By Guest Columnist: Donna Boehme

Principal at Compliance Strategists LLC and editor of the weekly CS Newsflash (and former chief compliance and ethics officer at two leading multinationals). Follow her on Twitter @DonnaCBoehme.

 

Originally Published in Corporate Counsel (January 14, 2013)

 

As companies head into 2013 facing yet another year of increasing and complex compliance and ethics challenges, here’s a threshold question for the Board of Directors: Does your chief compliance officer have the empowerment, independence, seat at the table, line of sight, and resources to do the job?

Following is a “boardworthy” sample of big developments from 2012 that should give some boards and C-suites (and you know who you are) pause:

1. Morgan Stanley Declination

Companies and CCOs have been waiting a long time to see public recognition and credit for a preexisting compliance program. In 2012, the U.S. Department of Justice decided not to prosecute Morgan Stanley for flagrant FCPA violations by an employee in China, citing robust compliance program elements that illustrated the firm’s strong efforts to prevent and detect wrongdoing. It was just like the Federal Sentencing Guidelines contemplate, and a powerful “show and tell” example for CCOs to discuss with management and boards. More like this in 2013, please.

2. Wal-Mart Mexican Bribery Scandal

Unpack many of the big corporate scandals of the last five years and very few feature a strong, well-positioned, empowered, and experienced CCO voice in the C-suite. (Actually, I can’t think of any, but please write and tell me if you can). In Wal-Mart’s case, the compliance function reported to the legal department, but according to The New York Times reportage, the company’s top lawyer participated in a C-suite decision to “hush up” a too-hot investigation by sending it back to the very same Mexican GC who allegedly approved the bribes in the first place. It was a decision that ignored a compliance officer’s strong recommendation for an expanded independent investigation. Wal-Mart is Exhibit A for an independent, empowered CCO.

3. PwC Survey Shows Increased CCO Independence

According to the 2012 PricewaterhouseCoopers State of Compliance study, the number of CCOs reporting to GCs fell by 6 percent—to 35 percent from 41 percent—in the prior year. CCOs reporting to CEOs held steady at 32 percent. This is momentum in the right direction and is consistent with the 2010 amendments to the Federal Sentencing Guidelines, which favor “direct reporting obligations” to the board or its independent committee. According to Keith Darcy, the ECOA’s executive director, “A clear, unfiltered CCO voice in the C-suite is key to a robust program. Without independence, a CCO is mere window-dressing and false security for the board.”

4. Madoff’s Brother and CCO Pleads Guilty to Fraud, Gets 10-Year Sentence

Did you know that Ponzi scheme king Bernie Madoff’s brother Peter was also the firm’s chief compliance officer? Oh yeah, I’m not making that up. He’s in jail now, serving a 10-year sentence. Lack of independence is rarely this obvious, but it is incumbent on boards and management to recognize empowerment and independence issues in all their nuanced appearances. Note to the Securities and Exchange Commission: Please add “the CCO is the CEO’s brother” to your list of red flags. And add “independence” to the list of CCO requirements. Thank you.

5. Joint DOJ/SEC FCPA Resource Guide on Adequate Autonomy for CCO (and Incentives)

The widely anticipated Foreign Corrupt Practices Act Resource Guide, issued jointly by the DOJ and SEC, may not have broken new ground—but for CCOs it validated many best practices already in place in the field (ahem, use of incentives in programs- ahem) and also expressly tracked the language of the 2010 OECD Good Practice Guidance on Internal Controls, Ethics, and Compliance, which noted that the CCO must have “adequate autonomy from management” in order to do the job. The Justice Department has been using this language in individual FCPA settlement agreements since 2010, going beyond the letter of the current Federal Sentencing Guidelines for Organizations.

6. Big Milestones for the C&E Profession

In 2012, the Ethics and Compliance Officer Association, the first industry association for C&E professionals, marked its 20th anniversary—a significant milestone for the profession. Also this year, the Society of Corporate Compliance and Ethics, an industry association that traces its founding to 2002, earned its 3,000th member, making it the largest cross-industry compliance and ethics organization, and its annual meeting attracted over 1,000 attendees for the first time. In addition, the SCCE’s sister organization, the Health Care Compliance Association, passed the 8,000-member mark. These important milestones signal the vitality, increased profile, and continued growth of the rapidly evolving profession.

