Sunday, February 28, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

The Roles of General Counsel and Chief Compliance Officers

by Tod Reichert
January 18, 2011
in Compliance, Featured
The Roles of General Counsel and Chief Compliance Officers

with contributing authors Bonnie Green and David Wilson

By now, most public companies have given a senior employee the Chief Compliance Officer or some similar title, and vested in him or her responsibility for the company’s compliance and ethics programs.  Not infrequently, the general counsel fills this role based on the premise that compliance is essentially a legal matter and, after all, the legal department is often the source of the recommendation to create such a position based on its awareness of the Federal Sentencing Guidelines, applicable laws and guidance from regulators who encourage companies to adopt rigorous compliance programs.  In certain instances, the role of Chief Compliance Officer is mandated by statute and the appointment and compensation of that individual becomes the direct responsibility of the issuer’s board of directors.[1] Particularly in smaller companies or where resources are limited, practical considerations provide another rationale for combining these functions.

Other (usually larger) companies, many of which have a broad range of regulations under which they must comply, have separated the legal and compliance departments, in some instances appointing a non-lawyer to lead the compliance functions.  In companies where these functions are separated, some have the CCO report to the general counsel, and others have him or her report elsewhere – sometimes to the CEO, COO or CFO and sometimes directly to the board or audit committee.

None of these different ways of staffing and positioning the CCO vis a vis the legal department is inherently right or wrong.  The best arrangement is likely to be dependent upon the nature of the company’s business, the regulatory environment in which it operates, and the characteristics and capabilities of the individuals who occupy not only the GC and CCO positions, but other senior officers and board positions.

Both roles serve the organization’s need to comply with the law, but they have different functions in that regard.  The lawyer has an ethical duty to provide advice on how to comply with the law and must represent his client’s interests zealously.  The lawyer provides legal advice on, among other things, defining and establishing appropriate company standards in the context of attaining its business objectives.  Meanwhile, the traditionally defined CCO role serves a management function primarily focused on devising, implementing and overseeing organizational processes to meet those standards.  Her job is to educate the board of directors, senior management and other employees and prevent and root out misconduct, whether legal, ethical or otherwise.  The CCO needs skills in the fields of employee training, human resources, and perhaps oversight of internal controls and investigations.  In the case of an organization where the role has been expanded to include additional responsibilities, such as public disclosure oversight, the CCO must also be well versed in federal securities laws, including SEC rules and regulations.

Irrespective of the breadth of the CCO’s role, it is critical he or she be provided unfettered access, or be empowered to present candid reports, to the board or the audit committee, in each case without undue influence from senior management.  Moreover, the CCO must be an executive level officer in order to possess the autonomy necessary to effectively function in the role, since history teaches that some of the matters he or she will be called upon to review or enforce may involve the company’s senior management.  In addition, if the CCO is not the GC, he or she should at least have the support of the GC, which may be more likely or stronger when the CCO is a member of the legal department.  On the other hand, if senior management is implicated in the conduct under review, having the CCO be independent of the legal department may be preferable in instances where a close relationship exists between the GC or a member of the legal department and senior management.

To be sure, there are some advantages to lodging the compliance and legal responsibilities in the same person and, particularly in a small organization, it is not unreasonable to do so, provided that the company is able to find a single person with a skill set that is broad enough.[2] A combined GC-CCO may save money and promote efficiency, since many compliance issues have legal overtones and ramifications.  A separate CCO position my be necessary, however, where the regulations applicable to the enterprise are vast and/or divers or where the business demands of the organization require the GC to abdicate responsibilities to another individual, such as Regulation FD advice and compliance, corporate secretary duties or enterprise risk management.  In addition, at least some of the GC’s compliance work may be protectable under the attorney-client privilege, although the general view of government agencies is that compliance is a business matter, not a legal function.  When the CCO has both compliance and legal duties, she must be particularly sensitive to which hat she is wearing so as to provide the greatest likelihood of supporting a privilege claim for an internal review or investigation.  When these functions are combined, a company must have a contingency plan for handling matters for which the GC is walled off.  Regardless of whether the roles are separate or combined, a company should put into place procedures whereby the GC can be recused if the events at issue involve the conduct or advice of the GC, or the conduct of other senior officers with whom the GC may have longstanding or close relationships.  Under those circumstances, the board, the audit committee or other members of senior management must have the authority to step in to retain outside counsel or other experts to handle a review.

Similar potential conflicts are posed by a structure in which the GC and COO titles are held by different individuals, but the CCO reports to the GC.  This arrangement may have the advantage of fostering close cooperation between the compliance and legal functions.  It may make particularly good sense where a company is instituting a new or significantly revamped compliance program, or where a new CCO is reporting to a seasoned GC.  Nonetheless, as in the scenario where a single person fills both roles, the CCO will need the ability to report to someone in senior management other than the GC if he or she deems it necessary.  The CCO should also have the autonomy to be able to initiate compliance investigations and to report to the board or audit committee on his or her own.

