CCO Authority and Independence 

The role of the Chief Compliance Officer (CCO) has steadily grown in stature and prestige over the years. In the 2012 FCPA Guidance, under Hallmark Three of the 10 Hallmarks of an Effective Compliance Program, the focus was articulated by the title of the Hallmark, Oversight, Autonomy, and Resources. 

The DOJ’s Evaluation of Corporate Compliance Programs, made the following query about the CCO position: Prong3. Autonomy and Resources  

Stature– How has the compliance function compared with other strategic functions in the company in terms of stature, compensation levels, rank/title, reporting line, resources, and access to key decision-makers? What has been the turnover rate for compliance and relevant control function personnel? What role has compliance played in the company’s strategic and operational decisions?  

Autonomy– Have the compliance and relevant control functions had direct reporting lines to anyone on the board of directors? How often do they meet with the board of directors? Are members of the senior management present for these meetings? Who reviewed the performance of the compliance function and what was the review process? Who has determined compensation/bonuses/raises/hiring/termination of compliance officers? Do the compliance and relevant control personnel in the field have reporting lines to headquarters? If not, how has the company ensured their independence?  

In the Policy, the DOJ laid out additional factors around CCO authority:  

1. The quality and experience of the personnel involved in compliance, such that they can understand and identify the transactions and activities that pose a potential risk;
2. The authority and independence of the compliance function and the availability of compliance expertise to the board;
3. The compensation and promotion of the personnel involved in compliance, in view of their role, responsibilities, performance, and other appropriate factors; and
4. The reporting structure of any compliance personnel employed or contracted by the company.  

This new language would seem to signal the death knell for the dual GC/CCO role. 

Compliance Function in an Organization 

Autonomy and Resources 

Compliance Role – Was compliance involved in training and decisions relevant to the misconduct? Did the compliance or relevant control functions (e.g., Legal, Finance, or Audit) ever raise a concern in the area where the misconduct occurred?  

Empowerment – Have there been specific instances where compliance raised concerns or objections in the area in which the wrongdoing occurred? How has the company responded to such compliance concerns? Have there been specific transactions or deals that were stopped, modified, or more closely examined as a result of compliance concerns?  

Funding and Resources – How have decisions been made about the allocation of personnel and resources for the compliance and relevant control functions in light of the company’s risk profile? Have there been times when requests for resources by the compliance and relevant control functions have been denied? If so, how have those decisions been made?  

The Evaluation added one new set of queries based upon the evolution of corporate compliance programs since 2012. 

Funding and Resources 

You will now have to justify your corporate compliance spend. 

You now have to justify your compliance budget request denials. 

To purchase a copy of The Complete Compliance Handbook on Amazon.com click here. 

To purchase an autographed copy of The Complete Compliance Handbook from the author click here.