In-house counsel are under more pressure than ever as organizations face increasing compliance, regulatory, and litigation challenges. As a consequence, the roles and responsibilities of the general counsel (GC) and corporate compliance officer (CCO) continue to expand. At the same time, however, the pressure to increase profits and decrease costs continues to mount. As a result of these competing interests, organizations have begun to consolidate the roles of GC and CCO. That decision, however, should not be made without consideration to the myriad of compliance, litigation, and other risks posed by such a decision.
Defining the “traditional roles” of the GC and CCO
Generally speaking, the GC is the organization’s lawyer who is responsible for the organization’s legal affairs, including identifying and evaluating business risks associated with legal risks. The CCO, on the other hand, is a relatively new position in the historical hierarchy of company management. The rise in the CCO position is primarily a result of highly publicized instances of corporate corruption and abuse, such as the Enron scandal in 2001. At the most basic level, the CCO is charged with reducing corporate risk by focusing on ethics and legal compliance. More specifically, the CCO shoulders the responsibility for not only preventing corporate misconduct, but also for uncovering and investigating it. Unlike with the GC, then, the CCO’s job is to help ensure compliance, rather than just advise about it. As discussed below, failure to appreciate these distinctions can result in government intervention and costly litigation.
The appeal of consolidation
Organizations increasingly face pressure to cut costs and maximize profits. For some organizations, consolidating the GC and CCO is a way to achieve that goal. Other organizations, whose budgets are less of a concern, see consolidation as a practical approach to fulfilling their compliance and legal needs, as the conventional wisdom is that compliance is largely a function of the legal department. Others argue that consolidation is preferable because compliance departments may not have the same expertise as the legal department, and the GC is ultimately responsible to the company for its legal and compliance needs.
The risks of consolidating
The benefits gained from consolidation often exist at the expense of other important corporate interests. GCs are responsible for a wide-array of day-to-day legal issues, from general corporate legal advice, employment matters, contract drafting and negotiation, and litigation management. Attention to any one of these responsibilities means less attention paid to compliance matters.
Large litigation matters, for instance, can be incredibly time consuming and disrupting to the normal duties of the GC. Even when outside counsel is involved, however, the GC or other in-house resources are still burdened with implementing a litigation-hold policy, gathering relevant facts, assisting with discovery, assisting with the development of a litigation strategy, engaging in settlement discussions, reviewing filings, and preparing for and attending trial.
The compliance risks stemming from a GC who pays insufficient attention to compliance matters is greatest for organizations in industries that are heavily regulated — such as the financial and health care industries — where specialization in compliance matters specific to the organization’s respective industry is key. Regulations in those industries are often complex and regularly changing.
The consolidated model may also jeopardize an organization’s privileged communications. That is, a GC may find herself conducting typical CCO duties — which are viewed as more business than legal functions — and, at the same time, providing legal advice to the organization. Because not all communications flowing from the GC are privileged, issues arise as to which communications are protected. Communications intended as business, rather than legal, advice are not protected by the privilege.
This, of course, becomes crucially important when the organization finds itself involved in litigation or, worse, in the crosshairs of a governmental investigation. When served with civil discovery requests or a government subpoena seeking documents, the organization must conduct a review of its documents to find those that are responsive and determine if any are protected by the attorney-client privilege. Those decisions are increasingly difficult to make if the GC regularly provides legal and business advice as part of the same communications. Additionally, there is precedent holding that communications between a GC, who also acts as a CCO, is not protected by the attorney-client privilege. U.S. courts, moreover, have routinely rejected the argument that a CCO’s communications are privileged.
As evidenced by recent U.S. federal prosecutions of financial and health care industry organizations, U.S. federal regulators and prosecutors disfavor consolidation. For instance, in December 2012, HSBC agreed to pay $1.92 billion for anti-money laundering compliance failures. The Statement of Facts in the Deferred Prosecution Agreement with federal authorities stated that a remedial action that mediated in favor of HSBC avoiding a criminal indictment was that it separated the CCO from the legal department and gave the CCO direct reporting lines to the board of directors. In 2013, JPMorgan Chase & Co. settled a host of regulatory and legal issues with federal regulators and, as part of that process, agreed to divide its compliance and legal departments. Also in 2013, Johnson & Johnson made a similar deal as part of its Corporate Integrity Agreement with federal prosecutors.
While the reasons for this preference are not entirely clear, experience dictates that federal investigators are skeptical of consolidated, because of a perception that organizations claim that communications and documents reflecting what the government believes to be “business” communications are “privileged.”
Regardless of the reasons driving that preference, there is no absolute right or wrong way to structure an organization’s legal and compliance departments. Organizations, however, are better served from a legal and compliance perspective if they have separate GC and CCO positions. If separation is not possible, organizations should (i) take steps to ensure that the person acting in the consolidated role pays ample attention to both roles; and (ii) appropriately safeguard its privileged communications and documents by separating them from normal business activities, marking them appropriately, expressly state that they are for the purpose of requesting and providing legal advice, and ensure that all personnel involved understand that the CCO is acting at the direction of the legal department.