Over the past several years, an emerging practice among corporations has been to appoint a chief compliance officer, designating that person with high-level authority for the company’s ethics and compliance program. A 2009 survey conducted by Corpedia and the Association of Corporate Counsel reflects that a majority of the individuals surveyed list a chief compliance/ethics officer or a general counsel (who often also serves as the chief compliance/ethics officer) as the person primarily responsible for their ethics and compliance program.1

The business case for the creation of a chief compliance officer position is persuasive, and is supported by the Federal Sentencing Guidelines. Although the Guidelines do not mention the role by name, they state that “[h]igh-level personnel of the organization shall ensure that the organization has an effective compliance and ethics program” and shall be “assigned overall responsibility for the compliance and ethics program.”2 While many organizations initially responded to this guideline by assigning oversight to a company attorney or auditor, it quickly became evident that such an assignment did not provide the visibility and apparent authority that was necessary to convey the seriousness with which the organization viewed ethics and compliance. In addition, questions arose as to whether these individuals qualified as “high-level personnel” within the organization. As a result, there has since been a push among organizations to create a chief compliance officer position, where the individual appointed maintains overall responsibility for the ethics and compliance program. This move has been increasingly prevalent among larger organizations. Indeed, proposed changes to the Guidelines would provide additional credit to companies who not only convey appropriate authority upon compliance personnel, but also give these persons a direct reporting line to the board of directors.

Over time, an approach some organizations have chosen to pursue is combining the chief compliance officer position with that of the general counsel. In fact, of the individuals surveyed who cite their organization as having a chief compliance officer position, a substantial percentage state that the chief compliance/ethics officer also serves as the organization’s general counsel.4 In light of current economic conditions, this number may continue to rise. However, although these roles have natural areas of overlap, combining them is an approach that should be very carefully considered before adopting.

Case Law

Tenet

The Tenet case was one of the first of its kind to portend the dangers posed by combining the roles of chief compliance officer and general counsel. Tenet Healthcare received a letter from the Senate Finance Committee in September 2003, notifying the company that the Committee was investigating Tenet’s federal healthcare practices.5 Approximately ten years prior, the Company had settled a then record-setting healthcare fraud investigation at the resolution of which Christi Sulzbach, who signed a Corporate Integrity Agreement on behalf of Tenet with the Office of Inspector General (OIG) of the U.S. Department of Health and Human Services, was promoted to the position of chief corporate officer, general counsel and chief compliance officer.6 After entering into the Agreement, Tenet allegedly continued gaming federal healthcare programs by overcharging Medicare patients for surgical outpatient pathology services and illegally submitting over 19,300 false claims for wrongfully upcoded Medicare bills.7 An investigation was opened by the Senate Finance Committee, and in the Committee’s document request letter, then Chairman Senator Chuck Grassley made the following statement regarding Ms. Sulzbach’s combined general counsel/chief compliance officer role:

Apparently, neither Tenet nor Ms. Sulzbach saw any conflict in her wearing two hats as Tenet’s general counsel and chief compliance officer. As general counsel, Ms. Sulzbach zealously defended Tenet against claims of ethical and legal non-compliance . . . while as chief compliance officer, she supposedly ensured compliance by Tenet’s officers, directors and employees. It doesn’t take a pig farmer from Iowa to smell the stench of conflict in that arrangement.

A short time after Tenet received this letter, Ms. Sulzbach stepped down from her position.9

WellCare

WellCare Health Plans followed in Tenet’s footsteps by appointing the same individual to serve as general counsel and chief compliance officer.10 However, investigations into the events that had taken place at WellCare were far more pronounced, as an aggressive raid of its corporate headquarters (involving an estimated 200 government agents) quickly surpassed what had been viewed as a forceful FBI raid of one of Tenet’s hospitals (involving reports of 40 or more agents).11

Upon resolution of the issue, WellCare admitted that it had made “accounting errors” in connection with its compliance with Medicaid requirements.12 In addition, the company found that its senior management set an improper tone at the top with respect to the company’s compliance with regulatory requirements.13 WellCare defended its actions, stating that it combined the general counsel and chief compliance officer roles in order to ensure that compliance is “always represented at the senior management level.”14 Nevertheless, approximately two months after the government investigation became public, the top three executives at WellCare were ousted, including the company’s general counsel/chief compliance officer.15 The company then appointed new leadership and segregated the position of general counsel and chief compliance officer16

