Protecting Privilege of the Corporate Compliance Officer

4 Safeguards for Privileged Communications

Although the compliance function works hand in hand with corporate counsel, the CCO shouldn’t expect all communications with counsel to be protected in the event of an investigation. In fact, there are specific requirements of privileged communications, and most day-to-day compliance discussions won’t be considered privileged. Learn more here.

with co-author David Schmitz

The Corporate Compliance Officer (CCO) acts as the organizational conscience overseeing the compliance program. Corporate integrity promotes a strong brand reputation, avoids high-profile failures and contributes to a strong bottom line. The ever-growing complexity of the regulatory environment, and ever-increasing corporate scrutiny by federal and state governments, elevates the position even more. This client alert will, in practical ways, discuss the role of the CCO and how to ensure proper protection of any privileged communications.

Compliance programs define the organizational policy and process for ensuring that laws and regulations are not violated (or, if they are, that such violations are detected and reported through the appropriate channels). By their nature, the compliance programs and the CCO must be guided by, and closely coordinated with, the general counsel. Compliance officers share similar skill sets with attorneys, and many are licensed attorneys. Given all this, when are communications with the CCO protected from later disclosure by the attorney-client privilege or attorney work product?

The answer is that it depends. Generally, the attorney-client privilege requires that a communication be with an attorney, confidential and made in furtherance of seeking legal advice. The two most common CCO situations are (1) the day-to-day general compliance duties, and (2) internal investigations in response to a compliance event.

Day-to-Day Compliance
When acting strictly within the capacity as a CCO, and not in any type of “professional legal capacity” or at the direction of an attorney, compliance officers are usually not protected by the attorney client privilege or attorney work product because they are performing a business function. Even if they are a licensed attorney, the focus of their work is not to provide legal advice or services; rather, they ensure compliance with various regulations and corporate policies.

While day-to-day compliance does not involve a client seeking legal advice, there are exceptions. The CCO may seek legal advice from company lawyers regarding the scope and meaning of a particular law and how it would apply to the corporation. If the CCO is also a licensed attorney, this may cover the situation where they are directly asked to render legal advice in a professional legal capacity, beyond the scope of the compliance program itself.

Internal Investigations
Internal investigations are another common privilege scenario. It is considered best practice to have internal or external attorneys direct investigations. If the CCO is assisting in the investigation and acting as counsel (if licensed) or assisting counsel (if not licensed) that should be clearly marked on any communications as such. In all cases, the primary or significant purpose of the communications, to be protected, must be to obtain legal advice. Of course, most internal investigations are collecting facts in order to make a legal determination of some kind. Those communications should be protected to the extent that they are confidential, made to an attorney (or the attorney’s designee) and for the primary or signification purpose of obtaining legal advice.

Practical Application
Here are a few tips and tricks to maximize the likelihood that privileged communications are identified as such:

1. Compliance Policies: Carefully consider how your policies are worded and consult with a lawyer on how they should be drafted. For instance, if the policies define investigations as a business requirement for particular events, the policy itself may make the privilege less defensible.
2. Designate: If a communication’s primary/substantial purpose is to obtain legal advice versus implementation of the compliance program, designate it “ATTORNEY CLIENT PRIVILEGED.” Be careful not to over-designate. If a communication is simply in furtherance of the compliance program administration, it should not be designated privileged.
3. Investigation Leadership: Internal investigations should be led by a lawyer, proper warnings provided and all interviews conducted by a lawyer (or at the request of and under the direction of a laywer). If the CCO is also a lawyer, it should be made clear in documentation that the officer is acting in their professional capacity as a lawyer. Consider seeking outside counsel.
4. Subsequent Litigation: Ensure that outside counsel representing the corporation in future proceedings is aware of the CCO role at the organization early so that steps can be taken to ensure the privilege is protected.

Although compliance officers’ daily duties may not generally qualify for the attorney-client privilege, this is by no means an absolute rule. The occasions where they may be covered creates a critical organizational issue.