Compliance in the C-Suite
The ongoing debate whether certain executives are “too big to jail” misses the most important trend in corporate governance – namely, that criminal conduct is rising in the C-Suite. Viewed from a broad perspective, since 2000, the trend of C-Suite misconduct is unmistakable, and government prosecutors have paid greater attention while devoting more resources to the prosecution of rogue executives. At the same time, although policymakers, regulators and prosecutors have intensified their focus on internal compliance programs, the potential impact of those programs on C-Suite misconduct and culture seems to have been overlooked.
Since July 2002, the Department of Justice has convicted over 200 Chief Executive Officers and Presidents, over 120 Vice Presidents and 53 Chief Financial Officers. These statistics, by themselves, paint a damning picture of ethics and compliance in the C-Suite. Meanwhile, a 2006 Compliance and Ethics Leadership Council study of major compliance scandals from 1999 to 2005 found that significant compliance violations almost always fell at the feet of a senior manager. According to CELC’s findings, in 46 percent of the incidents studied, senior managers knew about alleged improper conduct, and in another 40 percent of the incidents studied, the senior managers committed alleged improper conduct themselves. Taken together, the CELC findings suggest that more than 4 out of 5 senior managers either knew about or committed the crimes at issue.
Please see full Publication below for more information.
Michael Volkov, CEO
Volkov Law Group LLC
The ongoing debate whether certain executives are “too big to jail” misses the most important
trend in corporate governance – namely, that criminal conduct is rising in the C-Suite. Viewed
from a broad perspective, since 2000, the trend of C-Suite misconduct is unmistakable, and
government prosecutors have paid greater attention while devoting more resources to the
prosecution of rogue executives. At the same time, although policymakers, regulators and
prosecutors have intensified their focus on internal compliance programs, the potential impact of
those programs on C-Suite misconduct and culture seems to have been overlooked.
Since July 2002, the Department of Justice has convicted over 200 Chief Executive Officers and
Presidents, over 120 Vice Presidents and 53 Chief Financial Officers.
These statistics, by
themselves, paint a damning picture of ethics and compliance in the C-Suite. Meanwhile, a 2006
Compliance and Ethics Leadership Council study of major compliance scandals from 1999 to
2005 found that significant compliance violations almost always fell at the feet of a senior
manager. According to CELC’s findings, in 46 percent of the incidents studied, senior managers
knew about alleged improper conduct, and in another 40 percent of the incidents studied, the
senior managers committed alleged improper conduct themselves. Taken together, the CELC
findings suggest that more than 4 out of 5 senior managers either knew about or committed the
crimes at issue.
A subsequent study of corporate fraud conducted by KPMG found even more disturbing trends:
in particular, an accelerating trend in criminal behavior perpetrated by Chief Executive Officers.
From January 2008 to December 2010, KPMG found that 26 percent of observed corporate
frauds involved the CEO, up from 11 percent in 2007. Among C-Suite executives, the
involvement of CEOs in fraud activity was only exceeded by the involvement of senior finance
executives, who were associated with 32 percent of cases.
Board level perpetrators increased
from 11 to 18 percent between 2007 and 2011.
Meanwhile and in a consistent vein, FBI
Director Robert Mueller testified in 2011 that the FBI then had 667 ongoing probes into
corporate fraud, and 1700 open cases of securities fraud.
Corporate Fraud Task Force Report, April 2, 2008, at p. iii, available at
Charting a New Course: Measuring and Monitoring the Effectiveness of Compliance and Ethics Programs
(Corporate Executive Board – Compliance and Ethics Leadership Council 2006) p. 9
KPMG gathered data from fraud investigations conducted by the firms’ forensic specialists around the world from
January 2008 to December 2010. In all, 348 cases from 69 countries were analyzed.
Statement of Robert S. Mueller, III, Director of Federal Bureau of Investigation, before the Committee on the
Judiciary, House of Representatives March 11, 2011, available at http://www.justice.gov/ola/testimony/112-1/03-16-
Although there is ample evidence to suggest an increasing enforcement focus on C-Suite
executives, it is far less clear that the risks of C-Suite misconduct are being proactively addressed
within companies. In too many instances, senior executives appear to have the means, the
motive and the opportunity to engage in criminal fraud and other misconduct.
An important motive for accounting fraud, in particular, is manifest in executive pay structures
that base incentive compensation on short-term corporate income. Multiple studies have
documented the growing number of companies which structure their executive incentives in this
Such incentives can feed the motivation of personal greed among senior executives, and
amplify it through intense pressures to reach tough proﬁt and budget targets.7 The KPMG survey
also highlights how weakening control structures have made the opportunity to commit fraud
Organizations contribute to fraud when they fail to detect or respond to lapses or gaps in
controls, as much as by setting overly onerous performance targets. Less robust controls, and
fewer resources to monitor the controls, allow for greater exploitation by fraudsters.
In the 1980s and 1990s, prosecutors went after notorious white collar crimes and scandals,
including the Wall Street criminal prosecutions with the mass arrests orchestrated by then U.S.
Attorney Rudy Giuliani, and the Savings and Loans scandals of the 1980s and 1990s. Starting in
2000, however, with the fall of Enron, WorldCom, Adelphi, and continuing up until today, white
collar prosecution has grown more and more recognized as a criminal enforcement priority,
across both Democrat and Republican administrations. Yet the prevalence of crimes committed
by top executives continues unabated. The fact that C-Suite crime continues to present a serious
problem raises a question about additional measures that should be taken, beyond law
enforcement, to address C-Suite misconduct and culture problems internally by corporations.
The Risks of C-Suite Misconduct: Some Recent Examples of Criminal Prosecutions
The Department of Justice’s focus on corporate executives reflects public opinion and political
priorities. The business community now faces a skeptical public, one with little faith in the
overall ethics and social responsibility of corporations and their executives. This perception (and
reality) of corporate malfeasance has been underscored by press reports of corporate governance
failures involving bribery, money laundering controls,
and LIBOR price-
6 Preliminary Executive Pay Scorecard Review, Michelle Lamb and Greg Ruel, available at http://GMIratings.com.
(April 6, 2011); Study of 2010 Incentive Design and Performance Metrics Among Top 200 SS&P 500 Companies,
James F. Reda & Associates, LLC, January 2012 available at
HSBC Holdings Plc. and HSBC Bank USA N.A. Admit to Anti-Money Laundering and Sanctions Violations,
Forfeit $1.256 Billion in Deferred Prosecution, (Department of Justice press release December 11, 2012) available
While history will resolve the question of whether prosecutors failed to charge financial
companies and executives responsible for the financial meltdown, the Obama Administration has
subsequently increased scrutiny of high-level corporate officers and employed a number of new,
aggressive tools to do so, including the use of wiretaps to catch insider trading executives and the
regular use of “ambush” interviews as a means to enlist the cooperation of potential defendants
in government investigations.
In another area of focus, the Obama Administration has recently made healthcare fraud a
priority, and increased pressure against high-level executives for any whiff of misconduct. In
early 2013,for example, a criminal trial against five executives from WellCare began in federal
Sitting at the defense table were the former CEO and President (and Chairman of the
Board), the CFO, two Vice Presidents and the General Counsel. The executives allegedly
concocted a scheme to game the Medicaid system, and fraudulently to divert hundreds of millions of
dollars. The scheme came to light when a whistleblower reported the misconduct and then agreed
to wear a wire and record over 650 hours of conversations among the executives, including the
Corporate executives have lately been prosecuted and sentenced to significant periods of
incarceration for foreign bribery, fraud, illegal cartels and other criminal offenses. Some high-
profile examples include the president of one company who was sentenced to 180 months (15
years) imprisonment for paying bribes to foreign government officials in Haiti;
mortgage industry executive who was accused of masterminding one of the largest bank fraud
Health Care Fraud Prevention and Enforcement Efforts Result in Record-Breaking Recoveries Totaling $4.1
Billion, Department of Justice, Press Release, February 14, 2012, available at
Banks Looking at $100 Billion Legal Tab, Wall Street Journal, March 27, 2013, available at
See United States v. Rajaratnam, No. 09 Cr. 1184(RJH), United States District Court, S.D. New York; United
States v. Gupta, No. 11 Cr. 907(JSR); Insider Trading: Ambiguous Statute as Warning, Frank C. Ranzanno, Pepper
Hamilton LLP, Bloomberg Law Reports, July 2011, available at
United States v. Todd Farah, et al., Case No. 8:11-CR-115-T-30MAP, United States District Court, M.D. Florida,
Tampa Division; Fraud Trial for WellCare Ex-CEO Shows Medicaid Abuse, Bloomberg News, November 20,
2012, available at http://www.bloomberg.com/news/2012-11-20/fraud-trial-for-wellcare-ex-ceo-shows-medicaid-
program-abuse.html; Medicaid Fraud Trial Starts for Former WellCare Executives, Tampa Bay Times, February 27,
2013, available at http://www.tampabay.com/news/courts/criminal/medicaid-fraud-trial-starts-for-former-wellcare-
United States v. Joel Esquenazi, et al., Cr. No. 09-CR-21010-JEM, S.D. Fla. Documents available at
http://www.justice.gov/criminal/fraud/fcpa/cases/esquenazij.html; Telecoms Exec Sentenced to Longest FCPA
Sentence Ever, Wall Street Journal Corruption Currents Blog, October 26, 2011, available at
schemes in history, and sentenced to 30 years in prison;
22 corporate executives who were
involved in a massive antitrust cartel in the LCD-display industry, and were sentenced to terms
of imprisonment totaling over 4,781 days;
and of course, Bernie Madoff, who was sentenced to
150 years imprisonment.
