How the Modern CCO Came to Be

CARON CARLSON

February 20, 2008

An anonymous call came over the manufacturer’s hotline: a claim that an employee was taking kickbacks. The caller told the chief compliance officer where to look for evidence, and the ensuing investigation identified three wrongdoers—plus an atmosphere of bad feelings and co-workers fearing for their safety. The wrongdoers were fired, the matter was referred for prosecution, and the specifics remain confidential while litigation plays out.

This is not the chief compliance officer’s job of yore.

Once upon a time, the CCO narrowly focused on enforcement of regulatory requirements, codes of conduct, and corporate policies and procedures. Today’s CCO faces a dizzying array of expanded duties, and the job varies considerably from company to company. Only one truth seems to be universal: Thanks to corporate scandals thrusting ethics and compliance into a very harsh spotlight, the job is broader in scope, more visible, and more stressful than ever before.

Mitchell

‘We no longer need just talented legal technicians,’ says Scott Mitchell, CEO of the Open Compliance and Ethics Group. ‘The role has evolved from more of a technical [discipline] to that of a decision science. I think the big shift is in how chief compliance officers interact with and relate to people.’

These days compliance tends to affect all aspects of a company, and the approach needs to be enterprise-wide, Mitchell says. The position requires not only knowledge of compliance matters, but also high-level skills in communication, management, diplomacy, and persuasion.

Or, as Dave Danjczek, chief compliance and ethics officer at manufacturer Crane Co., puts it: ‘You are priest, confessor, disciplinarian, and friend. All in one, sometimes.’

The biggest change in the job has been the integration of ethics into the compliance role, says Danjczek, who was previously the CCO at Titan. ‘You can’t have either “ethics” or “compliance” in your title; you need to have both,’ he says.

While the incorporation of ethics has created more responsibility for the compliance officer, it has generated more challenges as well. Ethics issues are often more abstract and conceptual than compliance ones, and they can require introspective thought and debate to reach the right decision, says Pam McGuire, who will soon retire from her role as head of business practices and compliance at PepsiCo, after 30 years on the job.

McGuire

‘An ethics officer doesn’t just ask, “Is it legal?” An ethics officer needs to figure out even if it’s legal, is it right?’ she says. ‘The work is sensitive because it involves people’s lives and their reputations, as well as the company’s reputation. You are directly affecting the lives of individuals, and from my experience, that’s what causes the sleepless nights.’ Also, to some extent the job is subjective and often characterized by subtle distinctions, compounding the challenge, she says.

‘As soon as you start using the word “ethics,” you run the risk of putting people on the defensive,’ McGuire says. ‘Almost everyone believes that they personally are ethical. People may resist the notion of an “ethics officer” giving advice since it suggests that employees are not able to make ethical decisions on their own.’

Playing the Bad Guy

The job’s inherent tensions stem not only from having to challenge individuals on their own turf, but also from having to take unpopular positions. After all, confronting established sources of power, protecting whistleblowers, and investigating controversial incidents can wear on a person after a while—particularly a person dedicated to positive change.

Because of the nature of the job, it is not surprising to see many chief compliance officers move on after several years, says Eric Pillmore, former head of corporate governance at Tyco. Pillmore himself left Tyco last July after five years on the job.

‘As a chief compliance officer, the stances you have to take are sometimes in opposition to the direction the company may otherwise be inclined to go. That requires lots of intestinal fortitude,’ says Pillmore, who now teaches and consults. ‘You can’t do that your entire life without getting a bit burned out.’

And when a compliance officer is hired to address already identified problems, the job can be particularly intense. During his tenure at Titan, Danjczek took approximately two days off, he recalls. ‘You work hard; you do get a little bit burnt out. You do need to be refreshed.’

What’s more, compliance professionals often find themselves in an environment that is, ahem, less than conducive to achieving the goals they have in mind. A common complaint is that the job does not come with adequate resources, support, or independence.

‘People who take these roles are deeply interested in ethical conduct, and they set high expectations for themselves and for their organizations,’ PepsiCo’s McGuire says. ‘It’s very important for the ethics-compliance officer and senior management to reach alignment at the outset on the contours and boundaries of the role and accountabilities.’

Particularly important is to reach consensus on the broad cultural issues and the ethics officer’s role in creating or supporting it, McGuire says. ‘Is the ethics-compliance officer viewed as a change agent, or primarily as a defensive position? Is it OK to make people a little bit uncomfortable, since often the ethics officer is put in that position, or does the company frown on “thoughtful dissent?”’

At PepsiCo, McGuire says she’s been fortunate to work under two CEOs who made ethics a priority and who did not hesitate to talk openly and frequently about the importance of doing things the right way.

‘Without the visible, continual support of the senior team, there’s a risk of complacency,’ she says. ‘PepsiCo is a strong performance-driven culture, but the message communicated from the very top of the organization has always been that performance must be achieved the right way—no exceptions, and no excuses.’

In some cases, when opposing views emerge about the compliance and ethics program’s positioning within a company, the differences can be irreconcilable. Danjczek initiated the compliance and ethics program at Titan, but then L3 Communications, which had an existing ethics program within the finance department, acquired Titan. The CFO of L3 at the time, Mike Strianese (now the CEO) also carried the role of chief ethics officer for L3.

‘Mike Strianese is a good guy and actually is a big supporter of corporation ethics programs,’ Danjczek stresses. ‘However, I happen to think the chief ethics officer should be an independent role. I left the ethics field for some time, but I missed it.’

