Compliance or Legal? The Board’s Duty to Assure Clarity

The following post comes to us from Michael W. Peregrine, partner at McDermott Will & Emery LLP. This post is based on an article by Mr. Peregrine; the views expressed therein do not necessarily reflect the views of McDermott Will & Emery LLP or its clients.

A series of developments threaten to blur the important distinction between the corporation’s legal and compliance functions. These developments arise from federal regulatory action, media and public discourse, policy statements from compliance industry leaders, and new surveys reflecting the increasing prominence of the general counsel. If left unaddressed, they could lead to significant organizational risk, e.g., leadership disharmony, misallocation of executive resources, ineffective risk management, and the loss of the attorney-client privilege in certain circumstances. The governing board is obligated to address this risk by working with executive leadership to assure clarity between the roles of general counsel and chief compliance officer.

Key Developments

Government Positions. The first, and perhaps most pronounced, of these developments has been efforts of the federal government to encourage (and, in some cases, to require) that the positions of compliance officer and general counsel be separate organizational positions held by separate officers; that the compliance officer not report to the general counsel; and that the compliance officer have a direct reporting relationship to the governing board.

There also appears to be a clear trend—while certainly not universal—among many corporations to follow the government’s lead and adopt the “separate relationship” structure, for a variety of valid and appropriate reasons. Yet, the focus on compliance officer “independence” obscures the need for compliance programs to have leadership from, coordination of or other connection to, the general counsel.

Another concern arises from the (dubious) perspective that the compliance officer should not have a reporting relationship to the general counsel. One of the underlying premises here is that the general counsel somehow has at least a potential, if not actual, conflict of interest with respect to advice that the compliance officer may provide to management or the board. However, this perspective ignores critical professional responsibility obligations of the general counsel (e.g., Rules 1.6, 1.7 and 1.13).

The third, and potentially most significant of these potential concerns relates to the preservation of the attorney-client privilege when the chief compliance officer is not the general counsel. In a recent published article, a leading corporate lawyer argues persuasively that the forced separation of the compliance and legal functions jeopardizes the ability to preserve the privilege in connection with corporate compliance based investigations. [1]

Corporate Guardian. A second, and more subtle, development has been a series of public comments by compliance industry thought leaders suggesting that the role of “guardian of the corporate reputation” is exclusively reserved for the corporate compliance officer; that the compliance officer is the organizational “subject matter expert” for ethics and culture, as well as compliance. This “jurisdictional claim” appears to be premised on the questionable perspective that “lawyers tell you whether you can do something, and compliance tells you whether you should”. [2]

This perspective ignores the extent to which the general counsel is specifically empowered to provide such advice by virtue of the rules of professional responsibility; principally Rule 2.1 (“Advisor”). It is also contrary to long standing public discourse that frames the lawyer’s role as a primary guardian of the organizational reputation. For example, the estimable Ben Heineman, Jr. has described the role of the general counsel as the “lawyer-statesman”, the essence of which is the responsibility to “move beyond the first question—‘is it legal?’—to the ultimate question—‘is it right?’” [3]

Job Descriptions. The third significant development is efforts by compliance industry commentators to extend the portfolio of the CCO, to a point where it appears to conflict with the expanding role of the general counsel. As one prominent compliance authority states, “The CCO mandate is ambitious, broad, and complex; no less than to oversee the organization’s ability to ‘prevent and detect misconduct’”. [4]

This point of view is being used to justify greater compliance officer involvement in matters such as internal investigations, corporate governance, conflict of interest resolution, the development of codes of ethics, and similar areas of organizational administration.

The debate over roles and responsibilities is exacerbated by the extent to which the term “compliance” continuously appears in the public milieu in the form of “shorthand”. In this way, the term appears to reference some sort of broad organizational commitment to adherence with applicable law; i.e., more as a state of corporate consciousness than as an executive-level job description. To the extent that “compliance” is used loosely in the business and governance media, it serves to confuse corporate leadership about the real distinctions between accepted legal and compliance components.

