Do compliance officers have an inherent conflict of interest?
In Agency, Authority, and Compliance, Sean J. Griffith of the Fordham University School of Law argues:
Compliance can and often does serve as a conduit through which regulators and enforcement authorities enlarge their authority beyond statutory bounds. The potential to do so is a function of the symbiotic relationship between compliance officers and regulatory authorities. Compliance officers owe their professional existence and their organizational authority to the interventions of regulators and enforcement agents. This creates a unique incentive structure and renders compliance officers especially receptive to regulators’ extra-legal pronouncements. As a result, the separation of compliance from legal and the elevation of the compliance function as the co-equal of the legal department, a structure often insisted upon by regulators and enforcement authorities, effectively enlarges the compliance conduit through which the government may abuse the rule of law. Rather than separating compliance from legal, compliance should be subordinated to legal so that an officer accountable exclusively to the best interests of the firm is charged with interpreting the law and advising the firm on what the law requires. Only after this determination has been made should compliance officers be charged with the task of executing on these decisions. A necessary condition to realigning organizational responsibilities in this way, however, is for the government to stop insisting on the alternative. More broadly, the government should not involve itself in the organizational details of compliance, but rather should limit itself to making and enforcing the law.
This is an interesting and unusual perspective and one that I am not unsympathetic to. Indeed, in a piece last year in Compliance Week I argued that in many companies having the chief compliance officer report administratively to the general counsel would in fact be appropriate (assuming – among other things – that the CCO reported informationally to the board of directors).
But I’m not persuaded that a conflict-like condition exists because CCOs “owe their professional existence and their organizational authority to the interventions of regulators and enforcement agents,” at least, not as a general matter. One might find exceptions where a company is under a monitorship or is in a very highly regulated business. But for most organizations, I believe, this is no more the stuff of conflict than is the fact that a company’s sales people effectively owe their respective jobs to its customers (which presumably would not diminish the sales people’s fidelity to their employer’s best interest).
I also don’t agree with the notion that whether to take a contemplated compliance measure should be decided by the GC and how to do so that of the CCO. While conceptually neat, as a practical matter the two areas tend to overlap considerably, making the proposed separation of powers difficult to implement.
Finally, regarding the suggestion that, “the government should not involve itself in the organizational details of compliance, but rather should limit itself to making and enforcing the law,…” I generally believe that without the government’s involvement in the details of compliance over the past nearly 30 years, the overall state of compliance would be weaker than it is today.