There is an ongoing debate in the compliance world about whether a company can or should combine or separate the role of the Chief Compliance Officer (CCO) from that of the General Counsel (GC). However, before a company can answer this question, it must meet No. 6 of the Department of Justice’s (DOJ) minimum best practices requirement for a Foreign Corrupt Practices Act (FCPA) based compliance program. Requirement No. 6 reads:
The company will assign responsibility to one or more senior corporate executives for the implementation and oversight of the company’s anti-corruption policies, standards, and procedures. Such corporate official(s) shall have direct reporting obligations to independent monitoring bodies, including internal audit, Company’s Board of Directors, or any appropriate committee of the Board of Directors, and shall have an adequate level of autonomy from management as well as sufficient resources and authority to maintain such autonomy.
This requirement clearly mandates that a company must have one or more senior level executives to oversee the company’s compliance program. At the recent Ethisphere 2012 Global Ethics Summit this issue was explored. Alan Yuspeh, Senior Vice President and Chief Compliance and Ethics Officer for Hospital Corporation of America, said that he believed there were three keys to the role of a company’s head of compliance.
a. Senior Management
Yuspeh believes that whoever heads compliance at a company must be included in the ranks of the company’s senior management. This is because when such a person speaks, they need to do so as a peer and not as a subordinate, to company management. Senior management status is also important when dealing with the Board of Directors.
b. Clear Commitment
Here Yuspeh spoke about a clear commitment from the top management of the company to the position of the head of compliance. This is more than simply the ubiquitous “Tone-at-the-Top” as it means a commitment to the position of head of compliance; a commitment to funding and achieving the goals of meeting a minimum best practices compliance program. This means that top management cannot simply cut-off compliance at the knees every time it makes an unpopular decision. Further, the money must be made available to hire the necessary staff, travel and train employees, implement and help to perform the requisite investigations of third parties. If such monies are not made available, your company truly has a paper program.
c. Keep Compliance Involved
The third element that Yuspeh mentioned was whoever heads compliance must “constantly fight to keep compliance involved” in all appropriate aspects of the company’s business. This is more than compliance simply having a seat at the table. The head of compliance must insure that the compliance function is inculcated down into the DNA of the company. So, just as a Chief Executive Officer (CEO) might ask what is the Legal Department’s view on a certain contract or issue facing the company, the head of a company’s Compliance function should also be thought of as a person who’s group is a “go-to” group within the company for advice.
Smaller companies may not have a Compliance function within their organization but it is clear from the DOJ’s minimum best practices that there must be a person who heads that function within a company. Yuspeh has laid out what he believes the practical guidelines are for a head of compliance within an organization. His comments speak to the requirements of the DOJ as laid out in requirement No. 6. Does the head of compliance in your organization meet these criteria?
Filed under: Best Practices,Chief Compliance Officer,compliance programs,Department of Justice — tfoxlaw @ 1:11 am
Tags: best practices, CCO, Chief Compliance Officer, Department of Justice, DOJ, FCPA
© by Thomas R. Fox