Expansive definitions of the compliance function are also at odds with new surveys that depict the expanding organizational prominence of the general counsel. These new surveys lend empirical support to the view that the general counsel of a sophisticated enterprise (such as a health care system) has highly consequential responsibilities, and thus should occupy a position of hierarchical importance within the organization. [5]

The Board’s Role

As developments cause the roles and responsibilities of the compliance officer and the general counsel to become increasingly blurred, the board has an obligation to establish clarity and reduce the potential for organizational risk. The failure to clearly delineate the respective duties of these key corporate officers can create administrative waste and inefficiency; increase internal confusion and tension; jeopardize application of the attorney-client privilege, and “draw false distinctions between organizational and legal risk”. [6]

An effective board response would certainly include directing the compliance officer and general counsel, with the support of the CEO and outside advisors, to prepare for board consideration a set of mutually acceptable job descriptions for their respective positions. This would include a confirmation of the board reporting rights of both officers. It would also include the preparation of a detailed communication protocol that would address important GC/CCO coordination issues.

The perceptive board may also wish to explore, with the support of external advisors, the very sensitive core issues associated with compliance officer independence, and with the hierarchical position of the compliance officer; i.e., should that position be placed in the corporate hierarchy on an equal footing with the corporate legal function, or in some subordinate or other supporting role.

The board can and should be assertive in adopting measures that support the presence of a vibrant, effective compliance program that teams productively with the general counsel.


[1] R. William “Bill” Ide and Crystal J. Clark, “The Chief Legal Officer’s Critical Role in the Compliance Function”, Bloomberg BNA Corporate Law & Accountability Report, June 27, 2014 (henceforth, “Ide and Clark”).
(go back)

[2] Donna Boehme, “Making the CCO an Independent Voice in the C-Suite”; Corporate Counsel (Online), March 19, 2013
(go back)

[3] Ben W. Heineman, Jr., “The General Counsel as Lawyer-Statesman”, Harvard Law School Program on the Legal Profession: A Blue Paper.
(go back)

[4] Donna Boehme, “Making the CCO an Independent Voice in the C-Suite”; Corporate Counsel (Online), March 19. 2103.
(go back)

[5] See, e.g., KPMG, “Over the Horizon: General Counsel Report 2014”.
(go back)

[6] Varun Mehta, “GC vs. CCO: The Big Debate”, Corporate Counsel (online) March 26, 2014.
(go back)

Both comments and trackbacks are currently closed.


  1. Peter Swabey, Policy & Research Director, ICSA
    Posted Tuesday, August 12, 2014 at 9:24 am | Permalink

    A very interesting article.

    If you do not mind a UK perspective, readers may be interested that we have been grappling with similar issues for some time, but in a very different regulatory and legal environment. For us, much of the debate has been around the separation of the roles of the Company Secretary and the General Counsel or Head of Legal where the ‘Corporate Guardian’ argument mentioned above is widely seen as conclusive. Moreover, under UK and EU law, any in-house legal advice does not have the benefit of privilege.

    The Institute of Chartered Secretaries and Administrators recently published a report by Henley Business School on the role of the Company Secretary which addresses this issue amongst others. Your readers can download this from

  2. Michael Robinson
    Posted Thursday, August 14, 2014 at 11:52 am | Permalink

    Compliance officers often have the commercial business experience that is critical to the organization, whereas legal doesn’t. Both should work closely but I don’t think compliance is a good fit reporting to legal – more old school than contemporary thinking.

    For most organization with this type of structure, it was always about being cost effective at the expense of good corporate governance. The writer seems to relish status over substance. The underlying tone is that a compliance officer isn’t at the level of the general counsel. This old school mentality is rapidly vanishing.

  3. Jose Tabuena
    Posted Friday, August 22, 2014 at 6:55 pm | Permalink

    My experience (as a compliance officer, in house attorney, and outside counsel) is that an independent compliance function can work closely and in a mutually supportive manner with legal. And with close collaboration and strong processes, legal privileges are effectively asserted and preserved.
    The concern over jeopardizing legal privileges reminds me of the days when companies wanted to run everything through legal to the extreme that it paralyzed the conducting of risk assessments (don’t tell me – I don’t want to know!). I remember debates that legal should have direct control over internal audit to preserve privileges. This fear of losing legal privileges is overblown and seems to continue to rear its head again and again.