European CEO
CEOs have substantial experience working with company counsel. But to work effectively with the latest C-Suite executive - the Chief Compliance Officer (CCO) - different skills are required.
At some point in their career CEOs have told their General Counsel that an important part of their job is to keep them out of legal trouble. Usually well intentioned, the statement reflects a common CEO expectation that the company's lawyer is at least in some ways also his or her counsel. Experienced General Counsels will remind the CEO that their client is actually "The company". But in practice this line is often blurred. After all, legal advice is most effective when the executive feels comfortable confiding in the legal advisor. In exchange for candidness, CEOs expect their General Counsel to also be mindful of their legal interests. And as the General Counsel's manager, a CEO can usually find ways to exert influence for this purpose if needed.
With the emergence of the latest addition to the C-Suite, the CCO, CEOs in Europe, the US and other jurisdictions are having to learn to work with a new type of legal professional, one for which expectations and traditional management models do not fit. While the CCO also deals with legal and regulatory matters, his or her role is markedly different from that of the General Counsel. Not recognising this could cause the CEO to undermine the CCO's effectiveness... and could come to damage the CEO's own interests.
Eight Tips for a Successful CEO-CCO Relationship
Here are eight tips for a successful CEO-CCO relationship.
1. Recognise that the CCO's job is to help ensure compliance, not just to advise about it.
Unlike the General Counsel, whose role is primarily to render advice, the CCO's role is increasingly being understood—by regulators and the marketplace alike—as having an assurance character. It is about helping achieve compliance, not just about counselling or reporting on it. For instance, following major money laundering failures that led to $1.9bn in fines, HSBC CEO Stuart Gulliver publicly announced in July 2012 that compliance officers at their bank are now specifically empowered to "enforce the [compliance] standards".
2. Understand the different dynamic that this creates.
Accepting the CCO's duty to help bring about compliance also means accepting that it is about compliance by all employees, including the CEO. This changes the dynamic of the relationship. While not an auditor or regulator, the CCO is not just another employee under the normal control and command of the CEO. The CCO has independent duties to the Board of Directors and is not simply a management resource. Even where the CCO reports to the CEO, the prudent CEO keeps these higher CCO duties in mind.
3. Don't play the CCO and General Counsel against each other.
Having a strong CCO is part of today's governance checks-and-balances. The CCO may have a different view than the General Counsel on a compliance risk or what is needed to address it. Instead of playing them against each other, the CEO can benefit from hearing both perspectives. If the CCO's view on an important matter still differs from that of the General Counsel or the CEO, it is wise for the CEO to get the opinion of the Board of Directors or its Audit Committee. The reasons for the ultimate decision should be well documented. Regulators are increasingly interested in learning when and why the CCO (or the Chief Risk Officer) is overruled by Management or the Board.
4. Ensure the CCO is of the right seniority and is given the right authority and resources.
The recent financial crisis revealed that many Chief Risk Officers did not have the standing or authority to be effective, and a similar observation can be made of CCOs. At some companies, the CCO is still insufficiently high on the hierarchy and lacks clearly defined authority and accountabilities. When the CEO takes the lead in ensuring the CCO is positioned to succeed, it sends a powerful signal to the Board of Directors. This includes having someone of sufficient experience and seniority, armed with enough resources, who is given a robust mandate and the authority to carry it out. A weak CCO reflects poorly on the CEO's governance sensitivity and may expose the company—and the CEO—to avoidable compliance risks.
5. Keep the CCO in the senior information loop.
A CCO who feels excluded from important information may wrongly suspect an effort to hide non-compliance. Furthermore, they will lack the means to make the right assessments on compliance risks. The insightful CEO will be transparent by inviting the CCO to important senior leadership meetings and events and putting the CCO on the recipient list for material company information. The CEO will also ensure that the compliance charter provides the CCO the authority to access the persons and records the CCO needs to carry out his or her duties.
6. Provide helicopter cover but don't interfere with the CCO's independence.
Even when well authorized on paper, a CCO may experience push-back from some managers and employees. For example, a powerful divisional manager may refuse to have his team carry out compliance training the CCO has ordered. In such cases, the CEO's help may be appropriate. However, the skilled CEO will provide this help in a way that reinforces, not undermines, the CCO's independent authority. The CEO should convey that the divisional manager must do the training because the CCO has determined it to be necessary, not because the CEO is demanding it.
7. Regularly nurture the CEO-CCO relationship.
There is a split opinion on whether the CCO should report to the CEO or directly to the Chairman of the Board or the Audit Committee. While some companies still have the CCO report to the General Counsel, this practice is increasingly giving way to arrangements that give the CCO more independent stature. Regardless of the reporting structure, it's important for the CEO to foster a productive relationship with the CCO. Though some CEOs may be tempted to delegate this relationship due to high demands on their time, doing so prevents the CEO from gaining a direct understanding of the CCO as a person and leader. It also prevents the development of mutual trust, which is essential for both sides to deal effectively with difficult issues of compliance strategy and performance. The thoughtful CEO will hold regular meetings with the CCO, not just on specific compliance issues but on the larger challenges both face.
8. If you don't have one, get one.
Having a senior compliance executive is no longer a luxury limited to publicly listed or highly regulated companies. Corporations of all kinds face increasing legal and ethical challenges for which a properly equipped CCO resource can be instrumental for effective compliance execution. A CCO is not a cure for the absence of Board or CEO commitment to responsible conduct. Still, it can help in operationalizing and sustaining such commitment, even during periods of Board and senior management turnover. In recruiting a CCO, the skilled CEO ensures that he alone does not drive the process, involving the Board of Directors in the interviewing and selection. A CCO can be weakened if employees or regulators see him or her as a handpick of the CEO. When the company's Board and stakeholders perceive the CEO as a progressive compliance champion, this ultimately benefits the CEO as well as the company.
Gabe Shawn Varges
Latest News
- European CEO
- Annual Intermediate/Advanced Course for compliance professionals with special focus on the NRA 2025 and Sanctions
- GACO Anti-Financial Crime Training sessions for 2025 - Board Masterclass
- GACO Contribution to ENFCO Whitepaper
- GACO Anti-Financial Crime Training sessions for 2025 - Beginners Course
- Webinar: Navigating the New Regulatory Landscape: A Practical Guide for Regulated Firms
- Enjoyable Day at the Gibraltar Finance Centre Careers Fair
- In person Seminar: Navigating Regulatory Compliance in Gibraltar
- Navigating EIF Director Responsibilities: Expected Best Practices
- Gibraltar delisted from European Commission's list of high risk jurisdictions
- ICA GACO Gibraltar Compliance Certification
- GACO Annual General Meeting 2025