As sure as the fix was in for LIBOR, 2013 could be counted on to provide plenty of “Ripped From the Headlines” fodder for compliance and ethics commentators everywhere. With 2014 ahead of us and no end in sight for culture-challenged C-suites and managers, we ask the board of directors our annual threshold question: Do your chief compliance officer and compliance program have the empowerment, independence, seat at the table, line of sight and resources to do the job? If not, there’s probably a spot for you on next year’s list. Here we go:
10. Momentum Continues for CCO Independence
Remember in 2010 when a well-known former general counsel summed up the dynamic, evolving role of the chief compliance officer in two words: “process integration”? Well, in 2013, not so much. Surveys by PWC/Compliance Week, Deloitte and the Association of Corporate Counsel all reflect the continued elevation of the CCO within the organization, gaining in independence and resources, with more CCOs reporting directly to the CEO and fewer to the GC.
These developments are consistent with the 2010 amendments to the Federal Sentencing Guidelines, which favor “direct reporting obligations” to the board or its independent committee, and the increasing complexity and challenges of the corporate compliance landscape. Just last week, Forbes named the CCO one of “Wall Street’s 10 Biggest Winners of 2013.” For the CCO as an independent voice in the C-suite, 2013 was a very good year.
9. A Little Help From Our Friends
In 2013, CCOs and compliance programs figured prominently in public speeches and actions by regulators and policymakers. As former federal prosecutor Michael Volkov has noted, U.S. officials have made many “important statements” in support of compliance programs and CCO empowerment, citing CCOs as “partners,” “kindred spirits” and a “strong line of defense” on which regulators rely. In one such speech Mary Jo White, the new chair of the Securities and Exchange Commission, asked a group of CCOs: ”Do you have the necessary independence, access, authority and support to do your jobs effectively?” U.S. Sentencing Commission Chair Patti Solis and the SEC’s Associate Director of Enforcement Stephen Cohen have offered similar support of CCO independence and the role of robust internal programs, including zeroing in on “lack of empowerment” as a warning sign in compliance programs and noting the fact that CCOs “are not hallway monitors.”
CCOs should be pleased that these issues are finally being actively scrutinized by regulators, both proactively on outreach visits and during investigations. This year also saw the first-time use of a little-known regulation (Rule 38a-1(c) of the Investment Company Act) to ban a Colorado portfolio manager from the securities industry for five years—formisleading and obstructing a CCO—another nod to the CCO’s critical role by government.
Dear Regulators: Thank you, and keep it coming!
8. Spying is the New Black
Remember Hewlett-Packard’s ill-conceived corporate espionage program? Now that seems so 2006, doesn’t it? In 2013, spying became the new black, with the National Security Agency leading the way. As everyone begins to rethink the very notion of “privacy” in emails and social media, companies will need to evaluate any emerging risks to add to the cybercrime bucket. For CCOs, add this to the ‘so many risks, so little time’ action item list.
7. Big Banks Restructure Compliance Under Pressure
Ever notice how in compliance, certain innovations and best practices in one industry often end up “bleeding over” into another? Clearly, the separation of the CCO from the legal and finance functions—together with other mechanisms to elevate and position the compliance program for success—is a well-established principle in the health care arena (through both settlement agreements and OIG guidance).
But in 2013 a number of big banks joined that party, driven by regulators, prosecutors and investors in reaction to a long list of ongoing investigations and legal troubles including LIBOR fixing, mortgage fraud, money laundering, “rogue traders,” shredded culture reports, export violations and more. Boards and C-suites in both regulated and non-regulated industries should take careful note of these developments, and in particular, some of the now-standard features in Big Pharma settlement agreements that may be creating acompliance roadmap for others to follow proactively.
6. Government Agencies Behaving Badly
Did we join the Government-Scandal-of-the-Month-Club in 2013? From the Internal Revenue Service to the General Services Administration to the Secret Service and Veterans Administration, the parade of horribles arrived like clockwork on our social media doorstep, just like a Harry and David fruit gift basket—a different scandal and government agency every month: hot tubs, angry clowns (that’s ironic), lavish Las Vegas conferences, parody rap videos, prostitutes, drugs, embezzlement, fake CIA agents and retaliatory audits—you really can’t make this stuff up. I’ll say it again: Quis custodiet ipsos custodies?
