Position created by Sarbanes-Oxley raises a number of questions
In the post-Sarbanes-Oxley world, an increased focus on transparency and responsibility should guide the actions of company officers and regulators alike, said speakers at the Compliance & Regulatory Affairs Conference of the National Association for Variable Annuities.
Under the mandate of the Sarbanes-Oxley law, investment companies must establish written policies and procedures reasonably designed to prevent violations of federal securities laws, panelists advised.
In addition, those policies and procedures are required to be reviewed annually, and companies also are required to name a compliance officer to monitor, update and report on them.
Newly empowered compliance officers should focus on ensuring transparency and clearly defining their roles within the company, a panel of experts suggested.
There are, however, several aspects of the chief compliance officer position that remain unresolved either by Sarbanes-Oxley or the subsequent regulations and guidance established by the Securities and Exchange Commission. These include the exact role of the CCO within a company, and whether the CCO, if he is a lawyer, has an attorney-client privilege with company executives.
Lee Augsburger, CCO for Prudential, said he believes the CCO should function as an overseer of the policies established by a company, rather than an enforcer of those policies.
“It’s about internal control,” he said. “I’m not taking accountability [to mean] day-to-day control of the processes, but [to mean] I have the accountability for monitoring those processes,” to ensure they operate as designed.
That position, he acknowledged, works well because he is with a larger company that committed to the idea he would remain fairly independent. Other organizations might not have that luxury, and thus a CCO also could be in a position of managing part of a company’s operations.
“In terms of ‘have we seen CCOs running operations?’ Yeah, we’ve seen that,” said John Walsh, Associate Director and Chief Counsel for the SEC’s Office of Compliance, Inspections and Examinations. However, he added, “if you’re a CCO and an operating manager, you’re going to have some questions to worry about.”
Essentially, he said, it becomes a question of authority vs. independence. A largely independent CCO may not be burdened with the problems of actually having to resolve compliance issues, but may also find himself not being able to accomplish change in company practices. An authoritative CCO may be able to stop incompliant corporate practices, but could face greater problems if problems are found by regulators.
“It’s really up to you,” Walsh said. “Whatever the decision made on the role of a CCO, make it thoughtful and make it transparent. If you wait until there’s a problem and you’re carrying the weight of ‘Am I a supervisor?’ and also this giant mess, that’s not a good situation to be in.”
There are other areas, the panel concluded, that seem to have similar jurisdiction to the CCO, such as corporate legal counsel, risk management or a company’s internal auditor. Walsh said each of those areas are “neighbors to compliance,” but do not cover its full scope and that a CCO should typically be working with all three.