When Managers Undermine the CCO
Compliance officers often like to talk about how senior management can demonstrate support for a strong compliance program. Today I’d like to flip the script and ask an even more urgent question: What are all the ways that senior management can undermine a chief compliance officer?
This is on my mind after (yet another) conversation with a compliance officer, someone accomplished in the field and currently leading the compliance function at a large, publicly traded enterprise — and who called me to vent about several stunts the general counsel recently pulled to weaken this CCO’s position within the business. That led to a conversation about various ways senior management might try to undermine compliance, and I started making a list, most of which I’ve heard many times before over the years, and here we are.
Meddling in investigations. OK, this is the easy one to cite because it’s such a direct and inflammatory way for senior management to undermine compliance. Then again, we should also remember that this is also the most extreme scenario, and one that has the most protections for you.
For example, chief compliance officers typically can approach the board or audit committee in private with emergency issues (meddling would certainly qualify), and in extreme circumstances CCOs could also bring their concerns directly to a regulator. If you could supply evidence of a CEO meddling in an investigation to hide criminal misconduct, prosecutors would pounce on that company with both feet.
All that said, let’s keep our eye on the ball. Meddling in an investigation is rare, and an obvious red flag. CEOs, general counsels, and other members of the senior management team can also undermine CCO authority in many other, more subtle ways.
By organization. Senior management could design the org chart in ways that leaves the compliance officer on the sidelines. For example, the GC could fiddle with reporting lines (read: you report into legal); or insist on certain qualifications that thwart a CCO from hiring competent staff that he or she wants on the team (say, requiring that all compliance employees be lawyers, so you can’t hire a great marketer as head of compliance communications and training).
By engagement. Management could block you from attending leadership meetings, or decide that someone else (read: legal) will report to the board about the company’s compliance program. Or management could run the opposite maneuver, holding “skip-level meetings” where the CEO or general counsel meet with your team without you present, to undermine your authority. They could also ignore you when changing board governance documents — say, deciding to establish a new risk committee for the board, without consulting you first.
By budget. Management could always engage in the time-honored strategy of cutting your department’s budget to a disproportionately large degree, and perhaps as a bonus not give you forewarning about it. They could also impose policies restricting your ability to use outside vendors or your ability to instruct outside counsel without prior approval from the legal department.
In specific assignments. Management might rewrite or cut back on reports you’ve prepared for the board (or the general counsel might do that for reports you’ve prepared for the management team); or re-assign projects to other leaders (say, having HR run a policy management overhaul, or having the IT team run a vendor software implementation without your input).
In other words, there are lots of ways great and small that senior management can kneecap the authority and independence of the compliance officer.
When Does This Happen?
If the conversations I have with compliance and internal audit professionals are any indicator, these undermining maneuvers do happen on a steady basis. (Let’s remember that I also run an occasional series on retaliation against CCOs, a close cousin of the organizational dysfunction we’re talking about here.)
Anyway, in my estimation we can identify three scenarios where GCs in particular undermine the chief compliance officer.
- First are GCs who previously had combined GC/CCO duties, and have now moved to a new company (yours) with a separate CCO (you). The GC doesn’t know how to handle that and tramples across boundaries that should be respected.
- A new GC (or CEO, CFO, or other senior executive) has been externally recruited and comes to your organization, but that person lazily assumes that everything you’ve been doing as CCO is wrong. In other words, they make the Fundamental Attribution Error, blaming you for a program’s shortcomings rather than considering the external forces that are to blame.
- Competitive tensions arise between compliance, legal, and possibly even the risk management function, as you all strive to demonstrate your value to the CEO and the board by offering advice on strategy, tactics, and their associated risks.
How to Avoid Undermining
An even more important question is how to avoid the undermining predicament, especially if you’re already stuck with an undermining GC right now.
Some protections can be structural, such as (if you’re working under some sort of resolution or consent decree with regulators) regular reporting on the compliance program to regulators. But lots of companies aren’t under any specific consent decree where you might have guaranteed face-time with regulators.
Sure, you could try talking directly to the audit committee, but that strikes me as a high-stakes move. The committee might see your complaints as whining (“The general counsel cut my PPT deck for you from 15 slides to three!”), and that’s certainly how senior managers will try to frame your complaint once they hear about it. And your gambit with the audit committee fails, you should start looking for a new job that afternoon.
In most instances, then, compliance officers need to practice the art of office politics — of “manager management,” as one person described it to me — to preserve your autonomy, sanity, and employment all at once.
So what does that look like? How have you been undermined, or prevented someone from undermining you? Send me your stories at [email protected] — anonymity guaranteed, and I’ll post the best advice (and worst war stories) in a future article.