Chief Compliance Officer v. General Counsel – Should They Be Separate?

people colorful picture

By: Jonathan T. Marks, CPA, CFF, CFE

Background

Lack of separation of the CHIEF COMPLIANCE OFFICER and the GENERAL COUNSEL has been cited as a cause of numerous corporate failures.  In fact, separation is now the norm in Health Care organizations.  In spite of numerous recommendations to separate the two functions, there is general agreement that the roles are closely related and frequent collaboration is required.

The issues relating to separation of the CHIEF COMPLIANCE OFFICER and the GENERAL COUNSEL are most often discussed in terms of the differences in their roles (below).

gettyimages-512331310-170667a

Role of Chief Compliance Officer v. General Counsel

GENERAL COUNSEL

  • Defends Client
  • Gives Legal Advice on how to comply, maintain business objectives, but
  • Represents client “zealously”
  • Defines Standards

CHIEF COMPLIANCE OFFICER

  • Finds, Fixes and Prevents Future Problems
  • Protects Whistleblowers (so others may come forward)
  • Management Function
  • Incorporates legal considerations
  • Influences processes
  • Translates legal advice into Management Action
  • Preventative
  • Implements and Monitors Processes ensuring Standards are met
    • Code of conduct
    • Ethics training and compliance
  • May also have an Internal Audit Role
  • Requires:
    • Senior-level position
    • Access to Management
    • Access to Board
    • Sufficient Budget

The potential conflict in their roles are often described as follows:

gettyimages-1129162381-170667a

Conflicting Obligations

  • Privilege – CHIEF COMPLIANCE OFFICER may be more in touch with employees and may be more likely to receive information. The privilege could be an issue if the GENERAL COUNSEL is not involved.
  • Material Violations – SEC companies are required to escalate certain material violations to the Chief Legal Officer.
  • Defensive Role of the GENERAL COUNSEL may squash the transparency required to design a preventative compliance program if the reporting relationship is not independent

Generally, the SEC and DOJ are less rigid in their requirements regarding the CHIEF COMPLIANCE OFFICER’s reporting relationships, while HHS more committed to separating the CHIEF COMPLIANCE OFFICER from the GENERAL COUNSEL.