The Dirty Little Secret

In the worst case, compliance officers have been known to feel driven out for trying to do their job; one former CCO of a Fortune 10 company, who asked to remain anonymous, calls it the industry’s ‘dirty little secret.’

‘Imagine what it’s like to have a member of the C-suite, red-faced and angry, call you in and order you to stop an investigation or to give up a confidential name of an employee who raised a concern,’ the former CCO says. ‘I was given a choice: compromise the job or lose my job.’

Boehme

Fear of retaliation can result when compliance officers don’t feel empowered to make difficult decisions, says Donna Boehme, formerly chief ethics and compliance officer at BP. She is now principal at her own consulting firm, Compliance Strategists Corp.

‘I think until we have added protections and empowerment for chief compliance officers, it’s a perilous job,’ Boehme says. ‘To be in this job takes a very special breed of person. Above all you have to have courage.’

But, Boehme adds, effective CCOs are not crusaders. They must remain connected to the business, helping to integrate compliance and ethics into the way the organization is managed. For that to work, a position of independence is critical.

According to a recent report by the Ethics Resource Center, the line of reporting may have the greatest influence on the CCO’s clout and credibility. The ideal is to report directly to the board of directors or to the CEO, with the board having exclusive authority to terminate. The entire ethics and compliance program should be managed by the CCO, who should supervise ethics throughout the organization and communicate frequently with the board and senior management.

Reporting to the chief executive doesn’t necessarily compromise independence, Boehme says, so long as the CCO still has direct access to the audit and executive committees and closed sessions with the board. (Such a system works well for internal auditors, too, she notes.)

‘It’s hard to imagine anyone saying to an internal auditor, “I’ve changed your report,” or, “You can’t have access to those documents or that employee,”’ she says. ‘Yet that happens all too often to compliance and ethics professionals in some companies.’

Compliance: A Natural Training Ground

A more positive outcome can arise when compliance officers transition into new roles in their organizations. Because compliance tends to touch all aspects of a business these days, it is sometimes seen as a natural training ground for an executive spot in the company’s operations. Numerous compliance officers have made the jump to executive positions, including Jack Giraudo, former chief compliance officer at AES Corp., who was recently named CEO of a solar business at the $11.6 billion power company.

Gnazzo

Pat Gnazzo, who joined CA in 2005 to create its compliance program (after a massive accounting fraud at the company, then known as Computer Associates), recently was appointed senior vice president and general manager for the company’s U.S. public sector business. He says the move was a logical progression, since his compliance role exposed him to all corners of the company.

‘My compliance job was that of a manager, and this is the job of a manager,’ Gnazzo says. ‘I saw myself as kind of the umbrella compliance person. If you’re doing your job correctly, you’re helping each of the staff organizations make sure they’re in compliance with their responsibilities.’

Companies undergoing a transition in the chief compliance spot should establish a solid definition of the job and what its responsibilities entail, Gnazzo says. Also, they should avoid the pitfall of tacking compliance duties onto a job in the legal department, or hiring a former prosecutor to be chief compliance officer.

‘Because there have been so many issues since Enron, companies think the compliance officer needs to be an enforcer,’Gnazzo says. ‘We‘re not cops. We shouldn’t be cops. CCOs should be individuals who help the company process everything in a compliant way, not running around and slapping people on the wrist.’

Priest, confessor, disciplinarian, friend. Investigator, confidante, diplomat, protector. Bad guy, good guy, guy in everyone’s business. While the chief compliance officer role remains in flux, just about everyone in the business agrees on one point: It will probably never again be a simple matter of overseeing adherence to the rules.

The Health Care Compliance Crisis

Everyone seems to be worried about health care these days, and compliance executives are no exception.

Health care rivals the financial services sector as one of the most heavily regulated businesses under the sun. No surprise, then, that the industry is seeing surging demand for chief compliance officers and unprecedented workforce turnover.

‘What I see is a lot of health care providers really starting to take [compliance] seriously,’ says Mike Glomb, a professor of health policy at George Washington University and a partner at the law firm Feldesman, Tucker, Leifer & Fidell. ‘It’s becoming more recognized that you need to have a really dedicated person.’

While compliance processes are broadly the same in health care as they are for other industries, health care has several substantial extra burdens—most notably, the HIPAA privacy law and Medicare. The Food and Drug Administration can also come knocking at any time, as can many state regulators.

‘The health care industry is probably the most highly regulated industry,’ Glomb says. ‘I think a health care compliance officer has a bigger plate. If you’re a for-profit provider, you’ve got a double whammy.’

The job’s stresses contribute to high turnover in the role, according to Roy Snell, CEO of the Society of Corporate Compliance and Ethics. He says that 29 percent of the Health Care Compliance Association’s 54,000 members are new to the group within the last year. ‘Turnover is high partly because of industry growth, but it’s also because people are leaving the position because it’s a hard job,’ Snell says.

Exacerbating the difficulties is the profession’s lack of standard practices, Snell argues. While some aspects of every compliance program must be customized to fit the organization, other aspects should be consistent across the field, he says. His organization advocates professional certification.

‘I get many calls from good people who can’t make it work in their organization because they’re not supported, but I get more calls from people who didn’t know what they were doing and were driving their organization crazy,’ Snell says. ‘This is a new field. It’s hard. We’ve got to help these folks and their companies roll this stuff out in a rational, reasonable manner.’