LEGAL
Compliance and regulatory issues have been on the top of the list of what keeps general counsel up at night for several years running. Those feeling even more pressure? The compliance professionals themselves. Indeed, a recent report from DLA Piper shows just how much scrutiny chief compliance officers (CCOs) are under in this ever-changing environment. Corporate Counsel Connect had the opportunity to talk with Brett Ingerman, a partner at DLA Piper and cochair of the firm’s Global Governance and Compliance practice, on the results of the survey, the implications to compliance professionals, and what’s now keeping those CCOs up at night.
The last year has been incredibly active for compliance professionals. Most notably, the Yates Memo, delivered by DOJ Deputy Attorney General Sally Yates in September 2015, now holds individuals, and potentially including CCOs and other compliance professionals, personally liable for the company’s wrongdoing. Furthermore, the Justice Department has appointed their own first-ever compliance counsel, further reinforcing the focus in this area and creating concerns about increased scrutiny among the compliance industry. It was this mounting pressure that was a partial impetus for the recently formed DLA Piper Global Governance and Compliance practice group to create the 2016 Compliance and Risk Report.
The report clearly shows that the DOJ’s scrutiny impacts industries differently, but has wide-reaching effects. Even though the finance and insurance industries have been highly regulated in the past, they are now realizing that their current efforts may need to be increased. Those in less regulated industries are now facing greater scrutiny and may experience possible backlash they haven’t before. Many private companies are now realizing just how much these changes apply to them. Brett uses the example of the private equity industry, one that previously did not feel the brunt of heavy regulation. Explains Brett, “They are beginning to understand the significant risk of having a major compliance failure. More resources are being spent and focused on understanding the compliance landscape.”
This increased scrutiny will undoubtedly impact the professionals in the compliance industry. In fact, according to the report, 65% of respondents said that these changes will have an impact on their decisions to even remain CCOs. The company, industry, and level of risk will be taken into account. Brett asserts that it is up to the companies to ensure the security of their CCOs. “Companies are going to take the necessary steps to protect their compliance officer – making sure their CCO is covered by the insurance policy and making sure bylaws include indemnifications. We will see companies adjust to the specter of the liability.”
While compliance is a top concern for many organizations, like the legal department, it remains a non-revenue-generating cost center, and is rarely as well funded the professionals embedded in it would like it to be. According to the report, only 30% of CCOs feel they have sufficient resources to do their job. Coupled with the fact that CCOs can now be held responsible for failures, this magnifies the concern for those compliance professionals who feel financially unsupported. Brett also explains that the data from this report may be a little skewed based on the type of CCO who responds to these types of surveys. The CCOs responding are “Good CCOs,” says Brett, “And good CCOs and GCs will always want more resources.”
Complicating matters is the fact that there is no one-size-fits-all solution for compliance; what may be considered “resource strapped” in one organization or industry may be “just the right size” for another, making it difficult to create best practices or benchmarks. Brett explains that the key is to look at the risk basis and if the program is adequately resourced for that. “For example, a company with the size and scope and profile of General Electric, it is going to be very different than for the size and scope for a privately owned company that only does business in the U.S. It’s a risk-based approach to making sure you are properly resourced.” One respondent shared that he actually understood the CEO’s decision to allocate less funding to the compliance department: “They view it as ‘I want to have the minimum amount of resources ... to keep us on the level and keep me out of jail ... that doesn’t make them unethical.”
A whopping 87% of all survey respondents believe that the DOJ’s recent appointment of Hui Chen will intensify the pursuit of cases against CCOs, and nearly 100% of respondents felt that the scrutiny of compliance programs would intensify. Notwithstanding this universal concern, only 21% of respondents have made any changes to their compliance programs as a result. While some of these respondents feel comfortable with their current programs, others may be caught blindsided when they discover, through an investigation, that their programs are woefully underfunded and understaffed.
The question then becomes: how can those CCOs ensure funding and stay out of trouble? First and foremost, it is the CCOs responsibility to keep the board abreast of all activities and any perceived resource shortage. Answered one respondent, “I would think, if I didn’t have the right resources, that the board and management would expect me to come to them and say, ‘This is what I think I need.’ If I didn’t do that, shame on me for not raising the point.”
“Accountability rests ultimately with the board of directors” in regards to ensuring resources to remain compliant, explains Brett, citing the 1996 Caremark decision that held the Board of Directors responsible for failing to put in place adequate internal control systems. “The Board of Directors is required to not only understand the scope and effectiveness of their company’s compliance program, but take a vested interest in it,” explains Brett.
Even so, 47% of all CCOs have encountered resistance when asking for more budget. In an effort to increase funds for the compliance department, one strategy is to continually highlight the unsafe path if the company fails to adequately support the department financially. One respondent recommended sharing the cost of even one violation versus the cost of preventative measures. Compliance leaders could take a case study ripped from the headlines to demonstrate the high costs – financially and to the company’s reputation – caused by failure to support the compliance function.
While the reporting structure of CCOs vary from company to company – some report to the general counsel, some report directly to the CEO – Brett sees that the CCO “should have a direct reporting line to the board of directors.” One CCO recommends going much further than reporting just data and analytics to the BOD: “I also report on key matters ... and developments in the program. I think that leadership and the board need more than simple numbers to understand the effectiveness of the program.”
The increased pressure, new regulations, and the potential for greater individual liability will play a large role in the coming years and reshape what is expected from compliance officers. Those caught unprepared can face even stiffer consequences. The CCO will face tough decisions not only about compliance strategies and activities within their company, but within their career as well. As one respondent remarked on looking for a new compliance job, “You’re going to weigh the risk of whether it could destroy your career and personal life.”
DLA Piper’s 2016 Compliance and Risk Report: CCOs Under Scrutiny is the first of its kind. View results and download the report online. DLA Piper is already working on a second compliance survey, taking a closer look at the opinions of directors and the unique issues that multinational businesses face.
Brett Ingerman a partner and cochair of DLA Piper’s Global Governance & Compliance practice. His primary areas of practice are business and commercial litigation and arbitration, with a focus on complex commercial disputes and lender liability issues. Brett also has significant experience in corporate investigations and compliance involving criminal, quasi-criminal and administrative agencies. Brett has designed and implemented global compliance programs for companies large and small, and focuses on providing practical compliance advice consistent with best practices and local custom.
-->
