CLOs and CCOs
A new era of collaboration
Dedicated and independent regulatory compliance functions are becoming increasingly common and well established in corporate America. In the last dozen or so years, many companies across industries have created and enhanced compliance functions, assigned responsibilities and accountabilities, and established effective compliance internal control frameworks. The chief compliance officer (CCO) role has been elevated and continues to evolve and intensify amid heavy regulation and demand for new and specialized skill-sets.
A new era of collaboration
Companies structure compliance in different ways. Traditionally, the function may have been housed within legal (more common), finance, internal audit, or even in limited instances, human resources. However, in recent years, the compliance function has evolved quickly to become an independent, standalone organization with a CCO at the helm, in many instances reporting directly to the chief executive officer (CEO) with a dotted reporting line to the audit committee, the chief legal officer (CLO), or even the chief financial officer (CFO). Wherever compliance resides structurally, maintaining its independence is a growing imperative and, for some industries, a regulatory mandate.
Predictable tensions can arise between CCOs and CLOs over authority and responsibilities in any compliance structure. At the same time, the roles of both officers are evolving in notably different directions, requiring skills and attributes beyond their traditional repertoires. In short, it’s no time for turf battles. Instead, the CCO and CLO can advance the company’s ability to fulfill statutory and regulatory requirements by communicating and collaborating around key aspects of compliance risk management.
This paper explores the evolution and divergence of the CCO and CLO roles, along with several factors that are shifting compliance from legal and other functions into an independent function in many companies. It highlights several potential tension triggers between the CCO and CLO and suggests areas in which communication and collaboration can have particular impact.
Potential tension triggers
On one level there are distinct advantages to both models of compliance; that is, maintaining compliance within the legal function on the one hand, and transforming compliance into an entity independent of legal on the other:
- Ethical stewardship
- Legal risk management
- Attorney-client privilege
Areas of collaboration and cooperation
With CCOs and CLOs both facing expanding roles and responsibilities, multilevel collaboration between the board, management, and operations is vital across the enterprise.
Important areas in which cooperation can strengthen compliance include:
- Objective program assessments
- Precise roles, authority, and accountability
- Risk ownership
- Dynamic risk assessment process
- Continuous control enhancements
- Risk-based third-party compliance
- Data quality systems and procedures
- Investigation playbooks
- Documented escalation criteria
- Compliance archives