The appropriate place for compliance in the organizational structure of large and more sophisticated companies has been a matter subject to substantial debate within company management, and it is fair to conclude that the stakeholders in this debate—senior management, external boards, the office of general counsel and senior compliance officials—do not necessarily see eye to eye. General counsel often chafe at the prospect of independent compliance management that operates outside their direct reports. Increasingly anxious boards oppose filtered compliance information, and senior management may balk at too many channels for reporting of critical information. Compliance professionals increasingly are more uniform in their view. They want direct reports to the CEO and the audit committee of the board. They need to know that their reports and information get to those with ultimate authority unvarnished. Compliance needs to stand on its own.
Having recently left the Fraud Section of the Department of Justice’s (DOJ) Criminal Division, where my responsibilities routinely involved interacting with internal and external counsel for multinational companies during the course of Foreign Corrupt Practices Act (FCPA), financial fraud and other investigations, I have undertaken an entirely unprofessional and statistically insignificant survey of senior compliance professionals who have been more recently appointed to their posts. All are currently employed by larger multi-national companies with international operations. They represent different industries including oil and gas, pharmaceuticals, manufacturing, financial services and technology. With some modest accommodations for the different organizational structures, all have direct reports to the senior executive and often the audit committee of the board as well. Several indicated that the reporting line was essential to their acceptance of the position.