With federal agencies turning up the heat and as investigative and enforcement activities abound, 81% of compliance officers have increased apprehension when it comes to their personal liability in situations of corporate misconduct, especially when it comes to privacy and cybersecurity.
DLA Piper’s 2016 Compliance & Risk Report: CCOs Under Scrutiny has been released against the backdrop of the Justice Department’s appointment of Hui Chen as its first-ever compliance counsel, and the release of the Yates Memo, which outlined a plan to prosecute individual corporate employees and incentivize reforms.
“Between the DOJ’s memorandum and the SEC’s latest initiatives, there’s considerable rhetoric driving the government’s renewed focus on corporate misconduct and the prosecution of company executives,” said Brett Ingerman, co-chair of DLA Piper’s Global Governance and Compliance practice. “The most revelatory parts of this survey lie in the specific feedback from compliance officers who are facing increased personal accountability for organizational misdeeds whether they perpetrated the wrongdoing or not.”
The survey results demonstrate that the majority of CCOs are deeply concerned, especially those at private companies within the most heavily regulated industries, including financial services, healthcare and chemicals. Compounded with the fact that nearly a quarter of respondents don’t believe they have adequate resources to address emerging issues, many are likely to experience acute anxiety in this shifting compliance landscape.
An overwhelming majority of survey respondents predicted greater scrutiny with Chen in her new position, and nearly two-thirds said that federal oversight would affect their decisions to remain or accept positions as compliance officers. A full 77% of respondents believe Chen will intensify the pursuit of cases against CCOs, and nearly all (99%) said they expect her to intensify the scrutiny of compliance programs overall.
According to one CCO in the report: “If it’s a higher-risk company or one with a prosecutorial history, you’re going to weigh the risk of whether it could destroy your career and your personal life.”
Nearly a third (32%) rated increased personal liability as extremely concerning. Also, concern was higher (89%) among respondents from private companies. And, 65% of respondents said the public statements made by the SEC and DOJ have given them pause when considering current and future CCO roles which, in turn, could affect the pool of candidates.
“Given the high stakes involved, it’s imperative that compliance officers identify and address new risk areas and blind spots in order to promote ethical and compliant business cultures, but also to protect themselves against potential legal action,” Ingerman added.
Not surprisingly, cybersecurity, data privacy and regulatory risk (Dodd-Frank, ACA and FCPA) were the respondents’ great compliance concerns, and their spending tracked closely with those areas. Additionally, 77% said they have business continuity and disaster recovery programs and crisis response teams in place, and 66% indicated that monitoring was the weakest area of their compliance program.
When assessing resources, clout and board access to best perform their jobs, only a third of respondents said they had such support “to a great extent.” Furthermore, 28% don’t think they have sufficient budget, and 27% don’t know whether they do or not.
Photo © danielfela