Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Mike Scher: A board-backed code of ethics is a cornerstone of Compliance 2.0

In the prior post, I mentioned the role of boards of directors in adopting the company’s code of ethics. In this post, I’ll talk about the critical reasons for board-backed codes of ethics.

As we’ve said, under Compliance 2.0, compliance officers aren’t part of the legal department, and the chief compliance officer isn’t working for the general counsel.

A question, then, is how compliance officers, in their new role without legal department authority, can stop lawful but awful projects? Lawyers have the force of law behind then, and the potential of prosecutions against the company. What will back up the authority of the compliance officer?

Outside of the C-suite, compliance officers may have the authority of the CEO behind them. But in confrontations with any top executives, compliance officers must speak for the board. Moreover, they cannot be speaking for the board about what is a legal matter. That is the role of the general counsel.

Critical situations will arise when the law is gray area, or where the project is lawful but awful. Business decisions are made in the legally gray areas all the time. When the law allows it but public opinion may eventually condemn  it is one definition of lawful but awful. Yet that’s the place where most major corporate scandals begin.

So at those moments when there’s a vacuum of expertise or authority, it must be filled by the board’s code of ethics, as interpreted and implemented by the compliance officer.

Until now in most companies, a code of ethics has largely been a paper tiger. What’s been missing is a structure to make it real, and people with both authority and expertise to say what it means and how it should be enforced.

Today’s compliance profession under Compliance 2.0 has a chance to change that. Compliance officers are now executives and experts equipped to deal with situations that are legally gray or lawful but awful.

Making all this work requires a deep level of board engagement, and working through the chief compliance officer.

It starts when the board adopts the company’s code of ethics. From then, the chief compliance officer talks about it with the board on a regular basis, to interpret the code or amend it when necessary. And the compliance officers have the long hard task of determining how the code applies and explaining their decisions.

Sometimes the discussions at the board level or in the C-suite will be triggered by philosophical differences about the company’s role and responsibilities in the wider community. Or whether the code of ethics needs to respond to specific new products or changes in public perceptions about issues such as obesity, nicotine use, confederate symbols, civil rights, environmental changes, gun control, and so on.

In these discussions, the compliance officer is not an in-house lawyer opining whether something is legal or illegal. For that, the directors and senior management will continue to seek help from the general counsel and the legal department — the subject matter experts for questions of law.

But when a top executive proposes to do something that is either not illegal or highly unlikely to be prosecuted, on what basis can the chief compliance officer object? The CCO must say the board is opposed to lawful but awful action defined or described by the code of ethics. Authority to object flows from the board.

What if the C-suite executive says he or she interprets the code of ethics to allow it? The answer is that the compliance officer will take it up to the board in the executive’s name, for a decision whether the board wishes to confirm or change its interpretation of what is lawful but awful and prohibited under the board’s code of ethics.

Within this framework, there always will be plenty of room in the C-suite for general discussions about culture and ethics, but those discussions begin and end with the board’s deep engagement.

And to be sure, this framework will have its own set of complexities. The lawyers and the governance experts will have plenty to say for or against any course of action that might be judged lawful but awful. But as a step forward, linking the compliance officers’ authority, duties, and learning curve to the board’s engagement in the code of ethics is a benchmark ingredient of Compliance 2.0.


Michael Scher is a senior editor of the FCPA Blog. He has over three decades of experience as a senior compliance officer and attorney for international transactions. He can be contacted here.

Share this post


1 Comment

  1. Mike-
    this is an excellent post and great contribution to our conversation about Compliance 2.0. I put this in the "empowerment" basket. One other action the Board can take is to adopt a sufficiently clear mandate for the CCO and compliance function, whether in the form of a charter or another format. The Board can also adopt an escalation of those matters it wants to have escalated to its attention, as I discussed here:

Comments are closed for this article!