Chief Compliance Officers Are in the Crosshairs: Boards must make sure their CCOs are up to date on important policies and procedures related to corporate malfeasance, and that they take action.

• Author: Nwaeze, Oderah

In In re McDonald's Corporation Stockholder Derivative Litigation, the Delaware Court of Chancery confirmed that the fiduciary duty of oversight, also known as "Caremark duties," applies to non-director officers. While many have responded to that decision with surprise and some hand-wringing, the reality is that the decision is consistent with a legal and regulatory regime that has increasingly sought to hold corporate officers--particularly chief compliance officers (CCOs)--liable for corporate misconduct. And, as was suggested in the McDonald's opinion, the CCO's oversight responsibility extends over the entire company. As a result, when boards are considering how to structure their oversight of the corporation's risk management function, they should make sure that their CCO understands these obligations and is prepared to take them on.

The Increasing Visibility of the CCO

The McDonald's case is another example of how corporate officers, including CCOs, have become more visible targets for those seeking to assign blame for corporate compliance failures. Another example was the announcement last year by Assistant Attorney General Kenneth Polite that CCOs and CEOs must, among other things, certify "that the company's compliance program is reasonably designed and implemented to detect and prevent violations of the law ... and is functioning effectively." And where companies must provide annual reports on their compliance programs, the Department of Justice is considering requiring CEOs and CCOs to certify that the reports are "true, accurate and complete." While the stated intent was to empower CCOs to discharge their oversight responsibilities by giving them added motivation to review all compliance-related information and voice concerns, this obligation could create additional personal liability for those CCOs who have been misled or perhaps pressured by their company to sign such a certification.

FINRA also recently addressed the liability of CCOs of broker-dealers under its supervision. Rule 3110, FINRA's supervision rule, requires member firms to "establish and maintain a system, including written procedures, to supervise the activities of each associated person that is reasonably designed to achieve compliance with applicable securities laws and regulations, and with applicable FINRA rules." A CCO also maybe exposed to personal liability under the Investment Advisers Act of 1940 if they fail to enforce written policies and procedures...