How Do I Make the Case for Appointing a Chief Compliance Officer?
Author: Erica Salmon Byrne, J.D.
Your org chart sends a message—what are you telling employees and stakeholders if you don’t have someone dedicated to business integrity at the C-level?
Chief Strategy Officer and Executive Chair
Not every company has a formally designated Chief Compliance Officer, but as Ethisphere Chief Strategy Officer Erica Salmon Byrne points out, this is a critical step of your ethics and compliance maturity journey, and making the case for a CCO is definitely a case worth making.
This is a question that often comes from companies that have people who are working on compliance, but there isn’t someone with the title of Chief Compliance Officer. There are two aspects to the answer to this question, and it is important to be able to answer both when making the case for the organization to create a CCO position.
The first aspect is benchmarking. Part of the case to be made for appointing a Chief Compliance Officer comes from looking at other organizations in your industry, market, size, geography, or revenue and seeing the extent to which they have someone who is appointed Chief Compliance Officer (or Chief Ethics Officer, or Chief Integrity Officer, or something comparable). Is there the presence of someone with that kind of senior title that is related to this particular set of responsibilities? There is a lot of data on that in The Sphere, which will show the extent to which companies have someone with that Chief title, depending on the industry or sector.
The second aspect is more philosophical: why should you even have a Chief Compliance Officer in the first place? You probably have a head of internal audit, or a Chief Audit Officer. You probably have a head of human resources, or a Chief HR Officer. Maybe you have a Chief Technology Officer or a Chief Product Officer.
If you have all of these other C-level positions that are responsible for these particular functions and you don’t have somebody with that title who is working on business integrity—and making sure that employees have the tools necessary to do their jobs in the way the company needs them to—then you are subtly telling employees what matters to the business.
As we like to say here at Ethisphere, your org chart sends a message. So the question becomes: What message are you sending internally and externally if you don’t have someone who is designated at a senior level who is responsible for business Integrity?
BELA Asks
How Do I Make the Case for Appointing a Chief Compliance Officer?
What about dual-hatting?
At a lot of companies there is a person who fills this role, but who also serves as the General Counsel. We warn against such “dual-hatting,” because at the end of the day, being the Chief Compliance Officer and being the General Counsel those are both full-time jobs. If somebody is wearing both hats, then they’re doing neither job with all of their time and attention. They may have people who are junior to them who are designated to take on pieces of those jobs, but again, that sends a message about how the company thinks about this particular role.
That is why it is heartening to see that about 40% of compliance officers report outside of the Legal function, either directly into the CEO, Chief Operating Officer, Chief Administrative Officer, or somewhere along those lines. That is reflective of an increasing understanding that the whole purpose of an organization’s three lines of defense against misconduct (employees are the first line, compliance and other control functions are the second line, and audit is the third line). It is important to make sure that you are devoting the right amount of time, energy, attention, budget, and seniority to that compliance role and designating the title appropriately.