Leadership can take as many forms and can be as varied as the number of leaders. But whatever form it takes leadership in a company’s compliance function does matter. A recent On Management article in the Financial Times (FT) by Phillip Delves Broughton, entitled “Leadership lessons from the pontiff”, looked at what is being termed by Catholics as ““the Francis effect”, the way the new pope is paring down the inherited pomp of his office to become more accessible.” Broughton noted that not only has the Pope made himself more accessible but that he seems to be intent on opening up the Church more to the needs of its flock, rather than simply as an existence unto itself. Broughton wrote that not only does the Pope’s more modest style reflect “a new set of priorities for the Vatican” but the Pontiff has also “set up a commission to reform the Vatican’s administration, notably its bank”. Getting out of the Ivory Tower (or Vatican) is always a good sign for a leader and it is no different for a Chief Compliance Officer (CCO). While I am not sure what criteria the newly invested Pope was judged on during the recent papal election, I thought about the criteria that could guide the selection of a CCO for a corporation.
An article in the SCCE Complete Compliance and Ethics Manual, 2nd Ed., entitled “Essential Elements of an Effective Ethics and Compliance Program”, author Donna Boehme laid out what she believes to be the five elements that should be “carefully considered by boards and senior management who are serious about structuring (or updating)” the CCO position for success.
Boehme believes that a CCO must have “the appropriate unambiguous mandate, delegation of authority, senior-level positioning, and empowerment to carry out his/her duties.” Such can be accomplished through a “board resolution and a compliance charter, adopted by the board.” Additionally, the CCO job description should be another manner in which to clarify the CCO “mandate, and at a minimum should encompass the single point accountability to “develop, implement and oversee an effective compliance program.”” All of the above should lead in practice to a “close working relationship with an independent board committee.”
It is incumbent that any CCO must have “sufficient authority and independence to oversee the integrity of the compliance program.” Some indicia of independence would include a reporting line to the company’s Board of Directors and Audit/Compliance Committee but, more importantly, “unfiltered” access to the Board. There should also be protection of employment including an employment contract with a “nondiscretionary escalation clause” and a requirement for Board approval for any change in the terms and conditions of employment, including termination. There must also be sufficient resources in the form of an independent budget and adequate staff to manage the overall compliance program.
3. Seat at the Table
Boehme believes that the CCO must “have formal and informal connections into the business and functions of the organization – a seat at the table at important meetings where all major business matters (e.g., risk, major transactions, business plans) are discussed and decided.” She argues that, at a minimum, the CCO should participate in “budget reviews, strategic planning meetings, disclosure committee meetings, operational reviews, and risk and crisis management meetings.”
4. Line of Sight
Here the author urges that the CCO should have “unfettered access to relevant information to be able to form independent opinions and manage the [compliance] program effectively.” This does not mean that the CCO should have veto power over functions such as safety or environmental nor that such functions report to the CCO, but unless there is visibility to the CCO for these risk areas, the CCO will not able to adequately assess and manage such risks from the compliance perspective. The correct structuring of the CCO role, to allow it visibility into these areas, will help the CCO coordinate compliance convergence training.
It is absolutely mandatory that the CCO be given both the physical resources in terms of personnel and monetary resources to “get the job done.” I have worked at places where the CCO had neither and the CCOs did not succeed because they never even had the chance to do so. Boehme focuses on both types of resources. Under monetary resources she points, as an indicia, to the independence of the CCO from the General Counsel (GC), “rather than a shared budget”. This can also bleed over to ‘headcount’ and shared or dotted line reporting resources. There should be independent resources reporting into the compliance function.
One thing that Boehme has consistently advocated is that the CCO should not report to the company’s GC. She believes that a CCO should have unfiltered access to a company’s Board of Directors and should report to a company’s Chief Executive Officer (CEO). She points to the “long line of companies forced to separate their” CCO positions from their corporate legal department; both under “corporate integrity agreements, and headlines such as the very public Wal-Mart scandal”. She also writes that the 2010 Amendments to the US Sentencing Guidelines, give support for the independence of the CCO from the legal department.
Boehme’s article reflects the structure and support that she believes a CCO should have in a corporate function. Broughton’s article on the new Pope points out that how a leader positions himself can be critical to an organizations overall success. Further, he writes that over-centralization can stifle out growth but if there is a decentralization of authority, to get it closer to those doing the day-to-day work, they will not only be more empowered but that they can help transform a culture more quickly and effectively. Broughton ends his article with the following, “After years of bad news from the Vatican, the crowds welcomed a man willing to travel fast and light along a new course.” I think that is consistent with the guidance that Boehme provides for the structure and requirements of a CCO position.