Donna Boehme – Corporate Compliance Insights – February 2017
I recently read a great blog post by Tom Fox on why compliance officers need independence. And former federal prosecutor Michael Volkov, who completely understands the CCO’s hard job, has reiterated the value of independence here, although this is mostly old news to any CCO who has been in the trenches. With the feedback we are seeing to the launch of the Compliance 2.0 Infographic, this is probably a good time to discuss the independence issue.
Why is independence so critical to the establishment of a strong compliance program that works? The CCOs in my networks know the answer, and they have the scars on their backs to prove it. I’ve said that the CCO’s role is an incredibly hard job – maybe the hardest one in the company. I use a single slide to summarize why this is so.
Here are some ways independence helps CCOs do their job well:
CLEAR-EYED FOCUS ON INDEPENDENT MANDATE
CCOs need to perform their clear mandate to find, fix or prevent problems before the company is forced to do so by third parties on terms those parties demand (e.g., a mandated monitor, fines and a deferred prosecution agreement with additional obligations). But when compliance is operated as a captive arm of legal or any other function, it is incentivized to work through the lens of a very different mandate. That’s what we call “Mandate Conflict.” I discuss this phenomenon here with Roy Snell. That’s how GM got its “69 Naughty Words” training, but failed to fully understand and define the delayed recall problem. Or how VW may have had excellent relationships with its Works Councils, but failed to surface and resolve concerns about its emissions cheating scheme.
Independence means the recognition of a new, standalone mandate for the compliance program discharged independently, but in high collaboration with other SMEs in the organization. For instance, in a multidisciplinary task force developing investigation guidelines (so critical after Yates), legal can contribute its SME about privilege issues, HR on people issues and IT/security on email and documentation issues. This kind of check-and-balance plays out when designing and implementing all aspects of the program, which is why we say that the new generation of Compliance 2.0 can use the mantra of “Collaboration, not Subordination.” Thought-leader and two-time CCO Pat Gnazzo has described this approach as “Partners at the Table.”
THE MAURITZA MUNICH RULE
Corporate America and multinationals like WalMart and Siemens have far too many examples of compliance professionals who are fired or forced out for doing their job well. It’s the Mauritza Munich saga recently highlighted by Mike Scher here. It’s the Machiavelli rule played out in Technicolor. One of the goals of Compliance 2.0 is to avoid situations where compliance professionals have to choose between doing their jobs well and “sleeping at night,” paying the mortgage or sending their kids to college. Recruiters tell me that if gatekeepers can find a way to promote Compliance 2.0, the entire company and its stakeholders benefit. #TheRisingCCOLiftsAllBoats.
I’ve said this before, but it bears repeating: when a CCO exits a company, that should be an 8K event akin to a change in outside auditors and, similarly, the board should include in its escalation clause any incident of a CCO being fired or forced out and ask to know why. That’s called OVERSIGHT in the compliance world.
GOVERNMENT GATEKEEPERS ARE PAYING ATTENTION
Compliance Week 2016 was a grand week for Compliance 2.0! In the opening keynote, entitled “Are We Defining Effectiveness Correctly?” both the DOJ and SEC discussed themes of independence, empowerment and subject matter expertise in their remarks. And especially with the DOJ’s hire of compliance SME Hui Chen, these are hopeful signs that government gatekeepers will be focusing on the distinction of effective, robust Compliance 2.0 programs that work, as opposed to Compliance 1.0 “paper programs” merely for show. Independence, empowerment and the other elements of Compliance 2.0 are intended to position CCOs, compliance professionals and teams to do their jobs well without becoming an 8K event or a board-escalated event. Other regulators, such as the OIG HHS and the Office of Currency and Control, have also expressly acknowledged the criticality of independence. Even outside the U.S., gatekeepers and policymakers, such as the OECD, Brazil’s CADE and the Canadian Competition Bureau, understand the elements of Compliance 2.0. We are headed to a consensus.