Directors fear liability but fewer CCOs fret, study finds

Fewer chief compliance officers (CCOs) are living in fear of finding themselves on the wrong end of a lawsuit or regulatory probe, but the vast majority of directors are still afraid, according to new research. 

In a survey by DLA Piper, 67 percent of CCO respondents say they are at least somewhat concerned about their personal liability and that of their CEOs, though this is down from 81 percent in 2016. Compliance chiefs have in recent years become worried they could find themselves targeted by regulators even if they have not taken part in fraudulent activity.

These concerns have arisen in part due to a handful of high-profile cases involving CCOs – and professionals’ interpretations of the settlements – and amid a general beefing up of enforcement activity since the financial crisis. DLA Piper partner Brett Ingerman tells Corporate Secretary that this time last year many compliance professionals were anticipating a wave of cases targeting CCOs involving ‘compliance programs not being up to snuff, as opposed to a CCO being involved in wrongdoing.’

The lower number of professionals fretting over personal liability is in part a result of such cases – blaming CCOs for compliance program weaknesses – having failed to materialize, Ingerman says. Prosecutors and SEC officials also spent time last year trying to reassure CCOs they would not be targeted in this way, and they appear to have been at least partially successful, he adds. In addition, he points to the change in US administration, which has brought with it broad expectations of a more business-friendly approach from regulators.

Meanwhile, 82 percent of director respondents say they are at least somewhat concerned about corporate or individual liability resulting from a compliance failure, despite rarely being the subject of regulatory enforcements. Directors are used to being sued in other contexts, such as in class actions, Ingerman explains. They also may not have a full understanding of the compliance risks facing the company, and this uncertainty drives fear, he adds.

The lack of understanding may be connected to the finding that 44 percent of director respondents say they have received no training at all on compliance issues. Only 26 percent receive training quarterly or more often. ‘This is troubling given the critical need to provide director training,’ the authors of the report write. ‘Directors should be trained on codes of conduct at the very least. Companies must train all of their employees on codes of conduct, and failure to train directors creates exposure to significant liability.’

Compliance training is usually given to directors as part of the onboarding process, but it is increasingly also part of their annual training programs, Ingerman says. As a result, he expects the percentage of board members who have received such training to increase rapidly over the next five years.

Eighty-four percent of CCOs say they have sufficient resources, clout and board access to support their ability to effectively perform their jobs – up from 77 percent in 2016. ‘Respondents are increasingly able to effect change, procure adequate resources, access senior leadership and run strong compliance programs, even in the absence of heightened regulatory risk or enforcement… [T]he compliance function is gaining independence and stature within organizations,’ the authors write.

An indication of this trend is that the number of CCOs who report to the CEO increased from 25 percent in 2016 to 39 percent this year, while the number who report to general counsel or chief legal officers decreased from 44 percent in 2016 to 34 percent this year.

Even as compliance departments gain independence and prominence, however, less than 25 percent of CCO respondents report having stand-alone budgets, while one third say they are part of their legal department’s budget. This is in line with the previous year’s survey.