The Department of Justice has dusted off the “responsible corporate officer” (RCO) doctrine to
target executives in the healthcare industry, coupled with unprecedented enforcement of civil
Even those members of the C-Suite who are not actively involved in illegal
conduct may be prosecuted, and incarcerated, for their roles in such cases.
Under the RCO doctrine, four corporate executives from Synthes were incarcerated for
misdemeanor violations under the FDCA when they knew about illegal conduct but failed to take
any steps to stop or prevent the conduct from occurring again. The company had conducted a
series of non-approved clinical trials of its new bone cement used in orthopedic surgeries. The
FDA warned Synthes not to promote the bone cement for certain spine surgeries, but the
company, with the executives blessing, pushed ahead anyway. At least five patients who had the
drug injected into their spines died on the operating-room table. The company and its executives
ignored evidence of potential lethal consequences, and even went so far as to brush away
scientists’ cautions that the cement could cause fatal blood clots.
At sentencing, the federal
judge expressed his frustration with the conduct of each of the corporate executive defendants,
and even ordered one of them “stepped-back” and sent him to jail on the day of sentencing.20
United States v. Lee Farkas, Cr. No. 1-10 cr. 200, Eastern District of Virginia, documents available at
http://www.justice.gov/criminal/vns/caseup/farkasl.html; Mortgage Executive Receives 30-Year Sentence, Dealbook
New York Times, June 30, 2011, available at http://dealbook.nytimes.com/2011/06/30/mortgage-executive-receives-
United States v. AU Optronics et al, Cr. No. 09-110 SI, documents available at
http://www.justice.gov/atr/cases/auopt.htm; AU Optronics Corporation Executive Convicted for Role in LCD Price-
Fixing Conspiracy, Department of Justice Press Release, December 18, 2012, available at
The “responsible corporate officer” doctrine provides that a “corporate agent, through whose act, default, or
omission the corporation committed a crime” in violation of the Food, Drug, and Cosmetic Act [(“FDCA”)] may be
held criminally liable for the wrongdoing of the corporation “whether or not the crime required ‘consciousness of
wrongdoing’ ” by the agent. United States v. Park, 421 U.S. 658, 670 (1975). Criminal liability under the RCO
doctrine extends to both the corporate agents who committed the criminal act and “those who by virtue of their
managerial positions or other similar relation to the actor could be deemed responsible for its commission.” Id.
(emphasis added). A corporate officer may therefore be guilty of a crime without “knowledge of, or personal
participation in,” the underlying fraudulent conduct. Id.
Bad to the Bone: A Medical Horror Story, Fortune Blog, September 18, 2012, available at
In December 2011, Thomas B. Higgins, the president of Synthes’ Spine Division, was sentenced to nine months
in prison for violations of FCDA. See United States v. Higgins, 2011 WL 6088576 (E.D. Penn. 2011) Thomas B.