Pfizer

In more recent news, Pfizer announced that the company’s general counsel would no longer oversee the drug company’s ethics and compliance program.17 Upon reaching an agreement with the DOJ, Pfizer entered into a Corporate Integrity Agreement with the OIG.18 The Corporate Integrity Agreement institutes certain new measures and requires Pfizer to continue maintenance of its ethics and compliance program for a period of five years.19 Included among these measures is a requirement that the company’s chief compliance officer report directly to the CEO.20 Chief Counsel for the OIG Lewis Morris stated that this mandate was intended to “eliminate conflicts of interest, and prevent Pfizer’s in-house lawyers from reviewing or editing reports required by the agreement.”21 According to Mr. Morris, “The lawyers tell you whether you can do something, and compliance tells you whether you should.”22 Mr. Morris is of the opinion that Pfizer’s “upper management should hear both arguments.”23

Analysis

For every case like one of the above, there are myriad situations where a company has combined the general counsel/chief compliance officer roles and has not been subject to such an investigation or inquiry. Indeed, some within the field of ethics and compliance view this dual role designation as a best practice.24 Nevertheless, what is notable about these cases is that, while the companies defended their programs and WellCare specifically defended the dual reporting position, each quickly separated the dual role once their ethics and compliance programs were brought into question. So two questions remain—Is this dual role advisable? Does it meet best practices? We opine that the answer to each of these questions is most often “no.” Although individuals with legal backgrounds can serve as effective chief compliance officers, the role that an individual assumes when serving as general counsel is often opposite that which he or she takes on as chief compliance officer. While both roles are commonly staffed by attorneys and aim, in part, to comply with the law and reduce legal exposure for the company, they often do so in different manners and with very different focuses.

Let’s take a moment to consider the role of the chief compliance officer. Individuals in this position look to reduce corporate risk by focusing on both ethics and legal compliance, rather than setting their sights solely on the law. As the individual with overall responsibility for a company’s ethics and compliance program, the chief compliance officer is tasked with not only preventing misconduct, but also uncovering any legal or ethical misconduct that has taken place. This individual is required to be a neutral fact finder, and must act in the interest of the company’s stakeholders. He or she must also serve as one of the key drivers of a culture of ethics and compliance, which transcends mere compliance with the law. To paraphrase Mr. Morris, the question for the chief compliance officer is not “can” but “should.”

The general counsel, on the other hand, has his or her eyes set on the law, serving as the legal defender of a company, and seeks to avoid or negate related legal risks. As companies increasingly look at the “ethics” aspect of ethics and compliance, the general counsel’s narrow focus on compliance must remain intact. For example, the general counsel may find it permissible to quickly settle a situation involving unethical behavior in order to quietly resolve an issue, while the chief compliance officer may prefer to address the issue publicly in order to eradicate related behavior and make an example of it to others. 25

Furthermore, the necessary skill set for a general counsel and a chief compliance officer are different. A chief compliance officer, on the one hand, should be capable of overseeing the ethics and compliance program, including the development and maintenance of related internal standards, the creation and rollout of training and communications efforts, the institution of monitoring and auditing efforts, the organization of the program to include the engagement of local ethics and compliance officers and functional expertise, as well as the solution to a wide range of problems and issues. The general counsel, on the other hand, should be a highly capable lawyer who is able to advise on complex legal decisions and to manage a legal staff. While it is helpful for the chief compliance officer to be a lawyer, he or she is expected to perform a number of functions that go beyond the practice of law. In all likelihood, the ideal general counsel is probably not the ideal chief compliance officer. The converse is likely true as well.

In light of this inherent contrast, why have companies chosen to combine the roles of general counsel and chief compliance officer? This move is likely due in large part to the guidance set forth in the FSG and the FAR regarding ethics and compliance programs, which states that the oversight of such programs should be by persons with sufficient authority at the organization.26 The general counsel position certainly fits the bill in this respect. Additionally, for smaller companies, a combined position allows for the fulfillment of this obligation without adding costly headcount. Finally, some organizations believe they will be best served by trying to protect their programs and related activities/investigations by way of the attorney-client privilege, which a general counsel may be able to help preserve in certain countries.

