Mike Scher: Scapegoats are out, compliance badasses are in

It’s time for the compliance community to be hopeful. In the same month, the DOJ announced it was hiring a compliance expert to help make charging decisions, and an administrative law judge refused to allow the SEC to sanction a former Wells Fargo Advisors compliance officer because doing so would make her a scapegoat.

Let’s look first at the way Judge Cameron Elliot described the conditions Judy K. Wolf worked under as a compliance officer at Wells Fargo in 2010. It’s a dreary but familiar description of the old world of Compliance 1.0.

She was low-ranking, relatively low-paid, supervised no one, and worked in a cubicle. Of all the individuals at Wells Fargo who contributed to its compliance failures, the only one charged individually was notably low-ranking.  . . . . There is one additional consideration: the fact that Wolf worked in compliance.

Obviously, compliance professionals are subject to the securities laws like everyone else. But Wolf is correct to complain that in compliance, “the risk is much too high for the compensation.”

In my experience, firms tend to compensate compliance personnel relatively poorly, especially compared to other associated persons possessing the supervisory securities licenses compliance personnel typically have, likely because their work does not generate profits directly.

But because of their responsibilities, compliance personnel receive a great deal of attention in investigations, and every time a violation is detected there is, quite naturally, a tendency for investigators to inquire into the reasons that compliance did not detect the violation first, or prevent it from happening at all. . . .

Hurray for Judge Elliot. He showed real insight into how myths survive from the days when compliance officers worked in cubicles, had no status, and were prime targets for scapegoating while others evaded prosecution.

Today’s norm is Compliance 2.0. Compliance officers sit on the C-suite floor and report directly to the board. We can cheer that the principles of Compliance 2.0 have worked their way into the mindset of an SEC administrative judge. At least for him, the day is gone when the feds could blame it on the lowly compliance officer and let the higher ups walk away from phony compliance programs.

At the DOJ too, a landmark moment came with the decision to hire an expert to analyze whether companies have effective compliance programs.

That’s another powerful signal that it’s time for senior executives, boards, and their gatekeepers (law and accounting firms, and audit committee heads) to accept the reality of Compliance 2.0.

Just five years ago, a paper compliance program meant mere window dressing, a sham and a fraud. Today, under Compliance 2.0, a paper compliance program means no independent, autonomous, empowered, compliance staff overseen by the board, and the absence of expertise and authority to enforce the company’s code of conduct. That’s already a startling amount of change in the compliance landscape.

Judge Elliot not only talked about the change. He also sent a clear message to the SEC and those it regulates that Compliance 1.0 is gone and should be forgotten. Let’s all stop thinking of compliance officers as scapegoats and martyrs.

So here’s my conclusion: It’s time to have compliance programs that are intended to work, and to have compliance officers with the power, prestige, and authority to make it happen.

________

Michael Scher is a senior editor of the FCPA Blog. He has over three decades of experience as a senior compliance officer and attorney for international transactions. He can be contacted here.