Tag: CCO

Categories
Compliance Into the Weeds

Having a Values Conversation

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject. In this episode, Matt and I take a deep dive into having a value conversation to help companies start a conversation about values. If companies do not focus on matters, a vacuum is created where employees are left to make their own decisions, and those decisions may not always be in the company’s best interest. Tune into Compliance into the Weeds-Having a Values Conversation to learn how to start the conversation and create a safety culture.

Key Highlights

  • The Importance of Workplace Safety [00:04:58]:
  • The Need for Embedding Conversations about Values in the Workplace [00:09:00]
  • Creating a Positive Corporate Culture. [00:12:26]
  • The Dangers of Not Doing Corporate Compliance Properly [00:15:56]

 Notable Quotes

 1.     “It makes a lot of sense to try to embed awareness of them initially, but it feels weird. It’s kind of outside of people’s comfort zone. It’s outside your comfort zone if you are not an ethics and compliance professional.”

2.     “These questions can help people like that. And as you had mentioned before, middle managers are the crucial element in all of this.”

3.     “It’s easy for senior executives. To talk about ethical values. I think for many low-level employees, and those messages go in 1 ear and out the other because Why does anybody ever pay attention to what senior management says? It’s your middle manager. It’s your boss. You pay attention to what they say.”

4.     “These questions are geared to help those managers, that audience, and their crucial tool.”

 Resources

Matt Kelly in Radical Compliance

Categories
FCPA Compliance Report

Eric Young on the Evolution of the CCO

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this special episode, I am joined by Eric Young from Guidepost Solutions. Young has worked at prestigious institutions like JPMorgan, General Electric, S&P Global Ratings, and BNP Paribas. He shares his expertise to empower employees looking to move ahead with processes, find solutions, and navigate compliance issues.

Tom and Eric talk about the highlights of the Monaco Memo, updates on the Corporate Enforcement Policy, a case study from ABB to showcase the role of the CCO, and how firms should interpret Department of Justice speeches. He further dives into the corporate culture, accountability, and role of the CCO within an organization. Finally, Eric sheds light on a case from McDonald’s involving the former CEO and their decision to claw back compensation. The discussion concluded with acknowledging the Delaware court’s holding that elevates the CCO’s corporate duties.

Key Topics:

[00:04:24] Process Improvement to Avoid Violations and Effect Positive Change in Company Culture

[00:09:19] The Effects of the Monaco Memorandum on Corporate Compliance Practice

[00:14:35] ABB’s Impressive Performance During an Investigation and Remediation Period

[00:18:42] The C-suite’s Responsibility in Organizations

[00:23:21] The Impact of Experiences on Assessing Business Decisions

[00:28:05] The SEC Inquiry on McDonald’s precipitated by Steve Easterbrook’s Removal

[00:32:24] The Significance of Delaware Courts in Regards to Corporate Law

[00:37:13] The Functions of Corporate Boards During Times of Crisis.

Tune in and listen to Eric as he educates us about the need to report extraordinary circumstances to the Department of Justice

 Resources:

Connect with Tom Fox

●      LinkedIn

Connect with Eric Young

●      Guidepost Solutions

●      LinkedIn

Categories
Blog

The World Has Changed: McDonald’s and the Oversight Duty of Officers-Part 4

Over the past year, the role of the Chief Compliance Officer (CCO) has shifted in some very dramatic ways. The shifts have been from disparate groups and for a variety of reasons. Yet when put together, one can see a clear and bright line expanding and elevating the role of the CCO in the corporate world. From the announcement of the requirement for CCO Certification last year up to the announcement of the Delaware Court of Chancery’s decision in the case of In re McDonald’s Corporation Stockholder Derivative Litigation, it is now clear that the CCO has as wide a remit and responsibility as any corporate officer, other than the Chief Executive Officer (CEO) of a company.

I think the following announcements, changes in DOJ and SEC focus on Foreign Corrupt Practices Act (FCPA) enforcement and now a court case out of Delaware will change the role of the CCO forever.

CCO Certification

This shift began with the speech by Kenneth Polite, Assistant Attorney General for the Criminal Division speech on May 17, 2022, at Compliance Week 2022; announcing the new requirement for CCO Certification of compliance programs for companies going through a Deferred Prosecution Agreement (DPA). This CCO Certification required the Glencore CCO to certify Glencore compliance program “is reasonably designed to detect and prevent violations of the FCPA and other anti-corruption laws” at the conclusion of the DPA.  Who is the only other person required to make a similar certification at the conclusion of a DPA? The CEO of the company.

