“If you are not at the table, you are likely on the menu.”
In a recent blog, former federal prosecutor Michael Volkov, a good friend to the compliance and ethics profession asked: “Where is your CCO’s Office? An Important Question!”
And one that raises the larger issue of a “seat at the table” – a key feature of any effective chief compliance officer (CCO) role.
A company can have a compliance program with all the bells and whistles on paper. Chief compliance officer? Check. Status reports to the audit committee? Check. Code of conduct? Check. Training (onsite and e-learning?) Check. Check. But hold on. Anyone can do a “check the box” inventory. As Volkov suggests, once you get past the “paper program” and begin to ask more probing questions, that’s when the real picture begins to emerge.
A chief compliance officer can have the title and the business card, but do they have a seat at the table where the organization’s important business is discussed and decided? For instance, do the heads of business, audit, legal and HR participate in the firm’s quarterly business review while the CCO stands outside, nose pressed up against the windowpane? If so, that sends a powerful message to management (just not a good one), without a single word being spoken.
Here’s one of my little tests: if a powerful business leader were to call the CCO on the carpet and demand that a compliance investigation be “closed” or to know the name of an employee who raised a confidential concern, what happens? If that isn’t an automatic trigger event requiring nondiscretionary escalation to the governing body, then “Houston, we have a problem!” In that case, not only do you have a culture problem, you probably don’t even have a credible compliance program.
Which brings us back to the CCO’s office location. Seems petty, right? Why should the office location even matter? Why are these pesky CCOs so power hungry? On the contrary, my observation from more than 20 years in the field is that CCOs are probably the least power hungry managers in the room. But they want to do their jobs well and deliver on the promises made by the company when it rolled out its code, confidential helpline and other elements of the compliance program. And to do that, CCOs need all the tangible and intangible indicia of empowerment they can get.
These include an appropriate title, reporting line, written mandate, line of sight, resources, a seat at the table, nondiscretionary escalation to the Board of significant matters and yes… an office that says to the organization: “compliance matters.” Because unlike other, more established functions of the organization such as legal, audit and HR, the compliance function is fighting for every mandate and crumb of credibility that it can grab hold of so that powerful leaders view them as a member of senior management and not as mere window dressing.
It’s also important because employees want to know if the CCO is independent and able to protect them against retaliation. They know the difference between talk and walk – and it shows in all the small and not-so-small ways that employees easily recognize. Where the company falls on the spectrum of walk and talk makes all the difference between an engaged, informed and transparent workplace where people feel safe in raising their hands, and a Twitter headline (#Scandal) waiting to be written.
Here are some other questions for proactive Boards and CEOs:
- When important management meetings occur on strategy, risk or reviews of business performance, is the CCO at the table?
- Is the CCO’s input sought as part of management’s compensation, evaluation and promotion process?
- If your organization has, as many companies do, an annual or periodic summit of its top managers, is the CCO not only invited as a senior leader, but also prominently on the agenda as a key speaker?
A seat at the table: it’s a critical feature of any successful CCO position, and by extension, any effective compliance program. Over the last five years, the CCO has made significant strides in independent reporting line and direct, unfiltered access to the Board – but without a seat at the table, the impact of the first two may be completely eviscerated. The CCO must be present, connected and impactful.
And, as Volkov observes, the CCO’s office is pretty important, too.