By Roy Snell, CEO SCCE & HCCA
“What we have here is a failure to communicate.” That is a great line from a great movie, Cool Hand Luke, with a great leading actor, Paul Newman. In the movie, Newman would not listen, so the authorities kept punishing him until he would listen. Newman’s character, Luke, spent a great deal of time “in the hole.” The Compliance profession is in a similar situation. The enforcement community is going to keep fining us until we do listen.
Many in-house and outside counsel think compliance is all about the law, so compliance should report to General Counsel (GC). The press, public, politicians, and prosecutors want more than an expanded Legal department. What they want is an independent person or department in every organization to help leadership prevent, find, and fix regulatory and legal issues. They think we are doing a fine job defending our organizations, but not doing so well at defending stakeholders.
In the U.S., the enforcement community expects companies to prevent, find, and fix regulatory and ethical problems with the use of a compliance program, as stated in the US Federal Sentencing Guidelines. The enforcement community believes that every organization needs an independent compliance officer to manage the organization’s compliance program. The compliance officer partners and collaborates with the GC almost all the time.
An exception is when the GC goes off the rails and does not insist the company fix a known problem, as appears to be the case with some recent FCPA violations. In that case, the Chief Compliance Officer (CCO) needs to look for find and present all information to leadership. If your annual review is conducted by the person you are disagreeing with, you do not have independence.
When a whistleblower complaint is filed involving a legal decision the legal counsel made in the past, an independent investigation can not occur if the person conducting the investigation reports to the person they are investigating.
One last example is when the GC needs to defend the company. Society believes the compliance officer should not be involved in that process because it’s difficult to be independent and unconflicted if you are forced to take sides.
You can agree or disagree with some of the examples but you can’t disagree with all of them. And if you can’t disagree with even one of them, then the GC cannot perform the compliance officer’s annual review. The enforcement community thinks we have a failure to communicate.And it’s my view that they will continue to put us all “in a hole” until we give independence to the Compliance department as we have given independence to the Audit department.