5. Snowden Debate: Hero Whistleblower or Dirty Rotten Traitor?
This year the case of former NSA contractor Edward Snowden burst into the public consciousness—a high-profile version of the same debate that has gone on in organizations since time immemorial: hero or traitor? Even putting aside the national security/NSA elements, the Snowden controversy is a vivid reminder to CCOs that the institutional ambivalence about whistleblowers can be strong and pervasive.
And let’s use this opportunity to check in on the SEC’s new Dodd-Frank whistleblower program. With another year and a big $14 million award in 2013 under its belt, it appears the sky still hasn’t fallen. (We’re lookin’ at you, U.S. Chamber of Commerce!).
Here’s our shocked face :-0 – and a previous article on the topic .
4. First Full-Time U.S. Law Firm Compliance Officer Appointed
Amidst the continuing debate about why law firms don’t need compliance programs (short argument: they’re “special”), a small firm in North Carolina quietly went out and hired itself a full-time, senior-level chief compliance officer. And the rest of them are, like, “Oh no they didn’t!” And they’re like, “Oh yes we did!”
And by the way, across the pond, this year U.K. law firms began to appoint their first CCOs under a new regulatory regime (Solicitor’s Regulation Authority). Interview of the Smith Debnam Managing Partner and CCO to come—watch this space.
3. China is Shocked (Shocked!) to Find Corruption Going On
From mooncakes studded with gold and silver to sharks’ fin soup, “Sons and Daughters” Excel spreadsheets and bad travel agency enablers, 2013 was the year that China was shocked (shocked!) to discover corruption going on. Of course, no one was more shocked than the foreign nationals (both company execs and contractors) who were arrested or detained in an increasing number of investigations.
That’s the problem with international bribery: bad habits that can flourish with impunity for years suddenly get targeted, whether due to regime change, political and peer pressure, or greater transparency via social media. GlaxoSmithKline even had a code name (“Vasily”) for its Botox-related bribery and kickback program, facilitated through travel agencies that doled out cash, luxury travel and even prostitutes to doctors.
As CCOs scramble to rethink their antibribery programs in China, here’s a CEO Memo to Self: When your illegal scheme has a code name, your corporate misconduct has officially become “embedded” in company culture.
2. JPMorgan Chase’s Terrible, Horrible, Very Bad, No-Good Year
This was a tough compliance year for big banks generally, but that’s an understatement extraordinaire when it comes to JPMorgan Chase & Co., where the hits just kept on coming. The ink wasn’t even dry on last month’s landmark $13 billion settlement for mortgage loan fraud when the U.S. Department of Justice announced a $1 billion settlement with the firm for its failure to raise an alarm in the Bernie Madoff case. In response, the bank has announced plans to spend an additional $4 billion and add 5,000 employees to bolster its compliance infrastructure—but that’s really just Remedial Compliance 101, isn’t it? See my column on that here.
1. The Year of the Rogue Employee That Wasn’t
Whether it was the JPMorgan London Whale or SAC traders pushing their “expert networks” over the insider trading line, in 2013 scores of companies caught in scandals predictably trotted out the old “Rogue Employee” defense. Yet in all but the rare exception, blaming problems on the “bad apple” employee is nothing more than a mantra for lazy C-suites and their PR departments in lieu of a meaningful scrutiny of organizational culture and compliance.
Those companies that continue to blame bad acts on the Rogue Employee had better be ready to defend that position. Maybe it’s a sign that CCOs have more work to do in the C-suite and with the board to discuss the difference. If you missed my definition on what constitutes a Rogue Employee, here’s a refresher, filed under #TheDogAteMyHomework.
2013 Bonus Moment: The Dog That Ate the Homework
Well we can’t really wrap up this year’s list without a compliance nod to the moment when a dog actually did eat the homework. That would be Reggie the Labrador in Englewood, Colo., who ate 13-year-old Payton Moody’s eighth-grade science project (a volcano). Fun fact for CCOs to know and tell. Perhaps he’s now known as “Reggie the Lava-dor” (sorry, #compliancehumor alert).
And there you have it: my wholly unscientific list of 2013’s 10 Big CCO Moments. What have I missed? Email me at dboehme@compliancestrategists.com and let me know.
Donna Boehme is an internationally recognized authority and practitioner in the field of organizational compliance and ethics, designing and managing compliance and ethics solutions worldwide. As principal of Compliance Strategists LLC, Boehme is the former group compliance and ethics officer for two leading multinationals and currently advises a wide spectrum of private, public, governmental, academic and nonprofit entities through her NJ-based consulting firm.