Higgins, the president of Synthes’ Spine Division, pled guilty as a responsible corporate officer to the “introduction
into interstate commerce of adulterated and misbranded medical devices.” Id. at *1. Higgins maintained that he did
not know his actions were illegal at the time and did not intend to violate the law. Id. at *9. Higgins was sentenced
to nine months incarceration. Richard Bohner, the Vice President of Operations, who was the senior Synthes
executive with overall responsibility for regulatory compliance matters during the relevant period, also ended up
In the case of Purdue Pharma, a manufacturer of the painkiller OxyContin, three of its top
executives (its president, chief legal officer and former chief medical officer) pleaded guilty to
charges of misleading the public about the drug’s risks. Purdue Pharma LP and the executives
were fined a total of $634 million.
As part of their scheme, the executives designed and
implemented a marketing strategy which was aimed at soft-pedaling the addictive risks of
Oxycontin. Starting in 1996, Purdue Pharma began holding focus groups with doctors about its
new long-lasting painkiller. Many of the doctors said they were reluctant to prescribe the drug
because they worried about its potential for abuse. In response, the company’s sales
representatives began misleading physicians about OxyContin. They said, for instance, that the
drug produced no euphoric feelings for users and that users suffered no withdrawal symptoms
when they stopped taking it. Within a few years, the use of the drug exploded, and led to one of
the nation’s worst prescription-drug failures. The former president of Purdue Pharma was
excluded from the healthcare industry for 12 years.
Enforcement examples like these have created an understandable climate of fear in corporate C-
Suites. Corporate leaders and boards should be concerned about C-Suite misconduct and turn
their attention to compliance at the highest levels of the company. The risk of failure is too great
— prosecutors reaching into the corporate C-Suites handing out grand jury subpoenas,
threatening indictments, and arresting corporate executives can put the future of an entire
company in jeopardy.
C-Suite Compliance: An Ignored Risk and Disastrous Consequences
In this climate of fear, some companies have increased their focus on proactive compliance
programs as a means to reduce risk of prosecution. Recent surveys of corporate compliance
professionals show that companies are spending more money on their compliance programs.
This is a welcome development.
pleading guilty for failing to either prevent or promptly correct Synthes’ illegal test marketing and promotion.
Bohner was sentenced to eight months incarceration. U.S. v. Bohner, 2011 WL 6371826 (E.D. Pa. 2011). Phil
Milford and Sophia Pearson, Ex-Synthes Executive Gets Eight-Month Term in Bone-Cement Case, Bloomberg.com,
Dec. 14, 2011. In addition to Higgins and Bohner, two other Synthes executives, Michael Huggins and John Walsh
were sentenced to jail for nine months and five months, respectively. Id. Moreover, Synthes agreed to plead guilty,
sell the device, and pay a $23.5 million fine to settle the case. Id.
21 United States v. Purdue Frederick Co. et al., No 1:07-CR-00029, Western District of Virginia; Oxycontin Maker,
Execs Guilty of Deceit, Sue Lindsey (Associated Press), USA Today, May 11, 2007, available at
http://usatoday30.usatoday.com/money/economy/2007-05-10-1771944037_x.htm; In Guilty Plea, OxyContin Maker
to Pay $600 Million, Barry Meier, New York Time, May 11, 2007, available at
Dow Jones 2012 State of Anti-Corruption Compliance, available at
This trend, however, has not focused on compliance in the C-Suite. Broad brushstrokes of
compliance programs frequently focus on creating a “culture of compliance” or communicating a
“tone-at-the top” to others outside the C-Suite. There has not been a complementary focus on
compliance within the C-Suite itself.
The reason for this omission is basic. It is too often simply assumed that efforts to communicate
a “tone at the top” (i.e., an ethical workplace atmosphere fostered by corporate leadership)
demonstrate a company’s commitment to ethical conduct at the C-Suite level. This assumption
means that internal controls and compliance programs may simply ignore the C-Suite officers.
In many corporate compliance programs, beyond broad statements of commitment to ethical
conduct, the only meaningful detail relating to C-Suite compliance is the requirement that the
company’s board and the officers participate in a one-hour training program.
The potential harm to a company which ignores C-Suite compliance risks is significant. In the
same way that ethical “tone at the top” has the potential to filter down to other levels of a
company, the absence of a meaningful commitment by the C-Suite to participate in a compliance
program also sends a significant message throughout the organization: It suggests a fundamental
contradiction, which can quickly evolve into a culture of cynicism, rather than fostering a culture
A striking example of this contradiction occurred in a non-criminal context when Best Buy’s
CEO and its Chairman were forced to resign because of the Chairman’s failure to report to the
board his knowledge of the CEO’s affair with a 29 year-old subordinate. The Chairman was
neither trained nor aware of the proper protocol when he learned about the CEO’s alleged affair.
