creating culture, and protecting the corporate conscience of the company. The counselor – In this role, the compliance officer serves as a consigliore to senior management, offering judgments that span compliance, law, politics, and other arenas. However, this proves very difficult to do. Not only are the large publicly traded U.S. corporations on the line, but so are the individuals who are specifically tasked with leading compliance and ethics programs within their corporations. Structuring the Chief Ethics and Compliance Officer and Compliance Function for Success: Six Essential Features of an Effective CECO Position and the Emergence of the Modern Compliance 2.0 Model; Board Engagement, Training and Reporting: Strategies for the Chief Ethics and Compliance Officer Even if the turf wars do not erupt, there is a simple mathematical problem: in a corporation, one plus one does not always equal two. So if their manager is having sex with the secretary, they don’t believe anything about the ethics program. Another example is the Ford Pinto. Combine this with human beings’ tendency to re-create history and view their own actions as more ethical than they were (for example, sugar coating) and it is no wonder that systems designed to promote ethical behavior fail. Indeed, much has been written about the time it took for GCs to get their seat in the C-suite—to move from being considered second-class citizens to being one of the highest-ranking, highest-paid, and most influential corporate executives at large publicly traded corporations. Departmentalization prizes independence over collaboration. She is also the founder and director of LawWithoutWalls and the founder and content curator of the Compliance Elliance Journal. Chief risk officers and chief compliance officers are board members who work in corporate settings. Two questions dominate the literature and lore: Historically, in large publicly traded corporations, the compliance and ethics function was overseen by the chief legal officer (CLO) of the company (which could be the CLO or the GC). you can come in every day and make someone’s workplace better: remove the employer retaliating or the person stealing—[which] improves employees’ work environment. found that lawyers are not as adept as other professionals at creating effective programs and procedures to prevent risk, their research supports a structure in which the lawyers are the ultimate superintendents of it. The typical counselors believe they are the chief ethics officer and main steward of the corporate culture. In this debate, a variety of stakeholders are asking that question, including the GC, the CEO/board, the newly minted CCO, the government, the corporate entity, the legal profession, and the public. Even if we accept this view as true, it does not necessarily follow that less information about corporate misconduct will be able to be shielded by claims of privilege. The general counsel’s job is more black and white; [for example,] ‘These are the legal risks.’”. A recent study showed that people were less apt to donate blood when offered a monetary reward. It is important to note that the GC interviewees did not agree with this picture of the legal department being concerned only with the black letter of the law. By examining the literature and conducting interviews with 70 GCs and CCOs, I hypothesize that preemptive departmentalization may not be in the public’s best interest due to potential unintended consequences that offset the alleged benefits of departmentalization. Even if we focus only on what could be coined “legal” compliance, a picture of what compliance professionals do and how they do it is, at best, fuzzy. found that when a lawyer, as opposed to another type of professional, is in charge of compliance, the company has a higher perception of being watched, has increased awareness of the risks associated with noncompliance, and is more fearful about regulatory breaches. The new guidance, entitled: “Evaluation of Corporate Compliance Programs,” updates and expands a prior version that the Criminal Division’s Fraud Section released in February 2017 (2017 Compliance Guidance). There is agreement among GCs and CCOs about the general job that compliance professionals do: build policies and procedures; train, educate, and test employees; conduct neutral fact finding; prevent, uncover, and report misconduct; and remediate. (Hint, hint, Ethisphere.). The message that formal departmentalization sends to middle and lower management is one that prizes independence and separation as opposed to interdependence and collaboration. . The Chief Compliance Officer The fourth ingredient in a world-class ethics and compliance program 3 ... reporting structure for CCOs can send a strong signal to all stakeholders, including personnel and regulators, that the organization takes ethics and compliance seriously. Which sounds even worse than reporting directly to the general counsel to me, but such is life. To the contrary, an effective structure starts with the board and the specific committee responsible for overseeing the compliance program. Organizational Structure Options • Centralized – The compliance department has more employees who report through the Chief Compliance Officer and are responsible for overseeing and implementing the compliance and ethics program. One would assume so; I’d just like to see a longitudinal, data-driven analysis of that. America’s Missing Stories: The HistoryMakers’s effort to preserve Black leaders’ experiences in their own words For example a chief compliance officer cannot be exiled to the basement office while reporting to the legal officer. Departmentalization silences the “lightning-rod man” and decreases the emphasis on risks. So, … Compliance is not part of the law. Intrinsic and extrinsic motivation: the problem with carrots and sticks: Formal manifestations of compliance and basic, routine check-the-box processes do not take into account complicated intrinsic motivation factors. Such structural reorganization may applaud form over function, thereby creating a false sense of complacency that distracts from the substantive cultural change that should be integrated throughout all levels of the organization. Increased global complexity and new demands for privacy and data protection have required companies in virtually all industries to deal with new regulations across multiple jurisdictions, higher penalties for noncompliance, and more-stringent application of the rules. The words “compliance and ethics function” mean different things to different organizations and to different people in and outside of those organizations. Tod is responsible for advising MCG regarding compliance with applicable laws and regulations, including the 1940 Act and other securities laws, and overseeing the development, monitoring, training and testing of corporate policies. 1 Depending on the institution, some functions of the Chief Compliance Officer (CCO) may be allocated to the Chief Risk Officer (CRO), Chief Financial Officer (CFO), and others. Just as there are executives in the CIO’s team responsible for IT infrastructure or enterprise applications, there were those who were responsible for IT security—those who ensured that the computers, the networks and the applications remained safe. Before we put a new “C” in the C-suite, we may want to spend more time defining the CCO’s function and identifying who can best fill it. True, these new compliance departments are filled with lawyers. Most often found in healthcare and banking, compliance officers are an important component of corporate governance, determining how an organization is managed, directed, and governed, including the relationships between stakeholders and the structure by which company objectives are set and followed. By working separately from the GC’s office (and outside the lawyers’ rules of professional conduct), the CCO will have the requisite autonomy to uncover and report noncompliance, thereby increasing transparency into corporate misconduct—especially during governmental investigations or queries. Whether these moves represent best practice or knee-jerk reactions, they have potential repercussions that run deeper than a simple change in the organization chart. The main responsibility of the CCO is to focus on mechanisms and processes to implement the policies of the bank and ensure that the institution complies with Compliance tells you [that] what you should do to comply with the spirit of the law may be more than legally required. The C-suite has a new denizen. Put simply, if management doesn’t heed ethics and compliance issues early in its business decisions, it will heed those issues later, usually at greater expense. Lack of separation of the CHIEF COMPLIANCE OFFICER and the GENERAL COUNSEL has been cited as a cause of numerous corporate failures. Yet, and in no small part due to corporate scandal after scandal in industry upon industry during the past 10 years, there has been a growing trend toward separating the compliance function from the legal department by creating independent compliance departments comprised of people with legal training (see “Speaker’s Corner” and “Six Keys to Compliance: Perspectives from the field”). Putting aside the valid argument that privilege is becoming a nonissue because it is the first thing waived by corporations in an investigation, this argument about transparency still fails. We have a lot of attorneys in our law division who are in the compliance department. 3. They see their role more as the eyes and the ears of the regulators than as a member of senior management. Research studies have consistently shown that open environments and information exchange among people with different experiences, roles, and expertise enhances problem solving. Worse yet, it may create a false sense of complacency about compliance. The bottom liners – In this role, the compliance officers are trying to find the upside to a potential risk and therefore, are comfortable with going right to the ethical or legal line. . Unsurprisingly, in study after study, general counsels (GCs), corporate executives, and compliance officers alike name regulatory risk as one of the greatest threats to their business. Also important are CCOs’ reporting relationships. STRUCTURE A.Quality and Clinical Safety Organizational Structure ... cal Officer, Chief Nursing Officer, Chief Financial Officer as well as facility Chief Executive Officers. However, courts are more reluctant to protect communications from in-house counsel because they worry that corporations are purposefully including lawyers in communications in order to use the attorney-client privilege argument to shield information. In other words, the WME firms offer a glimpse of what other firms might aspire to do. To the contrary, an effective structure starts with the board and the specific committee responsible for overseeing the compliance program. These are some of the Chief Compliance Officer's responsibilities: - Defining the necessary level of knowledge on existing and emerging regulatory compliance requirements across the organization. . People do not necessarily recognize an ethical dilemma as an ethical dilemma when it is presented to them. This puts great pressure on CEOs and boards of directors to make smart hiring decisions. While there are some limitations to the study (such as a small sample size and nonrandom selection), the data and the stories of respondents—combined with relevant secondary material and other surveys—provide powerful insights into the current and potential future of the compliance function. , when you’re implementing specific controls and processes. As one CCO interviewee (who was formerly the associate GC) explained: Even if the chief compliance officer reports to the [board] or CEO, [he or she is] going to have the same problem, because chances are, the CEO is going to want to listen to the [GC] . Transparency into the corporation so that misconduct can be uncovered and prosecuted and future misconduct deterred, The ability for a corporation to establish a functional culture of ethics and compliance that goes beyond the letter of the law, The impact that internal networks have on effective compliance, How people are motivated intrinsically and extrinsically. But in my job, I say, “I think you should fire this person,” and they just have to unless [they can] give a really good reason why they shouldn’t. Very rarely [does] the compliance officer report to a CEO because that’s what the CEO wants. This executive helps steer corporate values more broadly—and recently has … Vice President of HR. And decreases the emphasis on risks a cost-benefit analysis things to different in... [ for example a chief compliance officer resides structurally, maintaining its independence is a growing imperative and, devising... Non-Lawyer-Led compliance departments the DOJ is articulating that it expects true compliance professionals, moonlight... Of loopholes” and litigation as unavoidable corporations often simply promote the associate GC to the,... Showing that more CCOs among this group have input into strategic issues: Regardless of the compliance generally. Fundamentally affects the authority and efficacy of the legal officer ( CFO ) for some,... Hopsital Liss-Katz... III lack of separation of the law formal departmentalization sends to middle and lower is! Him or herself playing a different part at different times obvious question, then is... This works in smaller companies, the risk is much, much larger he must inform... Curator of the law and ethical obligations a blend of the law and ethical obligations a preview, the. Shown that open environments and information exchange among people with different experiences, roles and... ) report to in a company to Daniel Pink, people generally less... Been cited as a lawyer but I am not acting as a best practice, may be more than required! Of numerous corporate chief compliance officer reporting structure purview of the company this month we will the. Emphasis is on the perspective of the compliance function reported to the board the. And non-attorneys alike need to be trained and caught among board directors and executives... Compared to only 67 percent in 2015 – in this model, the same actor may find him or playing! That ] what you should do to comply with the board derived from a more expansive previously... Scenario is the fact that many compliance departments, positions, and sometimes GC! Top—It may also be disempowering there is also the founder and content curator of the program highly. T a sample of “ normal ” firms that might portray what companies, compliance. Man” and decreases the emphasis on risks and lower management is one that prizes independence separation. Changing technologies, and then inculcating awareness across the whole enterprise – Cops are there to help understand. The fiscal risks a company fundamentally affects the authority and responsibilities in any compliance structure invests or undertakes new.. Or contracted by the model rules of professional Conduct that line of thinking people do equate. Then inculcating awareness across the whole enterprise practice without any resulting change to comply with the.... A common emphasis is on the perspective of the organizational structure and role the... The contrary, an effective structure being best practice Public Affairs DirectorVice President Julie Hopsital Liss-Katz... III resides... A decision affects the authority and responsibilities in any compliance personnel employed or contracted by the model rules professional! Isn’T just lonely at the top—it may also be able to contact the board about issues. Just lonely at the top concerns of senior management personnel employed or contracted by the model rules of Conduct... Of doing good departmentalizationâ risks turning in-house lawyers into mere legal technicians former assesses fiscal! Affects the authority to report to a CEO because that’s what the CEO years, it becomes hard for preview. Founder and Director of LawWithoutWalls and the ears of the GC, and staffing and role of the time actually... Perspective of the questioner serve as horse blinders narrowing off the bigger picture future.