This means the CCO (and CEO) are certifying the entire compliance program meets the standards of not simply best practices but also all the enhanced requirements set out in Attachment C of any DPA. While many have focused on the question of whether this would bring criminal liability to a long-gone (or even current) CCO; this question now seems to miss the mark. Recall what Polite said when announcing the new requirement “It is the type of resource that compliance officials, including myself, have wanted for some time, because it makes it clear that you should and must have appropriate stature in corporate decision-making. It is intended to empower our compliance professionals to have the data, access, and voice within the organization to ensure you, and us, that your company has an ethical and compliance focused environment.”

Monaco Memo and Changes in the Corporate Enforcement Policy

The 2022 Monaco Memo and 2023 announced changes in the DOJ’s Corporate Enforcement Policy (CEP) are bookends of a series of changes which began as far back as October 2021 when Deputy Attorney General Lisa Monaco first announced the revisions which would eventually be incorporated into the Monaco Memo and CEP. In many ways the Monaco Memo laid out the sticks while the CEP provided the carrots for current FCPA and other white-collar enforcements.

The Monaco Memo directed prosecutors to evaluate a corporation’s compliance program as a factor in determining the appropriate terms for a corporate resolution; as prosecutors should now assess the adequacy and effectiveness of the corporation’s compliance program at two points in time: (1) the time of the offense; and (2) the time of a charging decision.  Kenneth Polite further defined the effectiveness of a compliance program at the time of the offense as “At the time of the misconduct and the disclosure, the company had an effective compliance program and system of internal accounting controls that allowed the identification of the misconduct and led to the company’s self-disclosure.” This is the first time the DOJ has said that it is the detection of wrongdoing which defines the effectiveness of a compliance program. This means a company’s investment in a compliance program, CCO and corporate compliance team are all elevated in importance. This prong does not simply get you a discount, but it can put you on the road to the default position of the DOJ for a FCPA violation, a declination.

Moreover, when you couple the ABB FCPA resolution to the Monaco Memo, you see the carrots which appeared in the new CEP. ABB was the first, three-time FCPA recidivist yet was able to get an excellent resolution with the government and a fine of only $315 million despite clear aggravating factors including corruption up to and in the corporate office. From the ABB resolution, you begin to see how the role of the CCO increases dramatically.

Duty of Oversight

These trends were brought together in the Delaware Court of Chancery’s decision in the case of McDonald’s Corporation and its former Executive Vice President and Global Chief People Officer of McDonald’s Corporation, David Fairhurst in the case In re McDonald’s Corporation Stockholder Derivative Litigation, where for the first time, a Delaware court formally recognized the oversight duties of officers of Delaware corporations.

As I have previously noted, one of the most interesting parts of the court’s opinion is that it draws from the US Sentencing Guidelines and their creation of the Chief Compliance Officer position as both reasons for the decision and as a guide to how the CCO position will be impacted by this ruling. The judge pointed to the US Sentencing Guidelines as a key basis for the creation of the original Caremark Doctrine. The court stated that a prime reason for “recognizing the board’s duty of oversight was the importance of having compliance systems in place so the corporation could receive credit under the federal Organizational Sentencing Guidelines.” However, the Guidelines did not stop at the board level. The US Sentencing Guidelines mandated the creation of the CCO position.

The court noted that the CCO has a broad scope within an organization. The court stated “Although the CEO and Chief Compliance Officer likely will have company-wide oversight portfolios, other officers generally have a more constrained area of authority.” The responsibilities of the CCO are wide and sometimes varied. Here the court stated, ““[s]pecific individual(s) within the organization shall be delegated day-to-day operational responsibility for the compliance and ethics program. Individual(s) with operational responsibility shall report periodically to high-level personnel and, as appropriate, to the governing authority, or an appropriate subgroup of the governing authority, on the effectiveness of the compliance and ethics program.” But the Delaware court also provided CCOs with some additional ammunition in their quest for true influence in a corporation by stating that “to carry out such operational responsibility, such individual(s) shall be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority.”

What Does It Mean?