7. HSBC Settlement Agreement Elevates and Empowers CCO

I would make the DOJ settlement agreement with HSBC (for widespread anti money-laundering violations and failure to maintain any semblance of a compliance program) required 2013 reading for boards, if I had that power. The case is notable for many reasons, but CCOs will recognize all manner of glaring missteps in how the firm positioned and structured its compliance function. HSBC has now “elevated” its CCO by separating compliance from the legal function, adding resources, fixing the line-of-sight, and creating levels of independence. And one more thing I’ve never seen before: the CCO was expressly raised to the level of the top 50 employees of the firm. Now that’s what I call a seat at the table. As SCCE CEO Roy Snell said “The real question is, will industry give independence to the compliance officer before the government mandates independence through regulatory action as they have with auditors.” Time will tell.

8. Enforcers Tally a Record $9 Billion in Corporate Settlement Agreements, Warn Boards and Management

As Joe Warin of Gibson Dunn puts it, the “B word”—corporate settlements levied by federal enforcers with totals in the billions—are almost the “new norm.” The 2012 total of $9 billion dwarfs the previous 2006 high of $3 billion. With 35 NPAs and DPAs in 2012, across a broad spectrum of industries, CCOs have significant new input to add to the existing guidance for compliance programs, many of which include positioning, structure, and resources of the compliance function. As Gibson Dunn advised its clients: “Make no mistake: while not formally labeled as such, DOJ and other regulators appear to be promulgating compliance guidance for various industries through the remedial requirements included in the DPAs and NPAs used to resolve real-world cases.” In 2012, officials made a number of public statements and speeches urging boards and management to “elevate the role of compliance” by supporting their CCOs with “adequate resources, independence, standing, and authority” to be effective. Boards and management should take heed.

9. Greg Smith’s Very Public Goldman Sachs Resignation, General Services Adminstration, et al—It’s the Culture, Stupid

In 2012, organizational culture hit the headlines. Greg Smith wrote about it in his spectacular “take-this-job-and-shove-it” New York Times op-ed (key word: “muppets”). And social media was abuzz over photos of Jeff Neely, the former head of the General Services Administration, in a taxpayer-funded hot tub with two glasses of wine at the ready. And don’t get me started on those wild and crazy Secret Service parties in South America. The 2012 RAND Symposium report also zeroed in on this “missing link” in its examination of compliance programs at a crossroads. Of course this is all preaching to the CCO choir.

10. The Year of the Corporate Whistleblower

By the end of 2012, it was clearly the year of the corporate whistleblower on a number of fronts. False Claims Act recoveries totaled over $9 billion, more than double the previous year, including the largest health care fraud settlement in history—a $3 billion settlement paid by British drug maker GlaxoSmithKline. After a slow start to its 2007 whistleblower program, the Internal Revenue Service also paid out at least two eye-popping bounties, including $104 million to former UBS banker Bradley Birkenfeld. Companies continue to scramble to respond to the new Dodd-Frank whistleblower program, which provides a direct line to the SEC for allegations of fraud, and a potential bounty of 10 to 30 percent for penalties collected over $1 million. With 3,001 whistleblower tips in its first year and its first bounty paid in 2012 (and reportedly many more in the pipeline), the new Dodd-Frank whistleblower program is now officially alive and kicking. With so much at stake, companies that fail to empower their CCOs could pay a steep price.

And there you have it. After the chief compliance officer was named 2011 Person of the Year by former federal prosecutor Michael Volkov, who recognized the CCO as the “unsung hero” of the corporate workplace, CCOs made strides in 2012. And that’s a good thing, with 2013 promising to be no less fraught with peril for the overseer of the company compliance and ethics program. As Machiavelli wrote, “There is nothing more difficult to take in hand, more perilous to conduct, or more uncertain in its success, than to take the lead in the introduction of a new order of things.”

Donna Boehme is an internationally recognized authority and practitioner in the field of organizational compliance and ethics, designing and managing compliance and ethics solutions within the U.S. and worldwide. As principal of Compliance Strategists LLC, Boehme is the former group compliance and ethics officer for two leading multinationals and currently advises a wide spectrum of private, public, governmental, academic, and nonprofit entities through her NJ-based consulting firm.