Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Sorry, CCO certifications are a rotten idea

Glencore’s FCPA resolution last month included a plea agreement requiring the parent company’s Chief Compliance Officer to certify its compliance program and reports to the DOJ. The CCO’s certification is subject to the false statements statute, punishable by up to five years in prison, and the federal obstruction law, which carries a potential prison sentence of up to 20 years.

Assistant Attorney General Kenneth Polite, head of the DOJ’s criminal division, announced the requirement for CCO certifications in March. He said the new policy is “not punitive in nature” but intended to ensure “Chief Compliance Officers receive all relevant compliance-related information and can voice any concerns they may have prior to certification.”

Maybe the DOJ doesn’t intend the new CCO certification requirement to be “punitive in nature,” but that doesn’t mean it’s a good idea.

CCOs can’t know everything that happens in their company. Take Glencore. It operates about 150 sites in 35 countries and has 135,000 employees and contractors on its payroll. In a business that big and complex, a CCO can know what should happen but won’t always know what does happen.

The certification form attached to Glencore’s plea agreement doesn’t leave room for the CCO to say, “To the best of my knowledge” or “It is my good faith belief and understanding.” Instead, the CCO (who didn’t sign the plea agreement; the general counsel and outside lawyers did that) has to certify that “based on a review of the Company’s reports submitted to the Department of Justice . . . the reports were true, accurate, and complete as of the date they were submitted.” It’s true or false and nothing in between.

Speaking of gray areas, compliance involves judgments and interpretations. Glencore’s CCO will have to certify the company’s compliance program is reasonably designed to detect and prevent violations of the Foreign Corrupt Practices Act and other applicable anti-corruption laws. A CCO running a compliance program in 35 countries is likely to see some things differently than the DOJ, which views it all from the outside. If the CCO and DOJ disagree about what “reasonably designed” means, then what?

There’s this: CCOs sometimes change jobs. In Glencore’s case, what happens if the incumbent leaves before three years, when the CCO certification is due? Can a new CCO learn enough to certify the program and company reports? What happens if the new CCO asks the DOJ for more time? Will the DOJ punish somebody — maybe the company or the former or current CCOs?

Let’s talk more about the false statements statute, 18 U.S. Code § 1001, and 18 U.S.C. § 1519, the obstruction law. With those swords dangling overhead, would any CCO feel comfortable editing reports from other compliance officers or outside counsel? Could the DOJ use edits to build an obstruction or false statements case?

Don’t laugh. Remember when the DOJ accused the former associate general counsel of GlaxoSmithKline, Lauren Stevens, of making false statements and concealing documents in submissions to the Food and Drug Administration, notwithstanding extensive evidence showing she acted on the advice of counsel and without any intent to violate the law?

A federal district judge acquitted her over objections from the DOJ and said, “[O]nly with a jaundiced eye and with an inference of guilt that’s inconsistent with the presumption of innocence could a reasonable jury ever convict this defendant.” Who knows what the DOJ had in mind with that prosecution?

What if a CCO gets cold feet and refuses to certify anything and says to the CEO or the board, “Hey, you don’t pay me enough to sign a document like that.”

Could the DOJ interpret the CCO’s remark as a demand for hush money and threatened extortion? Would that be grounds for the DOJ to allege obstruction?

I don’t know the answers to all these questions, and neither do CCOs. That’s the problem.

The DOJ wants personal accountability for CCOs to prevent recidivist FCPA violations. We all get that. But is injecting uncertainty about criminal liability into the lives of CCOs any way to treat already burdened corporate gatekeepers?

Whatever the DOJ’s motives, CCO certifications like Glencore’s are a rotten idea.

Share this post


Comments are closed for this article!