Risk & Compliance

Laying Down the Law

By naming compliance officers, companies are putting new focus on regulatory issues -- and giving CFOs a break.
Kate O'SullivanDecember 6, 2004

There’s a new seat at the management table these days, much to the relief of many CFOs. Largely in response to Sarbanes-Oxley, companies have begun to formalize the compliance role, creating a function dedicated to the watchdog tasks that have previously fallen to finance.

In fact, according to Maria Schafer, senior program director at Meta Group Inc., some 35 percent of Global 2,000 companies surveyed have someone other than the CFO heading up compliance today. And they’re not just mutual-fund companies, which are now required to staff the role thanks to their industry scandal, or other companies that have run afoul of the Securities and Exchange Commission — although Computer Associates was only the most recent company to name a compliance officer as part of its settlement with the SEC.

Companies as varied as Kmart and ITT Educational Services have installed compliance officers. Driving the trend, especially at larger companies, says Espen Eckbo, finance professor and founder of the Center for Corporate Governance at Dartmouth’s Tuck School of Business, is both the sheer volume of work and the board’s insistence that someone be accountable. “Audit-committee members have a lot to deal with to make sure they comply. They need a person to stay on top of [regulatory issues],” he says. Moreover, says Schafer, “Given the octopus-like nature of the [Sarbanes-Oxley] ruling, this is the only sure response.” Although the law does not mandate the creation of a new position, it does call for a designated head of compliance (who could be the CFO or a chief accounting officer, for example). And many businesses are taking a “better safe than sorry” approach by creating a dedicated role.

But with the position so new, there is no standard job description for a compliance officer. “I don’t know that any two are identical,” says David Farrell, CCO at Sun Microsystems, one of the few companies to staff the role prior to Enron and Sarbox. “It’s a new area, and a lot of companies are trying to sort out which functions belong in the compliance area and which don’t.” Companies are also trying to figure out the ideal CCO rèsumè as well as the appropriate reporting structure. The biggest question — which can’t be answered quite yet — is what difference the CCO will make.

Carved-Out Territory

At The Men’s Wearhouse Inc., a $1.4 billion clothing chain based in Houston, Sarbox prompted the creation of the CCO position, but the growth of the business also revealed the need for a designated compliance head. “The timing was good for us because of the overall increase in the complexity of our business,” says CFO Neill Davis, noting that the company now has three retail concepts and others in development, yielding many more employees, business units, and transactions to monitor.

To formalize the role, Davis worked with the audit committee and former chief accounting officer Gary Ckodre to design a position that turned out to be perfect for Ckodre. Now the former Deloitte & Touche audit partner and 11-year company veteran spearheads the overall Sarbox effort and oversees the newly formed internal audit group, which has primary responsibility for Section 404 compliance. The overlap with finance, however, is unquestionable. Ckodre and Davis insist they have almost a symbiotic relationship. “He knows what I do, and I know what he does,” says Davis. “Our offices are two doors down,” adds Ckodre.

At other companies, however, the CCO oversees everything but Sarbox. At Arrow Electronics Inc., an electronic-components and computer-products distributor based in Melville, New York, general counsel Peter Brown was the lead designer of the compliance officer role, which the company created last summer. Compliance chief Wayne Brody, who spent 20 years in the company’s legal department before moving into the top compliance job, is largely focused on education and coordination of the compliance efforts of the $8.7 billion company’s staff around the world. He also takes responsibility for risk assessment, antitrust and competition issues, and employee relations. Sarbox work, however, “rests with the CFO and his organization,” says Brody, who reports to Brown.

Command and Control

Where the compliance role fits into the company hierarchy is also a matter of debate. Not surprisingly, governance experts prefer to see the CCO report straight to the board, rather than to the CEO, CFO, or general counsel. “Most functions in the past have gone through the CEO,” says Eckbo, “but part of governance reform is to shift this to the board level. It’s part of the separation of the board and CEO.”

Reporting to a top executive, adds Eckbo, could also set up the compliance chief for conflict, especially if he discovers misbehavior on the part of the CEO or CFO. At The Men’s Wearhouse, Ckodre stepped into a compliance position that reports directly to the chairman of the audit committee. At Sun, however, Farrell reports to the general counsel, who in turn reports to finance chief Steve McGowan. But the compliance chief meets with the audit committee a couple of times a year — more frequently “if there’s a special issue.”

While the impact of the role over the long term remains to be seen, many companies believe the addition of a position whose sole responsibility is to monitor compliance can only be a good thing. Davis says that at The Men’s Wearhouse, the fact that Ckodre now continually promotes the compliance perspective has strengthened the “control orientation” of the executive team and the rest of the company. At Arrow, Brown says the addition of a CCO has helped the company by centralizing all compliance activities. “It clearly identifies one person people can go to with questions worldwide,” he says. And, he adds, the single point of contact ensures an appropriate, consistent response to any compliance problems that might arise anywhere in the company’s operations.

Finally, though the installation of a compliance officer doesn’t guarantee good behavior, at least it’s someone else to help do the work.

Reporting Lines
The chief compliance officer reports to:
CEO 45%
CFO 16%
CIO 13%
Chairperson/board of directors 10%
Legal department 6%
Don’t know 7%
Source: Meta Group Inc.

4 Powerful Communication Strategies for Your Next Board Meeting