Convenience and privilege concerns aside, an analysis of the Tenet/WellCare/Pfizer situations show that it is not prudent to create this dual position in any but the smallest organizations, where headcount limitations make it impractical to separate the roles. For those organizations that maintain such a dual position, consider separating it, taking into account the following principles.

Transparency is the Best Policy. Although it is natural to want to protect information about your ethics and compliance program from third-party view, maintaining a combined general counsel/chief compliance officer position for this purpose is contrary to the goals of an effective ethics and compliance program.27 The mark of an effective program is open and honest allegiance to ethics and compliance. Such a program is considered an attribute for a company, much like a corporate social responsibility program. Effective programs are thoroughly documented, as are related investigations. Such documentation not only reflects the components of the program in the event of an investigation, but also demonstrates that the company is responding to issues that are reported or discovered by refashioning its internal controls. While there certainly may be circumstances where the attorney-client privilege is still asserted, this privilege can be obtained either by involving in-house or outside counsel. At all times, however, the approach of an effective ethics and compliance program should generally be one of transparency and disclosure.

Although Headcount Affects Budget, A Serious Compliance Violation Can Deplete It. Budgetary concerns are clearly at the forefront of every corporate executive’s mind, especially in light of the current economy. A cost that is frequently given extra scrutiny is an organization’s ethics and compliance program. Whether this is due to the fact that it is difficult to quantify the benefit provided by the program or because its costs are not related to business-generating opportunities, the fact of the matter is that ethics and compliance programs are often under-resourced.28 It is important to understand that, in the event of an infraction, the DOJ will not give consideration as to why budgetary dollars were not allocated to ethics and compliance if this failure results in inadequate staffing of a program. Therefore, although adding headcount, especially at a senior level in the organization, seems implausible given current economic conditions, appointing such a person in order to divide a combined general counsel/chief compliance officer role may be necessary In order to give the ethics and compliance program the attention it needs

The Chief Compliance Officer Should Ideally Not Be Housed in the Legal Department. Commonly, the chief compliance officer position is housed in the legal department.29 When this is the case, often the general counsel doubles as the chief compliance officer or, in the event the two roles do not reside with the same person, the chief compliance officer reports to the general counsel.30 It is certainly true that overall responsibility for an ethics and compliance program should rest at a sufficiently high level of the organization, providing actual as well as apparent authority with respect to this important aspect of the company’s operation. However, best practices dictate that the chief compliance officer have a direct reporting line to the board of directors or to the committee that has been delegated oversight of the program. This is so that, in the event of a conflict between the general counsel and the chief compliance officer, the chief compliance officer has the authority to address the board regarding the issue directly. Many companies have recognized this best practice and have responded by giving the chief compliance officer a direct reporting line to the general counsel, with a dotted reporting line to the board of directors. While this is an available compromise, in practice the chief compliance officer may feel uncomfortable going around the general counsel, to whom he or she reports in almost every other instance. Even worse, he or she may simply refuse to do so

A better approach is to have the chief compliance officer position be placed at a parallel level to the general counsel. Such an organizational structure not only satisfies the Guidelines, but also allows unfettered access to the board or its subcommittee in the event it is needed. In addition, housing compliance outside of legal provides companies with the opportunity to further the dialogue around whether they “should” do something as opposed to whether they “can,” and fulfills Mr. Morris’s recommendation that executive management be exposed to both arguments.

Adequate Attention Must Be Devoted to Oversight of the Ethics and Compliance Program. In most if not all organizations, the general counsel is sufficiently burdened without having to also run an ethics and compliance program. Oftentimes, the general counsel is intimately involved not only in running the company’s legal department, but also with the company’s day-to-day operations. This involvement may be particularly problematic from an attention perspective. While an understanding of the company’s operations could certainly prove helpful when overseeing the organization’s ethics and compliance program, it may also prove to be worrisome from both an impartiality and a time allocation perspective.