This is the part where it gets interesting. Under the CCO Certification and the Delaware court’s ruling, it is the CCO who is 1B to the CEO’s 1A. The first step every company must make it to put the CCO in position to report up directly to the Board of Directors. It also means that the days of a CCO reporting to a Chief Legal Officer (CLO) or General Counsel (GC) are certainly numbered. The Delaware Court drove this point home by specifically naming  a CLO/GC as a person “responsible for legal oversight and for making a good faith effort to establish reasonable information systems to cover that area.” In other words, not responsible for the company wide remit such as the CCO.

The next area would come from the Hallmarks of an Effective Compliance Program as laid out in the FCPA Resource Guide, 2nd edition. In that document it states “In appraising a compliance program, DOJ and SEC also consider whether a company has assigned responsibility for the oversight and implementation of a company’s compliance program to one or more specific senior executives within an organization. Those individuals must have appropriate authority within the organization, adequate autonomy from management, and sufficient resources to ensure that the company’s compliance program is implemented effectively.” That means financial resources and head count.

I would add, a level of professionalism and expertise in compliance means more than simply ‘being a lawyer’. Under Chapter 9, Section 47 of the US Attorney’s Manual, the DOJ is mandated to evaluate “The quality and experience of the personnel involved in compliance, such that they can understand and identify the transactions and activities that pose a potential risk.”  Finally, the DOJ will also evaluate other factors such as CCO compensataion as commiserate with the position of being second in importance to the CEO.

The Delaware Court decision creating the Duty of Oversight was not designed to increase the scope, reach and importance of a CCO but the more I look at the case I believe that will be its most lasting legacy. When you look back over the past 12 months, you see that the CCO has more stature and responsibility than it has ever had before.

With a converse nod to Uncle Ben from Spiderman, with great responsibility must come great power.

Categories
The ESG Report

Why Compliance Should Lead the Corporate ESG Effort with Kristy Grant-Hart

What does remodeling a home have to do with ESG? In this episode of the ESG Report, Tom Fox and Kristy Grant-Hart discuss the role of compliance in leading the ESG initiative within a corporation. Kristy, the founder of Spark Consulting, explains how compliance professionals can expand their role to lead the E, S and G components of ESG. She also shares her personal experience of remodeling her new home with her husband and how it relates to ESG.

Kristy Grant Hart is a well-known figure in the compliance field. She is the founder and CEO of Spark Consulting, a global compliance and ethics consultancy that recently celebrated its 6th anniversary. Spark Consulting now has locations in Chicago, New York, Los Angeles, and London. The company also recently released a business simulation game called Compliance Competitor, which has been picked up by many companies. Kristy has over 15 years of experience in compliance and governance, working with clients across multiple industries. She is also the author of four books, including How To Be A Wildly Effective Compliance Officer and The Compliance Entrepreneurs Handbook, which was written with Kirsten Liston and Joseph Murphy.

 

You’ll hear Tom and Kristy talk about:

  • ESG is a bridge between compliance, governance, and board relationships.
  • ESG can be a huge driver for change and reputation enhancement.
  • CCOs are skilled at bringing together people and putting programs into a framework, and this lends itself well to running a successful ESG program. 
  • The renewed focus on G (Governance) is a positive development, as better governance leads to more ethical behavior and compliance. Compliance has a relationship with the board, the Audit and Risk Committee, and it makes sense for compliance to expand its remit of reporting and talk about different stakeholders in different ways for better board management.
  • The push for gender diversity on boards is a step towards greater perspective and understanding of different stakeholders.
  • Supply chain management is an important aspect of the compliance function.
  • The June 2020 Update to the Evaluation of Corporate Compliance Programs from the Department of Justice emphasizes the importance of institutional justice and fairness within corporations, which ties into ESG principles.
  • The compliance function and CCO must have access to all corporate data, not just compliance data, in order to effectively lead ESG efforts.
  • The S in ESG, which stands for social, encompasses issues such as diversity, equity and inclusion, and responsible sourcing in the supply chain.
  • The evolution of supply chain compliance and its integration into ESG efforts has been growing in recent years.
  • Compliance professionals already have a wide range of skills and experience that can be applied to leading E efforts within ESG. They have an important role to play, even if they are not experts in the field.
  • Remodeling a home can also be a valuable learning experience: her personal experience of learning new construction skills aligns with the idea that compliance professionals can learn and lead the E component of ESG.

 

KEY QUOTE

“I think that the more that we see diversity on boards, the better companies will do, but also the opportunities become more expansive and that’s something that I’m passionate about and feel that’s incredibly important. I also think compliance should have much more of a seat on boards.” – Kristy Grant Hart

 

Resources:

Kristy Grant-Hart on Website | LinkedIn | YouTube  

Kristy Grant-Hart books

Spark Compliance

Categories
Innovation in Compliance

Operationalizing Compliance: Part 5-Overwhelmed, yet? with Taylor Edwards

Welcome to a special five-part podcast series on Operationalizing Your Compliance Program, sponsored by Broadcat LLC. Over this series, we consider a variety of ways to more fully operationalize your compliance regime, including the design and effectiveness of your communications, why the operationalization of compliance is a team sport, why simply data is not the answer and how to avoid being overwhelmed. In our Part 5 conclusion, I am joined by Taylor Edwards to discuss how compliance professionals can prevent from being overwhelmed by all of ‘this’.

Highlights from this episode include:

·      Unpack your program through critical examination.

·      Know your history and understand how you got where you are.

·      Face data but do not be paralyzed by it. .

·      It’s about being real and accountable.

For more information go to TheBroadcat.com

Categories
Blog

Operationalizing Compliance: Part 5-Overwhelmed, yet?

Welcome to a special five-part podcast series on Operationalizing Your Compliance Program, sponsored by Broadcat LLC. Over this series, I have visited with Jennifer May, Director of Compliance Advisory; Taylor Edwards,  Director of Sales; Xinia Pirkey, Design Manager; Alex Klingelberger, Chief Executive Officer (CEO) and Jaycee Dempsey, Director of Customer Success. We consider a variety of ways to more fully operationalize your compliance regime, including the design and effectiveness of your communications, why the operationalization of compliance is a team sport, why simply data is not the answer and how to avoid being overwhelmed. In our Part 5 conclusion, I am joined by Taylor Edwards to discuss how compliance professionals can prevent from being overwhelmed by all of ‘this’.

Compliance professionals can be overwhelmed by all the information coming out of the regulators such as the Department of Justice (DOJ) and Securities and Exchange Commission (SEC). In 2022, this included the Monaco Memo and several major Foreign Corrupt Practices Act (FCPA) enforcement actions. Edwards suggested starting from the position of “how does that apply to me?” From there you can “get real with yourself about where things may not be perfect, but also provide insights into where you can start to work on your program.” He added that the key is “recognizing that it’s OK not to have a perfect program.” What the DOJ wants is for you to assess your own program, spot the weaknesses, rank them and then remediate your ranked list going forward. Edwards concluded; you should determine “what’s the next one thing I can work on? Sometimes it’s a matter of taking small baby steps, but just recognizing that there are needed to be taken.”

One of the key components of the Monaco Memo was the cementing of corporate culture as a factor the DOJ would evaluate in any enforcement action. This formalized the remarks made by Deputy Attorney General Monaco in October 2021. Edwards maintains that a “big aspect of this is the listening function of an organization.” He will often engage a client with the questions about listening, “Have you done any listening within the organization? Have you surveyed, have you had a focus group? Have you had some kind of forum for employees? Have you gathered or crowdsourced any of that from within the organization?”

Unfortunately, that answer is often no. Edwards believes that if you recognize the need to understand and to work within the landscape of your company culture, you must  accept the fact you will be required to do a better job of getting out into the business and understanding what the culture looks like outside of the corporate compliance office. He added, “listening plays a huge role.” Having conversations “across different parts of the business help inform not only your understanding of the culture, but then how you can go in and influence it for the better, influence it to be more ethical and compliant.”

We then turned to the DOJ’s 2020 Update to the Evaluation of Corporate Compliance Programs mandates around risk assessments, which move from biennial or even annual risk assessments to risk assessments when your risks change. This is a key area where compliance professionals often feel overwhelmed. Here Edwards suggested taking ‘bite sized or small chunks” to improve your program. Edwards pointed to training as the DOJ has moved far beyond the prior metric of completion rates.  He said, “if you are focused on a 100% completion rate and that is the outcome you’re trying to achieve, then your focus will be on a Learning Management Systems tool that allows you to easily assign modules to a 100% of your workforce. However, if the outcome you are really focused on is compliance, good behavior, making sure that laws and regulations do not get breached, then your focus should be how do I influence behavior as opposed to having a hundred percent completion rate?”