Instead of reporting the matter as required under the Best Buy compliance program, the
Chairman went and asked the CEO whether the allegation was true. The CEO denied the matter
and the Chairman let the matter drop.
The Chairman’s blatant disregard of the Best Buy
compliance program occurred in an environment where Best Buy’s ethics program included
many best practices: an ethicist was on its board of directors; the ethics officer, Kathleen
Edmond, had a website promoting her work and outlook; and the company was committed to
transparency and compliance at every level except the C-Suite.
C-Suite Ethics and Compliance: A Proposed Solution
The solution to C-Suite ethics and compliance requires a multi-faceted strategy. It is easy to
identify the problem, but a much greater challenge to implement an effective solution, since this
requires close coordination among the board, senior management and the chief compliance
officer. There are three steps which need to be addressed.
Best Buy Founder Schulze Steps Down After Scandal, USA Today, May 14, 2012, available at
out/54952088/1; Experts Weigh In on How Best Buy Handled CEO Scandal, Christa Meland, Twin Cities Business,
May 15, 2012, available at http://tcbmag.blogs.com/daily_developments/2012/05/experts-weigh-in-on-how-best-
Step One: Redefine the Board’s Compliance and Ethics Role:
Corporate governance at the board level is coming under increasing scrutiny. No longer can a
board meet a few times a year, review general documents, and relax behind the protection of
minimum standards set forth under the Caremark
decision and the business judgment rule. Just
as corporate executives need to step-up their compliance efforts, so do corporate boards.
Corporate governance standards are changing – more shareholders are focusing on deficiencies
at the board level, especially in shareholder litigation for corporate misconduct. If the Board is
not committed to compliance oversight (including at the C-Suite level), then neither will the
company be committed.
Corporate boards need to conduct a rigorous self-examination of their own performance and the
steps needed to minimize compliance risks. With a goal of ensuring compliance and ethical
conduct, many boards are beginning to take protective steps: creating a strong independent board
with monitoring functions, nominating and appointing independent and qualified directors,
creating working committees, implementing a robust compliance and ethics program which
stresses ethical conduct and is strictly enforced.
With respect to building an effective compliance and ethics program, the board needs to focus on
two simple questions: (1) How can we get the information we need?; and (2) How can we
oversee the compliance and ethics function within the company?
The board needs to start by setting up a “compliance committee.” The old model of layering
compliance on top of the audit committee’s responsibility is a relic of the past, when financial
certifications and accuracy were the focus of compliance in the Sarbanes-Oxley world. The
compliance universe is a lot more expansive now than just under Sarbanes-Oxley. More
companies now have implemented a stand-alone compliance committee. A specialized board
committee focused on risk management, compliance and ethics is the first and most important
step in building a C-Suite culture of compliance.
With the compliance committee in hand, the board needs to establish a working protocol with the
Chief Compliance Officer (CCO) of the company. An effective working relationship will
establish meaningful checks and balances in the company. Information is the key to compliance,
and making sure that the CCO brings to the compliance committee important information in a
timely fashion is critical. The protection of the CCO’s role and ability to report directly to the
board is paramount to this process. In some respects, the CCO will become a direct employee of
the board, as explained in Step Two below.
In re Caremark International Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996).
See generally, Deloitte Board Governance, available at http://www.corpgov.deloitte.com/site/us/board-
A proper relationship between the board and the CCO requires the board to protect the CCO
from retaliation from senior management, and to establish clear reporting expectations and
In addition to these basic tasks, the board needs to take a hard look at its CEO and the
compensation for the CEO. In too many companies, CEOs are treated as superstars who are
untouchable, and who are paid at rates that are disproportionate to the company’s pay structure.27
Corporate governance reform also means reforming CEO compensation so that it is tied to long-
term results, including ethical performance, rather than short-term financial results.
Step Two: Empowering an Independent Chief Compliance Officer
Many argue that prosecution of individual senior executives is the only real deterrent to
corporate criminal behavior, and the only way to bring about change in corporate behavior.
