In today’s medium-sized and large organizations it is very common to find a department responsible for the compliance function or leading the “ethics and compliance program,” understood as the set of policies, processes, and mechanisms that ensure this function is well-established throughout the organization. However, it is equally common to observe how some of these ethics and compliance programs, although they appear to be correctly positioned in the organizational chart, have a qualified person in charge usually as a CCO (Chief Compliance Officer), and having the influence and power to exercise their role in the organization, actually lack some of the resources or attributes that would allow them to fully perform their function and ensure effectiveness, generally understood as the program’s ability to optimally execute its functions to adequately control the risks for which it was established. The provisions of the Department of Justice (DOJ) including recent announcements and changes, and the United States Sentencing Commission (USSC) generally offer robust guidelines on the attributes that an effective “ethics and compliance program” should have, one of which, and the one we will focus on, is “Autonomy and Resources,” since these are designations that are made by the board of directors, the main governing body charged with setting the tone at the top and ensuring the optimal establishment and operation of these programs. Let’s analyze each of them:
- Structure
- Some organizations choose to add this function to the legal area and others to internal audit (a practice not recommended because it affects independence and focus)
- In some cases, it is included in the organizational charts, reporting to the general manager/CEO (a practice not recommended because it affects independence and focus)
- Ohers include a functional and direct report to the board of directors or the corresponding committee and an administrative report to the CEO (best practice)
- The board committee to which they report is usually merged with the audit committee.
- Seniority and Stature
- Referring to the experience and leadership of the CCO as responsible for the ethics and compliance program
- Although most CCOs have extensive experience of their role, the position (although with direct reporting to the CEO) in some cases does not have the same level as their peers (C-level)
- In other cases, the CCO is not included in strategic meetings where their contributions can be key to continuing or limiting important transactions to the organization (compliance risks)
- Experience and qualifications
- This criterion is met in most cases because organizations strive to select highly qualified personnel for this position
- One area for improvement could be training and coaching the team responsible for the function receives from external experts
- Funding and Resources
- This is perhaps the area that requires the most attention, because despite the breadth and complexity of an ethics and compliance program in a sizable organization, the allocation of resources may not be ideal, and this can impact its effectiveness.
- Access to data
- The difficulty in accessing information is most evident at the beginning of the implementation of the ethics and compliance program. However, organizations usually respond and understand this need and provide the necessary elements for its proper development.
- Autonomy
- As indicated, it is common practice for the CCO to have access to the committee specifically designated by the board of directors
- Outsourcing of functions
- When the organization has decided to outsource all or part of this function, the most important thing is to have the necessary and sufficient mechanisms for good oversight and continuing evaluation of outsourced activities.
These are the attributes that frequently deserve the most attention from organizations, especially their boards of directors as they are responsible for ensuring that the ethics and compliance program is well implemented and has the resources and mechanisms to best perform its function and safeguard the organization’s reputation.
How can we support you?
Our team with extensive experience in CCO (Chief Compliance Officers) and CAE (Chief Audit Executive) positions and solid knowledge of international regulations and best practices, can:
- Conduct diagnostics of ethics and compliance programs
- Advice on the identification, assessment, and management of compliance risks (risk heat maps)
- Training on international regulations (FCPA, UK Bribery Act, others)
- Support in training plans and the deployment of a compliance culture within the organization and with stakeholders
- Independent external assessments
- C-level training, to effectively ensure the required commitment at this level.
