The Role of the Chief Compliance Officer (CCO)
Ownership of Corporate Responsibility
by Commissioner Cynthia A. Glassman, U.S. Securities and Exchange
Commission, American Society of Corporate Secretaries, Washington,
D.C., September 27, 2002
"In terms of trying to personify the corporate conscience, there
is something not specifically required, but which I feel is
essential nonetheless.
While
the CEO cannot delegate his or her ultimate responsibility,
to fully carry out the mandate of Sarbanes-Oxley and the
Commission's rules,
a company should have an officer with ownership of corporate
compliance and ethics issues,
and of what Title III of Sarbanes-Oxley broadly refers to as
"Corporate Responsibility."
While every company must assess its particular needs based on the
size and nature of its business, there are
several characteristics
that I would want the corporate responsibility officer to have if
I were relying on this person:
He or she should have
sufficient seniority and authority
to take the actions necessary under the circumstances. To assess
whether your corporate responsibility officer meets this
requirement, ask yourself if the person would be able to address
the worst-case scenario.
The position
should have the full support of the CEO and senior management,
both in theory and in practice.
The corporate responsibility officer should have
access and provide regular reports to senior management.
In this regard, he or she can play an important role in helping a
company meet the information gathering and reporting requirements
contained in the Commission's new internal control and
certification rules.
Although
regular board reports
on compliance and controls seem advisable, even if they do not
occur regularly, the corporate responsibility officer should have
the ability to
report directly to the board
(for example, to the audit committee chairman) on matters of
significant import to the company or matters involving
misconduct by senior management.
In addition, the responsible officer should have
sufficient time and adequate resources
to implement the company's corporate responsibility program in an
effective manner. The best written code of ethics will be
worthless if the company starves the budget of the officer who has
to implement it.
|
