It is easy to be dogmatic in blog postings — to express an unvarnished opinion that sounds valid. While it may not be supported by hard data or valid evidence, compliance officers are used to trusting their “gut feelings,” when it comes to compliance. Compliance professionals with experience agree largely on big ticket issues, and this view often reflects lots of real-world experience. Sometimes the experiential world provides more reliable indicators than the experimental world.
I hate to use the repeated Supreme Court Justice Potter Stewart quote with regard to the definition of obscenity, “I know it when I see it.” This famous quote can be used by compliance professionals when turning a critical eye to their own compliance programs. Deep in their hearts, CCOs know when their program has leadership support, operates effectively, and adjusts to changing events. It is this instinct that is invaluable.
The Justice Department has doubled down on the critical elements of an effective compliance program, including the role of the CCO and the compliance function. DOJ often repeats the importance of Independence, Authority and Resources to an effective compliance function. Some of these concepts, in practice, however, have been diluted in the real world. When it comes to resolve and commitment, there is little question that companies have not translated these ideas into real practice.
Perhaps one of the most disturbing trends is the failure of companies to support and implement an “independence” compliance function. As a best practice, a separate compliance office, headed by the Chief Ethics and Compliance Officer (“CECO”), who reports day-to-day to the CEO and directly to the Board (or Committee thereof). Instead, many (but not all) CECOs find themselves embedded in other functions or even spread among various functions.
The compliance profession had a long battle to extricate itself from Legal Departments. Yet, in NAVEX’s 2022 Risk and Compliance Benchmark Report found that 29 percent of CECOs were located in the Legal Department and reported to the Chief Legal Officer. That result is surprising.
Over the last twenty years, the compliance profession has transformed itself through effective advocacy. At the same time, government prosecutors and regulators, along with investors, shareholders and marketplace stakeholders, have demanded that companies enhanced their ethics and compliance programs.
At its core, compliance is a profession that requires different skillsets than lawyers. Compliance professionals employ a blend of talents needed to build and operate an effective compliance program. While being a lawyer may be helpful in circumstances, compliance professionals know that legal education and experience is not a requirement to serve as an effective compliance professional.
Compliance professionals have to redouble their approach to compliance programs to consistently demand independence, authority and resources. In the absence of such an effort, the profession may drift back to prior practices where compliance professionals had to advocate for basic work requirements.
A CECO has to operate with full independence — meaning that the CECO, in consultation with the Board and the CEO, has to execute on those responsibilities and projects free from undue influence or obstacles from internal countervailing forces. When a CECO has the requisite independence, company leaders and employees are more likely to trust the compliance function as the guardian of the company’s culture and integrity. With such acceptance, a compliance program can become truly effective.