There is no question that prosecution of corporate executives increases incentives for corporate
compliance. Companies recognize another important component of corporate compliance: an
empowered C-Suite CCO.
The most significant trend in the last decade has been the increasing recognition for the
importance of the CCO in a corporation. As prosecution risks have increased, so has the role of
the CCO. Companies are fast recognizing the value of elevating a CCO, and protecting his
independence through direct reporting authority to the board or a board committee.
The evolution of the role of CCO has been the result of a variety of forces – increased
government prosecutions, adoption of specific guidance in the United States Sentencing
Guidelines, requirements imposed by Health and Human Services in corporate integrity
agreements, and industry education efforts.
Until the last few years, many companies added compliance oversight to the responsibility of
their general counsels. A 2009 survey of companies found that nearly half of the responding
companies followed this pattern.
More recently, companies have started to recognize that
general counsels should not serve in this dual role of chief legal officer and chief compliance
officer, given the different mandates and competencies required by each position.
Many in the
legal and governance communities have now endorsed the need for splitting the functions of
chief legal officer and chief compliance officer.
Recent developments in the corporate world have refocused attention on effective corporate
governance and the proper role of the CCO in an organization. Corporate compliance programs
are continuing to evolve in response to emerging “best practices” and changes in the business
Charles M. Elson and Craig K. Ferrere, Executive Superstars, Peer Groups, and Overcompensation: Cause, Effect
and Solution, The Weinberg Center for Corporate Governance, University of Delaware, October 2012.
Association of Corporate Counsel and Corpedia, 2010 Compliance Program and Benchmarking Survey, available
In the 2012 PWC State of Compliance Study, the number of CCOs reporting to GCs fell by 6 percent—to 35
percent from 41 percent—in the prior year.
environment. Back as far as 1998, the government encouraged companies to ensure the
independence of chief compliance officers:
The OIG believes that there is some risk to establishing an independent
compliance function if that function is subordina[te] to the hospital’s
[G]eneral [C]ounsel, or comptroller or similar hospital financial officer.
Freestanding compliance functions help to ensure independent and
objective legal reviews and financial analyses of the institution’s
compliance efforts and activities. By separating the compliance function
from the key management positions of [G]eneral [C]ounsel or chief hospital
financial officer (where the size and structure of the hospital make this a
feasible option), a system of checks and balances is established to more
effectively achieve the goals of the compliance program.
In a similar vein, in a September 5, 2003, letter to Tenet Healthcare Corporation, United States
Senator Charles Grassley (R-IA) observed:
Apparently, neither Tenet nor (its General Counsel) saw any conflict in her
wearing two hats as Tenet’s General Counsel and Chief Compliance Officer
. . . . It doesn’t take a pig farmer from Iowa to smell the stench of conflict in
The United States Sentencing Commission set in motion strong incentives for a company to earn
credit for an “effective” corporate compliance program by implementing the organizational
sentencing guidelines, and by adopting recent amendments to the guidelines in 2010 which
specifically required companies to establish a senior level officer responsible for corporate
compliance with direct reporting authority to the board.
Specific individual(s) within the organization shall be delegated day-to-day
operational responsibility for the compliance and ethics program.
Individual(s) with operational responsibility shall report periodically to
high-level personnel and, as appropriate, to the governing authority, or an
appropriate subgroup of the governing authority, on the effectiveness of the
compliance and ethics program. To carry out such operational
responsibility, such individual(s) shall be given adequate resources,
appropriate authority, and direct access to the governing authority or an
appropriate subgroup of the governing authority.
OIG, HHS, COMPLIANCE PROGRAM GUIDANCE FOR HOSPITALS (1998), available at http://www.oig.hhs.gov/authorities/docs/cpghosp.pdf.
See, Grassley Investigates Tenet Healthcare’s Use of Federal Tax Dollars, available at
Section 8B2.1 (b) (2) (C), United States Sentencing Guidelines.
In addition to the Sentencing Commission’s 2010 amendments to the guidelines, and in response
to specific scandals and prosecutions in the healthcare industry, prosecutors demanded that
companies separate the chief compliance functions from the chief legal officer.
