Undermining the CCO, Part II

Earlier this month we had a popular post on ways that senior management might undermine the chief compliance officer’s power and authority. The post sparked quite a bit of feedback, so today let’s share more stories of management undermining the CCO — and ways the CCO could try to push back.

The original post identified a few ways management might undermine the CCO, including:

  • Direct interference in an investigation
  • Financial pressure, such as cutting the compliance program budget
  • Hobbling the structure of the compliance function, such as insisting that all compliance employees have law degrees
  • Excluding the compliance officer from important meetings or decisions
  • Hijacking specific projects, such as cutting down the presentation you were planning to make to the board

All of those are bad, and now let’s consider a few more undermining moves that readers described. 

Management using the compliance function to pursue its own agenda. For example, Senior Executive A might ask the compliance team to open an investigation into Senior Executive B (or even Executive B’s whole department) for reasons that have nothing to do with misconduct. Maybe Executive B pushed a project that Executive A didn’t like, or that ended up losing money for the company. Executive A is looking for a pretext to dump Executive B — and an investigation into allegations of misconduct can do just that.

Along similar lines, management might have already decided it wants to fire a certain employee, but rather than go through the dance of putting that employee on a performance plan, documenting his shortcomings, offering a final warning, and so forth; management might bring misconduct allegations to the compliance officer’s attention. Basically, management is having you do the dirty work to build a case for termination.

This is tough. Compliance officers want to support the business, and one way to do that is to support management when it asks for your help — but not like this, where management weaponizes the investigation process. That puts the compliance officer in a terrible dilemma, where you either (1) refuse management and risk their wrath; or (2) do the dirty work and alienate yourself from the rest of the enterprise (because let’s not kid ourselves, they’ll know exactly what’s going on). 

This no-win scenario is why it’s so important for the compliance officer to forge alliances across the enterprise, long before any particular management executive puts you in a difficult spot. 

For example, you could escalate a situation like this to the audit committee of the board or the lead independent director, if you have a good relationship with those persons — one based on trust, where they know you’d only bother them with a concern if that concern were serious. Of course, the challenge here is that building such trust takes time. 

Undermining by Privilege

Senior management insists on its own private ethics policy. Another reader described this issue to me. The company did have a respectable gifts and entertainment policy for most employees, but senior management wanted its own private policy — one that didn’t require executives to report anything to the compliance function, and let them approve their own spending. (“Needless to say, I chose unemployment over remaining there,” the compliance officer told me.)

This too is a terrible idea, but compliance officers might have a few more cards to play than in our first scenario. For example, a gifts policy that allows executives to approve their own spending is a clear conflict of interest and potential bribery risk; that’s something an external auditor might flag as a weakness if someone were to steer the auditor in that direction. In an extreme situation, where you suspect that management actually is using its loosey-goosey gifts policy to further a bribery scheme, you could even alert regulators as a whistleblower. 

Neither of those options is easy or pleasant, but at least they’re possible since the self-serving policy could well be a compliance or legal violation. That’s more than we can say for weaponized investigations; I’m not sure that they violate any rule that would attract a regulator’s interest. Regardless, I think the reader’s decision was also the best: quit.

Undermining by Eagerness

Misguided managers are too eager to take charge of compliance. Another reader described this scenario, where the reader (head of compliance at their company) reported into a “very inexperienced” chief risk officer. That CRO believed that he knew how to run a compliance program, but in reality lacked the technical knowledge and made a mess of things. 

“My biggest concern is that our CRO takes part ownership of compliance and then seems to forget that he did,” this person wrote. “He also wants to take on critical compliance matters that he doesn’t understand.”

As we said in our previous post on undermining, this seems to be a challenge of “manager management” — setting expectations with your manager so he or she leaves you to do your job unimpeded. It seems especially necessary with managers new to a company, who assume they know everything and you know nothing. 

In this specific case, maybe the compliance officer could seek help from the general counsel, asking him or her to, ahem, reaffirm the compliance officer’s expertise and authority on critical compliance matters. Alternatively, you might be able to get internal audit to document that the compliance function is better served as a stand-alone function.

Ironically, this solution contradicts a post I wrote just a few days ago, arguing that the compliance function is more about risk management than it is about legal — and here we have a CRO making a mess of that arrangement, and perhaps the general counsel could be the savior the compliance officer needs. 

It’s just a reminder that every company is unique, and as much as we might want broad principles that apply to all corporations, every business needs to find its own solution.

Leave a Comment

You must be logged in to post a comment.