This means you need to emphasize the behavioral element. You can start to do things like “monitoring, which can seem overwhelming for a lot of groups, and it typically gets underinvested in.” But if your focus is on the prevention aspect, then you need to “go out there and see what people are doing wrong currently so you can an address it and stop it.” This can be down with a process mindset; “on a risk-by-risk basis, on a task-by-task basis or a on a process-by-process basis where you peel back the onions of the organization to see if there are any potential pitfalls in our current process.”

The bottom line is there are a variety of approaches you can take to move your program forward. The key is to identify your program weaknesses and begin the remediation process.

For more information go to TheBroadcat.com

Categories
31 Days to More Effective Compliance Programs

Day 26 – Compliance Function in an Organization

The role of the compliance professional and the compliance function in a corporation has steadily grown in stature and prestige over the years. When it came to the corporate compliance function, the 2020 FCPA Resource Guide, under the Hallmarks of an Effective Compliance Program, noted the government would “consider whether the company devoted adequate staffing and resources to the compliance program given the size, structure, and risk profile of the business.” The Monaco Memo and 2023 changes to the Corporate Enforcement Policy have made this all the more critical going forward.

This Hallmark was significantly expanded in the FCPA Corporate Enforcement Policy and 2020 Update. In the FCPA Corporate Enforcement Policy, the DOJ listed the following as factors relating to a corporate compliance function that it would consider as indicia of an effective compliance and ethics program: 1) the resources the company has dedicated to compliance; 2) the quality and experience of the personnel involved in compliance, such that they can understand and identify the transactions and activities that pose a potential risk; 3) the authority and independence of the compliance function and the availability of compliance expertise to the board; 4) the compensation and promotion of the personnel involved in compliance, in view of their role, responsibilities, performance, and other appropriate factors; and 5) the reporting structure of any compliance personnel employed or contracted by the company.

The 2020 Update, Monaco Memo, and 2023 update to the Corporate Enforcement Policy all demonstrate the continued evolution in the thinking of the DOJ around the corporate compliance function. Their articulated inquiries can only strengthen a corporate compliance function specifically; and the compliance profession more generally. The more the DOJ talks about the independence of the compliance function, coupled with resources being made available and authority concomitant with the corporate compliance function, the more corporations will see it is directly in their interest to provide the resources, authority, and gravitas to compliance position in their organizations.

Three key takeaways:

  1. How is compliance treated in the budget process?
  2. Has your compliance function had any decisions overridden by senior management?
  3. Beware of compliance outsourcing, as any such contractor must have access to company documents and personnel.
Categories
Innovation in Compliance

Operationalizing Compliance: Part 4 – Effectiveness, Redux with Alex Klingelberger

Welcome to a special five-part podcast series on Operationalizing Your Compliance Program, sponsored by Broadcat LLC. Over this series, we consider various ways to more fully operationalize your compliance regime, including the design and effectiveness of your communications, why the operationalization of compliance is a team sport, why simply data is not the answer, and how to avoid being overwhelmed. In Part 4, I am joined by Alex Klingelberger, CEO at Broadcat, where we deeply dive into effectiveness.

Highlights from this episode include:

  • Compliance training must stay away from the patronizing training material.
  • The DOJ pronouncements on clawbacks put pressure on senior management.
  • Bilateral communication is a critical component of a best practices compliance program.
  • Compliance engagement is more than between your compliance function and employees. It is when employees engage each other about compliance topics as well.

For more information, go to TheBroadcat.com.

Categories
Blog

Operationalizing Compliance: Part 4-Effectiveness, Redux

Welcome to a special five-part podcast series on Operationalizing Your Compliance Program, sponsored by Broadcat LLC. Over this series, I visit with Jennifer May, Director of Compliance Advisory; Taylor Edwards,  Director of Sales; Xinia Pirkey, Design Manager; Alex Klingelberger, Chief Executive Officer (CEO) and Jaycee Dempsey, Director of Customer Success. We consider a variety of ways to more fully operationalize your compliance regime, including the design and effectiveness of your communications, why the operationalization of compliance is a team sport, why simply data is not the answer and how to avoid being overwhelmed. In Part 4, I am joined by Alex Klingelberger, where we take a deep dive into effectiveness.

We began with a question about data and data analytics. I asked Klingelberger what might a CEO question a Chief Compliance Officer (CCO) about when the CCO brings data about the compliance program. He explained that it is not simply data but “data, plus.” He would further inquire into such areas as, “How did you collect the data? Who are the people that are involved in the data? What did you ask them? What was the data that you have collected and how it going to prove to both regulators and the business folks how to use it.”

