As we enjoy the remainder of the summer and get ready to launch into a new fall season (no, not football) but a time for renewal and recommitment, this may be a good opportunity to examine and analyze your own compliance program. DOJ’s framework provides a valuable set of questions and issues needed to conduct this analysis. It is important to note the critical ability to define standards that take into account the size, geographic scope and operational footprint of your company when it comes to ethics and compliance. This is just a wordy way to state the obvious — compliance is not a one-size-fits-all inquiry.
DOJ’s broad definitional short-hand of Independence, Authority and Resources (or “IAR” for short) is a perfect framework within which to analyze the specific role and capabilities of your compliance office. I would expect that many companies know and understand that their compliance program has failed to meet the compliance office IAR test.
If an honest and objective test is applied, many companies will fail on the resources factor because most boards and senior managers have embraced compliance but not really carried through with the requirements. All too often I hear the same mantra from board members and senior executives, “we are committed to compliance. We know that it is important to “Do the Right Thing.”
In my experience, this attitude reflects the exact opposite — a failure to understand the actual importance of ethics and compliance programs and how they should operate. The presence of this attitude underscores the need for CCOs to “educate” their boards on how ethics and compliance programs really work and how board members should conduct oversight and monitoring of the ethics and compliance program.
As to resources, it is hard to overcome prior attitudes that compliance is a “cost-center” and drains from more important activities such as business development, marketing and sales. Not to diminish the importance of such activities, but ethics and compliance contributes to the financial bottom line.
Aside from the issue of lack of resources, many compliance programs continue to suffer from lack of access to the board for fulsome discussions of compliance program issues. CCOs often appear at the end of a scheduled board/subcommittee meeting and are deprived of valuable discussions and interactions with board members. Such curtailment often creates situations where CCOs are unable to operate with the authority and autonomy needed to operate an effective ethics and compliance program.
Finally, we return to one of our favorite issues — where in the corporate organization is the compliance function located? Who does the CCO “report” to?
While I have often stated that there is no one “right” way, it is easy to identify situations where the structure and stature of the compliance function falls into the “deficient” or “wrong way” category. I have been writing about this issue in several blog posts in the past week or so.
When a CCO lacks the requisite title (and associated compensation level), is located outside the C-Suite, or reports to a functional leader without direct and structural access to the CEO and the board, any one of these situations alone or a combination thereof is by definition defective. It is hard to imagine how a “director” of ethics and compliance (who is paid that salary level) and who reports to the general counsel could satisfy the Independence, Autonomy and Resources test. Frankly, they cannot and I am sure DOJ would agree with me.
In the end, and hopefully after reading this entire series, we can all agree on a basic proposition — an effective ethics and compliance program requires a level of dedication, commitment and resources from an entire organization that results in a collaborative program, directed from the C-Suite, with effective commitment and contributions from every part of the organization under a board and senior management defined program. Together, a CCO can build an effective ethics and compliance program. If operating alone or without the basic DOJ Independence, Autonomy and Resources, CCOs will suffer organizational and compliance frustration.