Compliance professionals are used to internal struggles for influence and resources. Chief compliance officers have devoted years and years to justifying the need to elevate and empower the compliance function. For years, compliance professionals were relegated to back-room positions where they were cabined by structural and political restrictions.
One of the early struggles was between the chief legal officer and the CCO. Eventually, CCOs were able to extricate themselves, when appropriate to separate themselves from the control and oversight of the legal department. General Counsels eventually relented because they recognized that CCOs and GCs together were able to accomplish more together than when they were separated by territorial claims and political line drawing as to responsibilities and control. That is not to say that the CCO-GC partnership has been operating perfectly. There are still snafus and individual personalities can upset the proper definition of this important working relationship.
The next battle, which is surprisingly still occurring on occasion, is the relationship between Human Resource and compliance professionals. If you give CCOs truth serum and ask them if they had to overcome resistance from Human Resources to coordinate and share information, you will be surprised how often HR professionals stood in the way of CCOs, claiming that HR data was “confidential” and sharing the data raised privacy concerns. Talk about a bogus argument.
DOJ eventually weighed in after observing HR and other functions resisting sharing of information with the compliance function. In 2020, DOJ amended its Evaluation of Corporate Compliance Programs to require that companies ensure that CCOs have access to all the information needed for the CCO to execute and satisfy all of his or her responsibilities.
Notwithstanding this clear statement, I continue to encounter situations where HR professionals resist attempts to share information with CCOs. When you boil it down, HR resistance to cooperating with compliance professionals is usually out of fear and intended to protect meaningless territorial boundaries. In most cases, the HR professionals do not understand the benefits from a strong, positive working relationship with compliance professionals. Hopefully, this dynamic will diminish and a strong collaborative relationship will result in most companies.
CCOs have a “new” and important challenge as well — since Sarbanes-Oxley was enacted 20 years ago (Happy Sox Anniversary!!), Chief Financial Officers and Internal Auditors have joined together to build robust financial controls. External auditors, CFOs and Internal Auditors are all committed to SOX and ensuring that companies maintain effective internal financial controls.
CCOs have two important overlaps with the financial function — first, several compliance controls (i.e. policies and procedures) are a part of the company’s financial controls. An example of this is the reimbursement of gifts, meals, and entertainment expenses, which are a part of a company’s internal financial controls.
The second overlap, however, is more important. CCOs have significant risk management and oversight responsibilities. As part of this process, there are a number of financial procedures/controls that are implicated by basic and significant risks — anti-bribery/corruption, trade sanctions, antitrust, money laundering and fraud. It is in this area where CCOs have to maintain a seat at the financial controls table. When you bring this up, CFOs inevitable push back because they hold the keys to the financial controls and SOX kingdom.
Let me explain the problem with this view. FCPA compliance requires prevention and detection of potential misuse of company funds to pay bribes to foreign officials. A bribery scheme also implicates compliance with basic books and records and internal controls requirements.
CCOs have to maintain a clear view and role in the oversight and monitoring of a variety of financial issues relating to bribery and books and records, sanctions, AML and other issues, including for example:(1) procedures for drafting and submission of tender offers to foreign governments; (2) payments to and from third-party distributors through discounts, rebates and other financial arrangements; (3) onboarding to contract to invoice to payment procedures for suppliers and vendors; (4) third-party payments received and paid out by the company; and (5) payments from customers for goods and services.
These are just a few examples of the types of financial activities that are implicated by CCO compliance program responsibilities. CCOs have a duty to focus on these important areas and to participate in monitoring and oversight of these operations to ensure that legal and compliance risks are covered. Yet, CCOs continue to encounter difficulties in securing the seat at the financial table. In many cases, CCOs coordinate or seek to enter through a back door with the support of the Internal Auditor. But it is high time that CCOs be given their due respect and integral role in the overall financial risk function.
CCOs are adept at navigating these types of issues. It is an important part of their career path — CCOs know what they have to do and rest assured they will eventually take their rightful place at the financial table.