Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

‘The majority of compliance officers wouldn’t take such risks’

A compliance professional working in China posed this question: What is the role of a compliance professional?

I answered the question in my post, The Job of a Compliance Officer is to Tell the Truth.

We exchanged emails about my post. And we discovered that while compliance professionals may live in different countries around the globe, when it comes to the challenges of the profession, we really do speak “the same language.”

The compliance professional in China has generously agreed to share his thoughtful reply to my post with FCPA Blog readers.

Please feel free to “listen in” to the conversation, and if you like, join in by email to me or to the FCPA Blog at any time.

The compliance professional in China said:

Thank you for writing me back and your interests for further discussions.

Actually I like your blog post very much which sets out the right tone. My friends from the compliance community also read it and referred the blog to me!

Only thing is the practical world is far more complicated.

My point is that we need to define the professional standards of a CO from the legal and ethics perspective.

Many COs I know personally are upright, straightforward and fearless in telling the truth. However people have varying experiences when they do so, depending how their companies and management treat the topic.

In a worse situation where the CO’s advice on critical compliance concerns is ignored, what would be the duty of the CO?

Some are brave to escalate to the top management or even to authorities. But in such situations there would be concerns 1) What if the CO’s good-faith judgment is wrong since anyone could make mistakes; 2) If a CO makes a wrong judgment, the CO would violate one of the code of conduct: following the right instructions from their supervisors; 3) If a CO makes correct judgment, that would normally take years to prove in case of court procedures.

In any of the above cases, the CO would have to endure unfavorable personal results out of his/her insistence for a long time. The majority of COs would not take such risks.

Therefore the compliance industry urgently needs a widely accepted professional code to define the duties and responsibilities of COs, making sure COs can do their job with an acceptable level of risks. Without this, talented people would hesitate to enter into this job. In the long run, it would harm the whole compliance industry, especially in the corporate world.

Right now I don’t see any major initiative to tackle this issue.

I hope this is helpful and I want to continue the discussions. I am based in China and if you come here, I hope to have chance to meet you. Regards.

*     *     *

In my next post I’ll try to answer some of the important questions raised above.

I certainly don’t have all the answers. My opinions and suggestions are just that: My opinions. They may be useful or not, but by sharing we can accomplish three things.

One, we will realize that we have problems in common because the world is changing and compliance has “gone global.”

Two, we are likely to discover better ways to solve the compliance problems that are similar even though the companies and locations are remarkably different.

Three, and most important, we can change the agenda of discussions currently going on to include issues about the compliance profession that are mainly ignored now. They really need much more attention.


Michael Scher is a contributing editor of the FCPA Blog. He has over three decades of experience as a senior compliance officer and attorney. His work for major companies in New York and the Middle East includes military procurements, international trade contracting, supervision of national sales forces and trainings for compliance with related laws, like the FCPA or AML. Miami-based, he assists companies in trainings and work shops and FCPA-related projects or investigations. In addition to English, he speaks French and Hebrew. Contact him here.

Share this post



  1. The compliance official's comments make a great deal of sense, and the quandary he posed mirrors the challenges those of us who are attorneys face in all aspects of our legal role, including the compliance aspects. The question of when an attorney or CO can and should elevate violations up the management chain or even possibly outside the organization is a thorny one requiring the balancing of various concerns. In this respect, it seems that a professional code for COs could borrow heavily from modern codes of professional conduct for attorneys, which provide a strong framework and substantial interpretive history for these situations.

  2. Thank you for this very interesting discussion. I absolutely agree that the compliance profession needs “a widely accepted professional code to define the duties and responsibilities of COs, making sure COs can do their job with an acceptable level of risks.” As Mr. Hanifin points out, the SCCE has created what I think is a very good Code of Professional Ethics for Compliance and Ethics Professionals. The job now is to ensure that it is as widely accepted in the compliance and business community as possible. I must point out that I am on the Board of Advisors of the SCCE and was also involved in drafting the Code, so my thoughts may be a bit biased.

    The SCCE adopted the Code in 2007, and it does tackle the issue of the reporting up obligations of the C&E professional. Specifically, the Code provides that if, in the course of their work, C&E professionals become aware of any decision by their employing organization which, if implemented, would constitute misconduct (a broader concept than illegality), the professional shall:

    • refuse to consent to the decision;
    • escalate the matter, including to the highest governing body, as appropriate;
    • if serious issues remain unresolved after exercising “a” and “b”, consider resignation; and
    • report the decision to public officials when required by law.

    The commentary to this rule provides that C&E professionals should escalate matters to the highest governing body as appropriate, including whenever:

    • directed to do so by that body, e.g., by a board resolution;
    • escalation to management has proved ineffective; or
    • the C&E professional believes escalation to management would be futile.

    This provision is not terribly different from the requirements of most legal ethics rules. It calls for escalation, as appropriate, which legal ethics rules also require. This provision also specifically mentions refusing to consent, which implies some affirmative dis-affirmation of the conduct at issue.

    While the C&E profession is still relatively "young," there has been great progress in our efforts to develop into a full-fledged profession. These conversations play an important role in getting us to the next level.

Comments are closed for this article!