In organizations where the dual general counsel/chief compliance officer position exists, the general counsel often exercises little oversight of the ethics and compliance program, relying mainly on others in the organization to run the program on his behalf. The general counsel trusts these designees to come to him or her to provide high-level updates or to obtain advice when there are questions or concerns. As a result, the cause for placing overall responsibility with the general counsel (placing this authority at the top of the organizational chain to provide actual and apparent authority for the program) is negated in practice. This will become quickly apparent to the organization’s employees. In addition, communications from the general counsel regarding ethics and compliance will likely sound like any other legal department communication, and may therefore be disregarded.

When separating the general counsel and chief compliance officer positions, make sure the chief compliance officer has the time and attention to exercise adequate supervision of the program, as well as to become involved in its operation. To wit, avoid the temptation to assign the chief compliance officer too many other hats to wear. This is essential for an effective program, not only to institute a healthy culture of ethics and compliance, but also to convey important aspects of compliance to the organization’s employee base.

Conclusion

The concerns addressed in the cases mentioned herein all center on the fact that the dual general counsel/chief compliance officer role does not afford the necessary independence for serving as the individual responsible for an organization’s ethics and compliance program. In particular, Senator Grassley noted the conflict between the general counsel defending an organization against claims of ethical and legal non-compliance, with the same person serving as chief compliance officer and working to ensure compliance by the organization’s board and employees. By splitting this dual role in keeping with the principles set forth above, questions relating to independence will likely be resolved. In addition, your program will be brought closer in line with best practices, which will well serve your organization in the long run.

1 Association of Corporate Counsel & Corpedia, 2010 Compliance Program and Risk Assessment Benchmarking Survey (forthcoming 2010).

2 U.S. Sentencing Guidelines Manual §8B2.1(b)(2)(B) (2007).

3 U.S. Sentencing Guidelines Manual §8B2.1(b)(2)(C) (Proposed Amendments to the Sentencing Guidelines January 21, 2010).

4 See supra note 1 (stating that 37 percent of those individuals surveyed report their organization maintains a combined position).

5 Letter from Senator Chuck Grassley to Trevor Fetter, Tenet Healthcare Corp. (Sept. 8, 2003), http://grassley.senate.gov/ releases/2003/p03r09-08.htm.

6 Id.

7 Id.

8 Id.

9 Vince Galloro, Sulzbach to Exit Tenet; General Counsel Cites Outside Pressure for Leaving, HighBeam, Sept. 29, 2003, http://www.highbeam.com/doc/1G1-108496479.html.

10 Melissa Davis, WellCare, Tenet Have More Than Probes in Common, TheStreet.com (Nov. 19, 2007), http://www.thestreet.com/story/10390693/1/wellcare-tenet-have-more-than-probes-in-common.html.

11 Id.

12 Kris Hundley, WellCare Revises Earnings Down $28 Million, St. Petersburg Times, July 22, 2008, available at http://www.tampabay.com/news/business/article727538.ece.

13 Id.

14 See supra note 11.

15 See supra note 13.

16 See supra note 13.

17 Amy Miller, $2.3bm Pfizer Settlement Strips Legal Team of Compliance Brief, legalweek.com (Sept. 11, 2009), http://www.legalweek.com/legal-week/news/1533237/usd2-3bn-pfizer-settlement-strips-legal-team-compliance-brief.

18 Pfizer Inc., Office of Inspector General of the Department of Health and Human Services Corporate Integrity Agreement (Aug. 31, 2009).

19 Id.

20 Id.

21 Id.

22 Id. (quotations omitted).

23 Id. (quotations omitted).

24 See Banks et al., General Counsel as CCEO? Not an Obvious Answer, 6 Compliance and Ethics Magazine, June 2009, at 6.

25 Id.

26 See supra note 3; see also Federal Acquisition Regulation (FAR), 48 C.F.R. pt. 52.203-13(c)(2)(ii)(A)(2010).

27 See supra note 25, at 11.

28 See supra note 1.

29 See supra note 1 (reflecting that a significant percentage of respondents report to or serve as the General Counsel).

30 See supra note 1.