Companies now are embracing the idea of a C-Suite level chief compliance officer, and
empowering that officer with adequate resources and real autonomy. Among the many other
reasons supporting the elevated CCO, is the likelihood that a C-Suite level officer can more
effectively pursue a compliance agenda within the C-Suite, and identify and communicate at that
level any related lapses, escalating those to the board where necessary. For example, recently in
response to governance failures and legal violations, HSBC and J.P Morgan re-energized their
compliance programs by empowering independent CCOs with new reporting authorities and
These innovative solutions to real governance problems reflect a growing trend
across many industry sectors: namely, to empower a chief compliance officer as a check and
balance against the potential for future C-Suite level misconduct.
Step Three: C-Suite Compliance Risks and Responses
An independent chief compliance officer requires adequate resources to operate. Recent FCPA
settlements have incorporated compliance program resourcing as an explicit requirement. A
similar requirement is also included in the Sentencing Guidelines definition of an “effective”
This requirement should be expanded to include resources needed to focus on C-Suite
compliance programs and controls. An independent chief compliance officer ought to have the
authority and the ability to turn his or her attention to compliance in C-Suite.
Chief Compliance officers are well-suited to this task. They can employ the well-known tools of
their profession, starting with an overall risk assessment. The recent FCPA Guidance issued by
the Department of Justice and the Securities and Exchange Commission underscored the
importance of risk assessment in tailoring an “effective” corporate compliance program.
C-Suite compliance, in particular, requires an independent risk assessment. In response to
identified risks, a chief compliance officer can then develop specific policies and procedures and
controls, coupled with appropriate training programs, certification requirements and notifications
of compliance obligations. Given the gravity of the risks associated with C-Suite misconduct,
the compliance officer needs to employ appropriate tools which can reduce the risk and
demonstrate the company’s commitment to ethical conduct.
Association of Corporate Counsel and Corpedia, 2010 Compliance Program and Benchmarking Survey, available
Donna Boehme and Michael Volkov, J.P. Morgan Chase Takes a Giant Step on CCO Independence, Corporate
Counsel, January 29, 2013, available at
ep_on_CCO_Independence&slreturn=20130302204109; Donna Boehme, DOJ Tells HSBC and Corporate America:
Reform Your Compliance Departments, Corporate Counsel, December 20, 2012, available at
In completing this task, the independence and seniority of the chief compliance officer is
fundamental to success. It is unrealistic to expect a CCO who is subordinate to the C-Suite
hierarchy (and particularly if buried several levels down in management) to be able to influence
C-Suite practices, to become aware of C-Suite improprieties, or to be insulated from reprisal in
the event that such improprieties manifest. For all of these reasons, the chief compliance officer
should report directly to the board on the C-Suite compliance program, preferably through a
specific board-level compliance committee which is created at the same time that the board
formally undertakes to ensure CCO empowerment and independence. The board committee
would then play an active role in the supervision and monitoring of the C-Suite compliance
program, to ensure that the program is “effective.”
The independence and empowerment of the chief compliance officer is significant factor in
contributing to the overall corporate culture. Where the chief compliance officer is responsible
for a meaningful and visible C-Suite compliance program, then employees throughout the
company will quickly understand that the commitment to compliance is real, and that no one
within the company is really above the law.
The key to corporate integrity is a uniform cultural commitment to justice and ethical conduct.
Such culture is more likely to emerge when employees believe that tone at the top is matched by
meaningful controls and consistent enforcement, at all levels of the organization.
C-Suite risks can have catastrophic consequences to a company. Government prosecutors
continue to rack up convictions of C-Suite corporate officers. Yet corporate boards and senior
management have too often paid little attention to this issue. Corporate boards can address the
issue by ensuring that an empowered and independent CCO heads the compliance function
within their organizations. In turn, the role of the CCO should be to advise and assure the board
on the design, implementation and monitoring of the company’s compliance program, with a
special focus on C-Suite compliance. Given this new focus, corporate boards can demonstrate to
senior management, employees and the general public that a company’s commitment to an
“ethical culture” is real, and supported by the instrumentality of meaningful controls, an active
champion within senior management, and much more effective board oversight.
Firefox recommends the PDF Plugin for Mac OS X for viewing PDF documents in your browser.
We can also show you Legal Updates using the Google Viewer; however, you will need to be logged into Google Docs to view them.
Please choose one of the above to proceed!
LOADING PDF: If there are any problems, click here to download the file.