Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Is this compliance idea as bad as it sounds?

In a securities filing by one of Canada’s uranium miners, the company said the CEO is responsible for “administering and interpreting” the anti-bribery policy, under the oversight of the audit committee.

Should the CEO sit on top of compliance? Can he or she ever make decisions about compliance that aren’t business driven?

We won’t identify the company in question. But it’s not big — fewer than 100 employees — and it currently doesn’t do business outside Canada.

So maybe the CEO is a hero, doing double duty as CCO just to make sure someone’s paying attention to the law.

In this case, the CEO doesn’t have a law degree. Their background is finance. But they’ve stepped up to take responsibility.

The company trades on the Toronto exchange and on a U.S. exchange. It has a five-page anti-bribery policy, a code of ethics policy, and a whistleblower policy.

But there’s no sign of a compliance officer.

Here’s the question.

Should a public company put the responsibility for “administering and interpreting” an anti-bribery policy in the hands of the CEO, even one who works “under the oversight” of the audit committee?

In this case, the CEO’s role is even less clear than it sounds.

The anti-bribery policy that’s the bailiwick of the CEO is a subpart of the code of ethics. If directors, officers, or employees have something to report under the code of ethics, they’re directed to report it to the corporate secretary or to the chair of the audit committee.

The corporate secretary is a lawyer, and also currently serves as the company’s in-house corporate counsel.

We’re not sure where that leaves the CEO (or the company lawyer) if the complaint is about the anti-bribery policy.

On the face of it, we think the company is trying to do the right thing. It has extensive policies in place. The policies look clear and comprehensive.

But should a CEO ever have the role of “administering and interpreting” an anti-bribery policy?

There are so many ways the CEO’s interests could interfere with his or her judgment about compliance. If a problem were to happen, how would anyone defend this?

And is it ever legitimate for a company with public shareholders to say it isn’t big enough to have a designated compliance officer?


Richard L. Cassin is the publisher and editor of the FCPA Blog.

Share this post



  1. I believe that according to IIROC Rule 38, it is permitted that the CEO/UDP to be CCO in the same time. At least that was the case last year when I took my CCO certification from CSI (Canada Securities Institute). Also, there is no requirement in Canada that the CCO must be a lawyer. Having a legal department to support the compliance function is sufficient.

  2. This CEO misunderstands an important point. The CEO needs to act ethically and strongly support compliance. But he should not be the one who manages the program – any more than he would manage HR, finance, legal, sales, etc. Of course the CEO is responsible for what happens in the company. But that is very different from directly managing everything. The Compliance Officer needs some degree of independence – impossible if the CEO is the compliance officer. As for Canadian law, even if it is legal it still is not smart. Joe

  3. "As for Canadian law, even if it's legal it is still not smart". Thank you for that Joe. Sadly, not nearly enough Canadian executives, accountants, lawyers and politicians will read that, or think about it.

  4. From my point of view it's ok if the CEO is responsible for "administering and interpreting" the anti-bribery policy or policies in general. It demonstrates commitment and it's time that business starts to own Compliance. However with responsibilities comes liability because sound interpretation is not just a business decision. And from this perspective I don't know if the oversight of the audit committee is conductive to limit the CEO's liability. A proper interpretation of policies and correct identification and/or evaluation of compliance related situation require a sound understanding of the legal background of those policies. I'm not sure that an audit committee is capable of providing such legal expertise.

Comments are closed for this article!