Finally, dividing these positions between two people and providing them with separate reporting lines provides the greatest degree of independence in the compliance function.  The risk under this scenario is a lack of coordination between the legal and compliance functions.  However, the CCO must coordinate with departments and divisions throughout the organization.  His work requires cooperation with administration, human resources, finance, investor relations, accounting and other groups within the company.  Ideally, the GC and CCO should develop a close working relationship to enhance the effectiveness of enterprise risk assessment and management, controls testing, the handling of whistleblower complaints, conducting investigations, and devising corrective actions to address violations.

Each company will fill the CCO role and devise reporting structures based on its own particular circumstances, including budgetary constraints, the experience of the personnel involved, the nature and geographic array of the business, the scope of the regulations that must be addressed by the issuer and its enterprise risk assessments.  Whatever structure a company chooses, it must be mindful of the risks posed by whatever arrangement it chooses, and take appropriate steps to account for those risks.


[1] Under Rule 38s-1 of the Investment Company Act of 1940, as amended (the “1940 Act”), each registered investment company and business development company must (i) adopt policies and procedures reasonably designed to prevent violations of the federal securities laws and (ii) appoint a chief compliance officer responsible for administering the fund’s policies and procedures (A) whose designation and compensation must be approved by the fund’s board of directors, including a majority of the directors who are not interested persons of the fund and (B) who may be removed from his or her responsibilities by action of (and only wit the approval of) the fund’s board of directors, including a majority of the directors who are not interested persons of the fund.

[2] That section also states that one of the minimal requirements of such a program is that [s]pecific individual(s) within high level personnel shall be assigned overall responsibility for the compliance and ethics program.  Aside from the 1940 Act rules and regulations, neither the Sarbanes-Oxley law or any other statute requires the establishment of a Chief Compliance Officer or even to establish a compliance and ethics program.  However, the combined effect of the Sarbanes-Oxley internal controls and certification requirements, the U.S. Sentencing Guidelines, other regulatory guidance, and the recognition that compliance is simply a good business practice have led most companies to take these steps.  There is no “one-size-fits-all” element to this—the 2004 amendment to the Guidelines simply speaks of a program that is “reasonably designed, implemented, and enforced so that the program is generally effective in preventing and detecting criminal conduct.” (§ 8B2.1).


Previous Post

Effective Persuasion Through Good Communication

Next Post

5 Steps for Building an Effective Compliance Program

Tod Reichert

Tod K. Reichert is Chief Compliance Officer, Senior Vice President and Corporate Secretary of MCG Capital Corporation (NASDAQ: MCGC).  Tod is responsible for advising MCG regarding compliance with applicable laws and regulations, including the 1940 Act and other securities laws, and overseeing the development, monitoring, training and testing of corporate policies. Prior to joining MCG, Tod served as counsel in the Corporate Practice Group at WilmerHale where he practiced general corporate and securities law, with an emphasis on public offerings, venture capital transactions and mergers and acquisitions for clients in a various industries and sectors, including biotechnology, pharmaceutical, software, emerging technologies and financial services. Tod has advised both public and private companies in connection with a broad range of matters, including IPOs, follow-on public offerings, 144A offerings, cash and stock mergers and going-private transactions.  He has also counseled numerous start-up companies and venture capital firms in venture capital financings and has represented underwriters in connection with public offerings of securities.  A significant portion of his practice involved general corporate work for ongoing clients on matters such as SEC compliance, securities and disclosure issues and corporate governance matters. Prior to joining WilmerHale, Tod was associated with Buchanan Ingersoll in Princeton, New Jersey.  Tod received his J.D. from the Rutgers University School of Law – Newark and his BFA from the University of North Carolina.  Before attending law school, he spent fourteen years in New York City as a professional actor, appearing in over thirty-five commercials, soap operas and feature films Mr. Reichert can be contacted via email at treichert@mcgcapital.com. He has contributed the following articles to Corporate Compliance Insights:

  • Matrixx Initiatives, Inc. v. Siracusano: A Lowering of the Materiality Bar?

Related Posts

woman looking at horizon from mountain top

What’s on the Horizon for Anti-Corruption Enforcement?

February 25, 2021
cannabis leaf on $100 bill

The Intersection of EDD and Banking Cannabis

February 24, 2021
gold cup award on red background with stars

Ethisphere Announces the 2021 World’s Most Ethical Companies

February 23, 2021
illustration of hand holding flashlight illuminating hidden stairs

The Corporate Transparency Act: Pulling Back the Veil

February 23, 2021
Next Post

5 Steps for Building an Effective Compliance Program

Access realtime data
Addressing systemic racism in the workplace SAI Global
Dynamic Risk Assessments with Workiva
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights