Compliance professionals are used to internal struggles for influence and resources. Compliance leaders have spent years and years justifying the need to elevate and empower the compliance function. For years, compliance professionals have been relegated to backroom positions where they were locked in by structural and political restrictions.
One of the first fights was between the legal director and the CCO. Eventually, the CCOs were able to extricate themselves, if necessary, from the control and supervision of the legal department. The Advocates General eventually relented because they recognized that CCOs and GCs together were able to accomplish more together than when separated by land claims and political line of responsibility and control. This does not mean that the CCO-GC partnership works perfectly. There are still snafus and individual personalities that can disrupt the proper definition of this important working relationship.
The next battle, which surprisingly still occurs on occasion, is the relationship between HR and compliance professionals. If you give CCOs a truth serum and ask them if they’ve had to overcome HR resistance to coordinate and share information, you’ll be surprised how often HR professionals have stood in the way of CCOs, saying that the HR data was “confidential” and sharing the data raised privacy concerns. Talk about a false argument.
The DOJ finally weighed in after observing that HR and other functions were resisting sharing information with the compliance function. In 2020, the DOJ changed its assessment of corporate compliance programs to require companies to ensure that CCOs have access to all information necessary for the CCO to perform and fulfill all of its responsibilities.
Despite this clear statement, I continue to encounter situations where HR professionals resist attempts to share information with CCOs. In summary, HR resistance to cooperating with compliance professionals is usually driven by fear and aimed at protecting meaningless territorial boundaries. In most cases, HR professionals don’t understand the benefits of a strong and positive working relationship with compliance professionals. Hopefully, this dynamic will diminish and a strong collaborative relationship will result in most companies.
CCOs also have a significant “new” challenge: Since the Sarbanes-Oxley Act was enacted 20 years ago (Happy Sox Anniversary!!), CFOs and internal auditors have come together to put financial controls in place. solid. External auditors, CFOs and internal auditors are all committed to SOX and ensuring that companies maintain effective internal financial controls.
CCOs have two important overlaps with the finance function — first, several compliance controls (ie policies and procedures) are part of the company’s financial controls. An example of this is the reimbursement of gifts, meals and entertainment expenses, which are part of a company’s internal financial controls.
The second overlap, however, is more important. Chief compliance officers have important risk management and oversight responsibilities. As part of this process, there are a number of financial procedures/controls that are involved with fundamental and significant risks – anti-bribery/bribery, trade sanctions, antitrust, money laundering and fraud. This is where CCOs need to keep a seat at the financial controls table. When you talk about it, CFOs inevitably push back because they hold the keys to financial controls and the SOX realm.
Let me explain the problem with this view. FCPA compliance requires preventing and detecting the potential misuse of company funds to bribe foreign officials. A bribery scheme also involves compliance with basic books and records and internal control requirements.
CCOs must maintain a clear vision and role in overseeing and monitoring a variety of financial matters related to corruption and books and records, sanctions, anti-money laundering and other matters, including, for example: (1) procedures for drafting and submitting purchase offers to foreign governments; (2) payments to and from third-party distributors through rebates, rebates, and other financial arrangements; (3) integration with contract billing and payment procedures for suppliers and vendors; (4) third party payments received and paid by the company; and (5) customer payments for goods and services.
These are just a few examples of the types of financial activities involved in CCO’s compliance program responsibilities. CCOs have a duty to focus on these important areas and participate in the monitoring and oversight of these operations to ensure that legal and compliance risks are covered. Yet CCOs continue to struggle to secure a seat at the finance table. In many cases, CCOs coordinate or seek to enter through a back door with the support of the internal auditor. But it is high time that CCOs were given due respect and their integral role in the overall financial risk management function.
CCOs are adept at navigating these types of issues. It’s an important part of their career path – CCOs know what they have to do and rest assured that they will eventually take their rightful place at the finance table.