  • OIG and US Sentencing Guidelines for Organizations
    • Clarify the role of CCO in:
      • Operating the Compliance program
      • Reporting to the Board
    • OIG Compliance Program Guidance (CPG) in 1998 (Supplemented 2005)
      • Convinced Health Care organizations they should be separate
  • ABA Task Force on Corporate Responsibility
    • Did not address the separate role of CCO
    • Sarbanes-Oxley states the GC is responsible for legal compliance1
  • Role of Compliance v. OGC
    •  OCG
      • Defends Client
      • Gives legal advice on how to comply, maintain business objectives, but
      • Represents client “zealously”
      • Defines Standards
    • CCO
      • Finds, Fixes and Prevents Future Problems
      • Protects Whistleblowers (so others may come forward)
      • Management Function
      • Incorporates legal considerations
      • Influences processes
      • Translates legal advice into Management Action
      • Preventative
      • Implements and Monitors Processes assuring Standards are met
        • Code of conduct
        • Ethics training and compliance
      • May also have an Internal Audit Role
      • Requires
        • Senior-level position
        • Access to Management
        • Access to Board
        • Sufficient Budget2
  • Models
    • CCO and OGC Combined – Survey: 15% are combined3
      • Unique issues
        • Is there a process whereby GC recuses him/herself?
        • Are there Board initiated Third-Party Compliance assessments?
        • Is there a process authorizing Board to retain Outside Counsel?
      • Benefits:
        • Efficiency
        • Privilege
      • Downside
        • Regulators can view GC as a shield to limit info (especially Healthcare) 4
    • CCO Reports to OGC – Survey: 21% of CCOs report to the GC5
      • Considerations OIG and AHLA (Am. Health Lawyers Assn) recommend:
        • Alternative reporting mechanisms
        • Someone other than GC authorizes compliance investigations (including hiring outside counsel)
        • Periodic Direct Reports from CCO to the Board
        • 36% report to OGC, up 5% from 20156 (note, this percentage is from a different source than the others quoted herein; it is unclear if it includes CCO reporting to OGC alone or in addition to where CCO is combined with OGC)
          • Benefits
            • Efficiency
            • With added reporting lines of independence, this can work for some organizations
              • Requiring Board Approval for CCO to be fired
          •  Downside
            • Without these measures (above), open to criticism
            • Confusion – Compliance goals may be at odds with legal objectives leading to confusion. For example, when issues arise:
              • GC is obligated to protect the organization
              • CCO is obligated to identify the issue, and implement preventative procedures
              • Attorney-Client Privilege issues – GC acting in both roles must distinguish between legal advice and business advice.7
                • Senior management should “be ready to defend a decision to preserve the CCO in a subordinate position to the GC.”8
    • CCO Independent from OGC – Survey: 59% stand-alone, 57% report to CEO or Board9
        •  Considerations
          • Have GC involved in core compliance processes
            • Risk assessments
            • Policy Development
            • Internal Investigations
            • Devising remedial measures to address violations
          • Include GC in routine reviews of compliance matters (if not the subject)
          • Require consultation with the GC when hiring outside counsel and consultants10
          • Determine how OGC and CCO will resolve differences of opinion
          • Whistle-blowers have more incentive now to by-pass internal reporting and go directly to the SEC for cash rewards
          • Global banks have announced that they will go in this direction
            • Benefits
              • Improved upward (outward) reporting
              • Assures checks and balances i/r/o OGC
              • Even critics of the independent arrangement agree that “it has long been settled that the chief compliance officer, whether also the chief legal officer, should have a direct line of reporting to a board audit committee, which has substantive oversight.”11
              • Apparent preferred structure of SEC, HHS, DOJ and OIG12
                • OIG (non-binding) compliance program guidelines (HC)
                  • “not advisable for the compliance function bot be subordinate to the…general counsel”13
                  • CCO must be senior management
                  • CCO must report to the Board
                • DOJ – prefers separation as evidenced in:
                  • Federal Sentencing Guidelines
                  • Deferred Prosecution Agreements (DPAs)14
                  • CCO must be senior management
                  • CCO must report to the Board15
                • Apparent preferred structure in key areas Outside the United States:
                  • UK, Brazil and Spain16
              • Downside
                  • Costs
                  • Potential for overzealous, unchecked Compliance
                  • CCO may not be a lawyer because large organizations require CCO to be expert in business processes and training.17

gettyimages-1165968614-170667a

General Considerations

  • Conflicting Obligations
    • Privilege – CCO may be more in touch with employees and may be more likely to receive information. The privilege could be an issue if the OGC is not involved.
    • Material Violations – SEC companies are required to escalate certain material violations to the Chief Legal Officer.
  • Companies that have changed to Independent Model:
    • GM – After faulty ignition issue
    • Walmart
    • Pfizer (under a Corporate Integrity Agreement – CIA, by the OIG)
    • Global Banks
  • Other Relevant Cases
    • Caremark – final settlement against the organization was “huge” but Directors shared no liability because of a good faith effort to implement a compliance program (subsequently known as the Caremark test as a benchmark to determine if directors had satisfied their duty of care).18
  • Specific Form of the compliance program is a matter of business judgment.
  • Business judgment advice from the GC is not privileged

Closing Thoughts

How two roles with fundamentally different objectives successfully and effectively co-exist within the same person?  Before you answer, consider Donna Boehme’s five features (below) that are essential to a successful CCO.  Then decide if someone who holds the general counsel position can also act as the chief compliance officer.

  • Independence
  • Empowerment
  • Seat at the Table
  • Line of Sight
  • Resources

I welcome your thoughts and comments.

