In its Evaluation of Corporate Compliance Programs, released in 2017, the Justice Department raised several issues around chief compliance officer independence and authority. While the agency’s stated position is that it does not concern itself with whether the CCO reports to the general counsel or reports independently, it is concerned about whether the CCO has the voice to go to the chief executive officer or board of directors directly, without going through the GC first. Even if the answer were yes, the Justice Department would want to know if the CCO has ever exercised that right.

When making this evaluation, companies should consider the following questions:

First and foremost, is the CCO a part of the senior management or the C-suite? Is the CCO part of regular meetings of this group?

Who can terminate the CCO—the CEO, the audit committee of the board, or does CCO termination require approval of the entire board?

Most importantly, could a person under investigation or even scrutiny by the CCO fire the CCO? If the answer is yes, the CCO clearly does not have requisite independence.

Additional questions to consider are: (a) Who can overrule a decision by a CCO within an organization? and (b) Who is making the decisions around salary and compensation for the CCO? Is it the CEO, the GC, the audit committee of the board, or some other person or group? 

In the 2017 Evaluation and continuing with the new FCPA Corporate Enforcement Policy, the Justice Department has come as close as ever to articulating a policy that the CCO be independent of the GC’s office.

Hence, if your CCO still reports up through the general counsel, it’s in your best interests to have demonstrable evidence of both CCO independence and actual line-of-sight authority for the board.