The Difficult Demands on the Chief Ethics and Compliance Officer
New regulations and greater enforcement both domestically and abroad are putting increased pressures on compliance officers. In the United States, regulatory bodies, including the Securities and Exchange Commission, are upping their enforcement efforts due to newly enacted laws and published regulations, as well as being provided with greater enforcement personnel.
Andrew Careens, the SEC’s co-director of the Division of Enforcement, touched on this in November when he gave the keynote address at the International Conference on the Foreign Corrupt Practices Act.
He noted that “The SEC’s work in the FCPA arena over the last 35 years has been a fundamental part of the SEC’s mission. And the last 10 years have seen an even bigger increase in FCPA enforcement actions. As most of you know, three years ago, we formed a specialized Unit within the Division of Enforcement devoted to investigating potential FCPA violations. Our FCPA Unit has approximately three dozen dedicated attorneys and other professionals nationwide…” Careens told the group at the top of his speech and later reminded them about the “increasing the number of FCPA actions against individuals” that the SEC filed in recent years.
Stephen L. Cohen, SEC associate director of enforcement, ended his remarks at the Society of Corporate Compliance and Ethics 2013 Annual Compliance and Ethics Institute with something of a “carrot and stick” notice. “First, there is no doubt in my mind that a strong compliance and ethics program not only provides direct economic benefits to your company but will also allow you to reap significant credit should you ever deal with us or our law enforcement colleagues. The alternative may be squaring off against our vigorous enforcement program,” Cohen said.
In this environment, chief compliance officers and chief ethics and compliance officers need to operate from positions of strength, rethink strategies and be sufficiently staffed with the individuals who are suited to handle the difficult brief.
Evolving issues
Writing on his blog, Michael Volkov, an attorney who specializes in corruption, crime and compliance, notes how compliance officers tend to focus their efforts on the issue of the day. Not long ago it was anti-money laundering programs, now it’s anti-corruption compliance, he says.
In an environment where the CCO is constantly putting out an evolving variety fires, the likelihood of career burnout is high. Volkov calls changing and evolving high-risk compliance issues “stovepipes” and recommends tactics to avoid them.
He points out that there are costs associated with focusing on “single-risk compliance functions.” Essentially, organizations lose the economies of scale. He suggests finding ways to integrate compliance programs so that they cross boundaries. For instance, anti-money laundering, anti-corruption and antitrust efforts can be grouped.
While there are certain legal standards and details that may vary, “there are aspects of every compliance area which can be leveraged across different substantive risks,” Volkov writes. “The challenge for a chief compliance officer is to identify potential overlaps and economies to be gained,” he says.
Perhaps creating compliance systems that take a more integrated and “holistic” approach can, in the long term, lessen the stress on CECOs and CCOs.
Roles and responsibilities
The best way to define and implement the role of the CECO has been a topic of study and debate for some time, and it drew much renewed interest with the passage of the Sarbanes-Oxley Act (SOX).
Matt Brady, writing for National Underwriter: Life & Health, notes this in his 2005 article, “The Evolving role of Chief Compliance Officers.” While it was apparent that newly-powered CECOs should “focus on ensuring transparency and clearly defining their roles,” Brady says, “several aspects of the chief compliance officer position” remain unresolved with the enactment of SOX.
Brady points out a possible conflict in smaller companies. He notes that while larger companies can afford to have a CCO who is independent of operations, some smaller companies might find themselves in the difficult position of having a CCO who is also directly responsible for managing some element of operations.
The authority-independence tension
The dilemma, or trade-off one might say, is between authority and independence. A CCO not responsible for operations has the necessary independence, but may lack the authority required for enforcement. If the CCO responsibilities are vested in an operational manager, that person might have the authority but not the independence. Either situation clearly adds stress to an already-stressful position.
When the Journal of Health Care Compliance took an overall look at these issues in 2007 in “Paper Discusses the Role of a Chief Ethics and Compliance Officer,” author Susan Kavanaugh writes, “many CECOs reveal frustration that they cannot fully do their jobs due to deficient resources, inadequate preparation, or insufficient authority.”
Kavanaugh was reviewing a study conducted by the Ethics Resource Center’s Fellows Program. She noted that there are four governing principles recommended for the position of CECO. Two of these directly—although perhaps not adequately—address the tension between independence and authority. They are:
- CECOs should be independent to raise concerns without conflict of interest or fear of reprisal, and
- CECOs should be connected to company operations so they are able to build an ethical culture.
These two principles should be viewed in the light of the first principle, that is, the CECO should be held accountable to the governing authority, i.e. have sufficient “up line” access to do the job.
Striking the balance
When these responsibilities are properly implemented and balanced, the CECO has the ability and opportunity to do the job. But there may be one final factor to consider when an organization wants to avoid the burnout problem: the CECO’s constitution and personality. With such a diverse and divided “bailiwick” it’s not a job everyone can perform.
Companies might want to examine a professional like Patrick J. Gnazzo, who established the CECO position at Computer Associates International Inc. after the company ran up against the Justice Department in 2005. Business Week magazine called him one of “The New Ethics Enforcers” and he was as comfortable strutting across a Las Vegas stage exhorting CA employees, “Don’t lie, don’t cheat, don’t steal!” as he was navigating the board room.
An important part of his success was establishing relationships with management that encouraged them to seek Gnazzo before a situation would turn into a problem. He worked hard not to be seen as an “outsider.”
The difficulty inherent in the position of compliance officer will never go away. The tension between independence and authority over operations will continue to keep many compliance officers awake at night. However, the right person, with the appropriate authority, sufficient staff and contract support, and the freedom to design relevant systems should help organizations increase the longevity and effectiveness of their CECOs and CCOs.