He provided the example of annual compliance training program, where the effectiveness is measured with a “single yes or no question that says, did all the constituents certify that they had completed the annual compliance training program; so that you ended up with a score of 100% completion.” Alex said his first question would be, “what is that worth to us?” This is because the data “simply conveys a unidirectional, transmission of information to the people in the business and you have not necessarily improved the quality of those individuals understanding of their business.”

We also discussed the danger of “patronizing communications”. This is a type of communication which is oversimplified to the point where any person, not just a person who’s working in that business would implicitly understand what is right and what is wrong and therefore know the answer they are supposed to get. Something like “Is bribery bad?” is not something you need to train employees on. What employees need is something more useful which addresses given situations, about what bribery looks like and provides a pattern recognition for employees to avoid it.”

That you are really looking for in effectiveness is engagement. Klingelberger noted it is “instrumental that engagement to form the basis for better bilateral communicating between compliance folks and business folks on the frontline. But it is more than communications up and down, from compliance to employee and back. It is using training and communications to facilitate discussions between employees, their managers, their mentors and others about specific situations; how we should be acting and what things that we should and should not be doing in the course of business.” He believes such discussions are the essence of compliance communications and training.

We turned to the user experience as delivering compliance information in topic focused or risk-based bite-sized pieces, on a more periodic and frequent basis is a better way to deliver compliance training. This can facilitate your employees engaging with not only compliance, but it also engagement with managers and fellow employees so that the communication or training fosters an ongoing conversation on a variety of topics; outside of interactions with the compliance function. “This is the outcome you should desire with your communications or training. Something that is going to engage employees, be thought-provoking or thoughtful; yet if they have a question, they can either raise their hand and contact the compliance function or compliance can direct them to a resource within the company such as on a website or FAQs.”

We concluded by tying back to where we began, with some thoughts on data and effectiveness. Klingelberger considers that effectiveness also informs how compliance should be collecting data and providing it to business leaders. He believes, to the extent possible, your compliance function should “use the same systems and software that your business uses to collect data, to collect your compliance data.” He provided some examples; “if you’re a sales shop, a HubSpot shop, if you primarily work on Excel, maybe those are the systems that you should be using to collect your compliance data rather than a completely separate standalone program that both you and your employees only see once a year and generates limited output.” The key is to “make it easier for your business leader through the data that you are providing them by using data which is familiar to them.”

Join us as we conclude with Part 5 where we discuss how to avoid being overwhelmed.

For more information go to TheBroadcat.com

Categories
31 Days to More Effective Compliance Programs

Day 25 – CCO Authority and Independence

The role of the CCO has steadily grown in stature and prestige over the years. The 2020 FCPA Resource Guide, under the Hallmarks of an Effective Compliance Program, focused on whether the CCO held senior management status and had a direct reporting line to the Board. The new requirement for CCO certification has only emphasized this reality.

This Hallmark was significantly expanded in the 2020 Update and the FCPA Corporate Enforcement Policy. And in so doing, the DOJ has increased the prestige, authority, and role of the CCO and corporate compliance function. The 2020 Update has five general areas of inquiry around the CCO and corporate compliance function. (1) How do the CCO’s salary and stature compare to other senior executives within the company? (2) What are the experience and stature of the CCO with an organization? Does the CCO have appropriate training for the role? (3) How much autonomy does the CCO have to report to the Board of Directors? How often does the CCO meet with directors? Are members of the senior management present for these meetings with the Board of Directors or the Audit Committee? (4) What is your structure? Is the compliance function run by a designated chief compliance officer or another executive within the company, and does that person have other roles? (5) Is data in your organization so siloed that the CCO does not have access to it? If so, what are you doing about it?

Once again, for the compliance professional, the FCPA Corporate Enforcement Policy and 2020 Update make the importance of a best practices compliance program even more critical. The DOJ focuses more on the role, expertise, and how the compliance function is treated within an organization. Pay your CCO considerably less than your GC. You may now better be able to justify that discrepancy. You may be starting behind the eight-ball if you have a legal department budget of $3 million and a compliance department budget of $500,000.

Three key takeaways:

  1. How can you show the CCO has a seat at the senior executive table?
  2. What are the professional qualifications of your CCO?
  3. Does your CCO have true independence to report directly to the Board of Directors?