This article originally was published on the Thomson Reuters Inside Financial and Risk Blog, for which permission to re-use has been granted.
A recent survey shows that increased scrutiny from both the U.S. Department of Justice (DOJ) and Securities and Exchange Commission (SEC) — both of whom have declared their intent to hold individuals personally liable for corporate misconduct — has many chief compliance officers (CCOs) reconsidering their chosen profession.
As personal liability becomes a major focus for regulators around the globe, compliance officers must take a closer look at their individual accountability in ensuring proper compliance procedures are in place.
Global law firm DLA Piper’s “2016 Compliance & Risk Report: CCOs Under Scrutiny” surveyed in-house counsel and CCOs to gauge how they are reacting to regulators’ intent to prosecute more individuals in corporate misconduct cases.
Most (91 percent) expect increased scrutiny from federal regulators, and 81 percent are concerned about their personal liability following last fall’s so-called “Yates Memo” heralding individual liability as one of the most effective ways to combat corporate misconduct.
Compliance professionals hesitant to take on risk
The survey also found that 65 percent might hesitate to remain in their current position or consider future compliance roles to avoid the risk of personal liability.
The survey report notes this may make it more difficult to find qualified candidates for compliance roles, particularly for early-to-mid career professionals who may be unwilling to spend the next several decades bearing the risk that a corporate misdeed will ruin their career and/or personal life.
Disparity between increased regulatory scrutiny and compliance resources
Further aggravating the situation is the fact that many CCOs face personal liability if they fail to perform jobs for which they do not have sufficient resources.
Only about one-third of respondents are confident they have the resources needed to build and maintain a strong compliance program; 27 percent were unsure whether their budget was adequate.
The report speculates varying reasons for these views, from CCOs who always want more for their programs, to a reluctance to allocate resources to functions offering little return on the investment.
No changes in response to government statements
Despite clear expectations of increased scrutiny, 79 percent say their company has not made any changes to its compliance program based on the recent SEC or DOJ actions or statements. In post-survey interviews, however, several CCOs indicate this is because they already had a strong program in place.
Respondents also noted:
- They are most prepared with respect to business continuity and disaster recovery programs and crisis response teams, with 77 percent stating they had these items in place already and 73 percent indicating they had formal, written crisis management protocols.
- Cybersecurity, data privacy and regulatory risk are their top compliance challenges;
- Monitoring is the weakest area in their compliance programs;
- Audits are the preferred tool for measuring a program’s effectiveness, together with training data and online assessments;
- The majority — 65 percent — use online, interactive training tools; and
- Most CCOs — 44 percent — report to the chief legal officer, followed by 25 percent who report to the CEO.
While compliance professionals are justifiably nervous about the government’s shift in focus toward individual accountability, companies remain subject to scrutiny as well.
Avoiding compliance violations, investigations and fines and/or penalties requires investing in compliance and giving every employee the tools needed to understand what compliance entails and how it affects him or her.