In a post last week on his site, Corruption, Crime and Compliance, Mike Volkov named the Chief Compliance Officer (CCO) his “Person of the Year”. He did so because “There is no other position in a company which has taken on more significance.” This significance was foretold, in part, by the Department of Justice’s (DOJ) minimum best practices compliance program, where they have listed in each Deferred Prosecution Agreement (DPA) and Non-Prosecution Agreement (NPA) released beginning in 2010 and continuing into 2011, the following:
“Senior Management Oversight and Reporting. A Company should assign responsibility to one or more senior corporate executives of the Company for the implementation and oversight of the Company’s anti-corruption policies, standards, and procedures. Such corporate official(s) shall have direct reporting obligations to the Company’s Legal Counsel or Legal Director as well as the Company’s independent monitoring bodies, including internal audit, the Board of Directors, or any appropriate committee of the Board of Directors, and shall have an adequate level of autonomy from management as well as sufficient resources and authority to maintain such autonomy.”
In November 2010, the US Sentencing Guidelines were also amended to make the role of the CCO more robust and allow direct reporting to a Board of Directors or subcommittee of the Board. The amendment read “the individual…with operational responsibility for the compliance and ethics program…have direct reporting obligations to the governing authority or any appropriate subgroup… (e.g. an audit committee or the board of directors)”. If a company has the CCO reporting to the General Counsel (GC) who then reports to the Board? Such structure may not qualify as an effective compliance and ethics program under the amended Sentencing Guidelines.
These two bits of guidance came to mind when reading about MF Global over the past few weeks, regarding its Chief Risk Officer, the financial services equivalent of a CCO. As reported on December 15, in a New York Times (NYT) article entitled “MF Global’s Risk Officer Said to Lack Authority” Ben Protess and Azam Ahmed reported that the company replaced its Chief Risk Officer, Michael Roseman, earlier in 2011, after he “repeatedly clashed with Mr. Corzine [the CEO] over the firm’s purchase of European sovereign debt.” He was given a large severance package and left the company. When he left, there was no public reason given. His replacement was brought into the position with reduced authority.
Writing in the December 16, edition of the NYT’s DealB%K, in an article entitled “Another View: MF Global’s Corporate Governance Lesson” Michael Peregrine stated that “compliance officer is the equivalent of a “protected class” for governance purposes, and the sooner leadership gets that, the better.” Particularly in the post Sarbanes-Oxley world, a company’s CCO is a “linchpin in organizational efforts to comply with applicable law.” When a company fires (or asks him to resign), it is a significance decision for all involved in corporate governance and should not be solely done at the discretion of the Chief Executive Officer (CEO) alone.
Both the DOJ minimum best practices and the amendment to the US Sentencing Guidelines, giving the CCO direct access to a company’s Board of Directors, would seem to provide the profile that would mandate that a Board wants to know the reason why a CCO (or Chief Risk Officer) would suddenly resign, particularly after he “repeated clashed” with a CEO over compliance issues. The universal corporate blanket “resigned to pursue other opportunities” is a white-wash that a Board should look beyond, if indeed that reason was given to the MF Board. The bottom line is that when a CCO leaves, particularly if it was due to a clash with the CEO, the Board had better take a close look into the reasons as it may be that the CEO wants to take risks which could put the company at grave risk.