Best,

Jonathan Pic

Jonathan T. Marks, CPA, CFF, CFE


References

1 The Chief Compliance Officer vs the General Counsel:  Friend or Foe?, p. 2

2 Ibid, p. 4

3 Baker McKenzie “Independence Day – The Separate and Equal Compliance Department” – Global Comp, p. 4

4 The Chief Compliance Officer vs the General Counsel:  Friend or Foe?, p. 4

5 Baker McKenzie “Independence Day – The Separate and Equal Compliance Department” – Global Comp, p. 4

6 PwC State of Compliance 2016, p. 14

7 Grant Ostlund – Seton Hall, p. 25-32

8 Ibid, p. 36

9 The Chief Compliance Officer vs the General Counsel:  Friend or Foe?, p. 4

10 The Chief Compliance Officer vs the General Counsel:  Friend or Foe?, p.5

11 The Chief Compliance Officer vs the General Counsel:  Friend or Foe?, p. 2

12 Grant Ostlund – Seton Hall, p. 32-3

13 Ibid, p. 33

14 Ibid, p. 35

15 Ibid, p. 36

16 Baker McKenzie “Independence Day – The Separate and Equal Compliance Department” – Global Comp

17 The Chief Legal Officer’s Critical Role in the Compliance Function, Bloomberg, p. 7

18 Grant Ostlund, Seton Hall, p. 6


Links in Favor of Independence

“The Chief Compliance Officer vs the General Counsel:  Friend or Foe?  Society of Corporate Compliance and Ethics

http://www.corporatecompliance.org/Portals/1/PDF/Resources/past_handouts/CEI/2008/601-3.pdf

“Why the Compliance Function is Different than the Legal Function” FCPA Compliance & Ethics

http://fcpacompliancereport.com/2014/06/why-the-compliance-function-is-different-than-the-legal-function/

“Compliance or Legal?  The Board’s Duty to Assure Clarity” Harvard Law School Forum on Corporate Governance and Financial Regulation

https://corpgov.law.harvard.edu/2014/08/12/compliance-or-legal-the-boards-duty-to-assure-clarity/

“When Compliance and Legal Don’t See Eye to Eye” Corporate Counsel

https://www.law.com/corpcounsel/almID/1202654523131/

“Where the Legal and Compliance Functions Intersect” Corporate Counsel

https://www.law.com/corpcounsel/almID/1202669298922/

“The Roles of General Counsel and Chief Compliance Officers” Corporate Compliance Insights

http://www.corporatecomplianceinsights.com/the-roles-of-general-counsel-and-chief-compliance-officers/

“Compliance vs. the Law Department:  How to Work Together” Schering-Plough

http://www.ehcca.com/presentations/pharmacongress7/3_04_2.pdf

“The Changing Role of Compliance” Deloitte

https://www2.deloitte.com/content/dam/Deloitte/dk/Documents/risk/changing-role-of-compliance%20(1).pdf

“PRACTICAL REFLECTIONS ON THE ROLES OF LEGAL AND COMPLIANCE” Association of Corporate Counsel (ACC)

http://www.acc.com/chapters/del/upload/2013-12-05_Duane-Morris_Legal_-_Compliance_Presentation.pdf

“Why Compliance Officers Need Independence” Corporate Compliance Insights

http://www.corporatecomplianceinsights.com/compliance-officers-need-independence/

“Pfizer GC Loses Compliance Chief Role Under $2.3B Drug Marketing Settlement” ABA Journal

http://www.abajournal.com/news/article/pfizer_gc_loses_compliance_chief_role_under_2.3b_drug_marketing_settlement

“Should General Counsels also be Chief Compliance Officers?” Convercent Global Ethics and Compliance Software website

https://www.convercent.com/blog/should-general-counsels-also-be-chief-compliance-officers

“State of Compliance” PwC – 2016

https://www.pwc.com/us/stateofcompliance

Grant Ostlund – Seton Hall

http://scholarship.shu.edu/cgi/viewcontent.cgi?article=1897&context=student_scholarship

Baker McKenzie “Independence Day – The Separate and Equal Compliance Department” – Global Comp

https://globalcompliancenews.com/independence-day-the-separate-and-equal-compliance-department/

Links Adverse to Independence

“The Chief Legal Officer’s Critical Role in the Compliance Function” Bloomberg News

https://www.bna.com/chief-legal-officers-n17179891712/

“Separating out legal and compliance functions – the view from America” LegalWeek (UK)

http://www.legalweek.com/sites/legalweek/2011/11/09/separating-out-legal-and-compliance-functions-the-view-from-america/?slreturn=20171009162458

“Let’s Call a Cease-fire in the GC vs. CCO Debate”  Corporate Counsel

https://www.law.com/corpcounsel/almID/1202648799915

Tags:
%d bloggers like this:
Skip to toolbar