Power Grab

Chief compliance officers may want to re-read that old copy of The Prince and go for the office power grab in 2010. Apparently all the cool kids in corporate governance support you already.

Within the last several months, we’ve seen numerous signs—regulatory settlements, best practices guides, proposed revisions to the U.S. Sentencing Guidelines—that federal regulators and the governance-industrial complex now believe a corporation’s top compliance overseer should report straight to the CEO, if not straight to the board. First was the Justice Department’s settlement with Pfizer Corp. last fall over improper drug marketing. The most interesting part of the deal (other than the $2.3 billion fine) was a lengthy corporate integrity agreement specifying that the chief compliance officer report directly to the CEO and meet with the audit committee of the board at least quarterly. The wording was clear:

“The chief compliance officer shall be a member of senior management of Pfizer, shall report directly to the chief executive officer of Pfizer, shall make periodic (at least quarterly) reports regarding compliance matters directly to the Pfizer audit committee, and shall be authorized to report on such matters to the audit committee at any time. The chief compliance officer shall not be, or be subordinate to, the general counsel or chief financial officer.”

Next came fresh guidance from the Institute of Internal Auditors, calling for a company’s chief audit executive to report functionally to the board of directors and administratively to the CEO; no chief accounting or chief financial officers should block the way. On a mechanical level that may cause some confusion about how an internal auditor can audit the compliance efforts his boss oversees, but the IIA’s broad goal is clear: give audit executives clear access to the top level of the corporation.

Most recent and most significant, however, are the U.S. Sentencing Commission’s proposed revisions to the Federal Sentencing Guidelines. As Compliance Week notes in our latest coverage this week, the Sentencing Commission is pondering whether to allow a company that meets specific criteria to receive credit for having an effective compliance program, even if a high-level executive is involved in the wrongdoing. (Currently, a company in that particular mess cannot.) And the very first criterion the Commission proposes? “The person with operational responsibility for the compliance program reports directly to the board or one of its committees.”

Across all of these developments, the clear intent is to drive home the practical application of everyone’s favorite compliance phrase, “tone at the top.” If you want to demonstrate to regulators, shareholders, auditors and anyone else that your tone at the top is good, giving your compliance point-person complete, unfettered access to the top is part of that tone.

To some extent, Corporate America seems to be embracing that message. Not long ago we saw several polls of chief compliance officers that found a sharp increase in the number of companies appointing a designated, full-time chief ethics and compliance officer—and more companies ensuring that person is only the ethics and compliance officer, with no other title or responsibilities. One of the polls, from the Society of Corporate Compliance and Ethics, also found that 55 percent of respondents said their compliance officer reports directly to the CEO.

Still, I suspect that a majority of CCOs do not report directly to the CEO, let alone directly to the board. And I wonder just how comfortable boards will feel with this arrangement, too; in a world where the board and the CCO have primary responsibility for creating effective compliance programs, the board and the CCO may well have primary blame when a compliance failure occurs. Yes, the offending employee (whether he is a corrupt CEO, an errant plant manager or anyone else) also carries legal liability—but all too often, that person is long gone when his or her misbehavior causes the corporation to crumble, or pays a penalty grossly underwhelming compared to the harm done to the stock price. Regulators, investors and the public will still be standing at the front gate shouting, “Who allowed this to happen?” They’ll be staring at the board, and staring at you.

Heavy is the head that wears the crown, I suppose. But then, anyone who’s read The Prince would know that.