How to Make It Work
from
November/December 2003
by Randy Myers
Boards that decide to create the position of chief compliance officer must take care to find the right person and provide the right support. Here are some other considerations:
-
Do you need an attorney for the job? The jury’s divided. Both Eli Lilly & Co. and ACE Ltd. chose financial professionals as their first chief compliance officers, so looking for candidates outside the legal field isn’t unheard-of. There’s a big financial-reporting element in Sarbanes-Oxley, which lends some credence to the idea of hiring a numbers person for the job. Lori Queisser, who has the post at Lilly, says her company sees compliance as a business issue, not strictly a legal one. She notes that the opposite viewpoint could create an environment in which companies would be satisfied to comply with the letter of the law but not, perhaps, with its spirit. Not surprisingly, attorney Samuel J. Winer, who heads the SEC enforcement defense practice at Foley & Lardner, has a different opinion. He argues that a lawyer would make the best chief compliance officer for most companies. “This function is really a police function,” he says, “and a legal background can be very valuable in filling out the interstices of the job.”
-
Don’t ask more of the compliance officer than is realistic. Saddling the CCO with too many responsibilities “could establish a documentary record of all the ways you failed to do something that somebody thought you should do to have an effective chief compliance officer,” says Winer. “So set the bar at a level you’re reasonably confident your compliance officer can clear.”
-
Have the CCO report to the board. “For a compliance officer to be effective, he or she must have a direct line to the board—to a governance committee, perhaps, or to an audit committee,” says attorney Evelyn Cruz Sroufe, a partner at Perkins Coie. “But there has to be that direct reporting responsibility where they don’t have to go through another corporate officer.” All the chief compliance officers in this article have that authority. Queisser, for example, reports to Lilly chairman, president, and CEO Sidney Taurel and also to the board’s public policy committee. At ACE, Robert Blee reports to CFO Philip Bancroft and the board’s audit committee.
-
Secure the backing—and involvement—of the business units. Unless the leaders of all the company’s businesses buy into what is required by Sarbanes-Oxley and other regulations, it won’t work, says Blee: “You can’t treat compliance like a checklist.”
A chief compliance officer doesn’t take the board off the hook in keeping a company legal, of course. “The notion that ‘I can cut back a little’ is, I think, a false assumption,” Winer says. Even nonlawyers should be able to appreciate that.
