For a brief period, around mid-2015 to mid-2017, liability for chief compliance officers was all the rage.

It started with the former compliance officer for MoneyGram facing $1 million in fines for compliance failures there, although the final penalty was whittled down to $250,000. The Securities and Exchange Commission kept the debate alive as it sporadically fined the CCOs of investment advisory firms; two commissioners even issued dueling statements from time to time about whether CCO liability was a legitimate fear.

Across the Atlantic, in 2015 British authorities charged the former chief compliance officer of Alstom, the French industrial giant, as part of a global bribery scheme. And most recently, U.S. prosecutors charged Volkswagen’s head of U.S. environmental compliance, Oliver Schmidt, for his role in VW’s massive emissions testing scandal. In December Schmidt was sentenced to seven years in prison.

Despite occasional fear-mongering, however, a different narrative has — thankfully — taken root. Compliance officers are not at risk for monetary penalties and incarceration simply because their good-faith efforts can’t keep pace with the compliance and conduct risks their companies face.

Boards give CCOs inadequate budgets; employees disregard training and policy manuals; business partners lie; audits fail to uncover misdeeds. Nobody likes those things, but they happen.

The question for compliance officers is how to respond when those circumstances do happen. If anything, the high-profile cases seen more demonstrate how compliance officers should not respond to difficult circumstances.

At VW, Schmidt helped senior executives deceive regulators and the public from the start. As soon as he learned that regulators were onto the company’s emissions-cheating scheme, he emailed a colleague: “It should first be decided whether we are honest. If we are not honest, everything stays as it is.” The complaint against MoneyGram’s ex-CCO, Thomas Haider, was a 57-page record of willful negligence.

Ethics Under Pressure

Compliance officers must strive to maintain their commitment to ethical values even under difficult circumstances. It’s a noble ideal, easy to visualize in the abstract. We all run into the burning building to save a child, stand up to the jackass harassing a young intern, or blow the whistle on a financial fraud.

In the real world, however, where facts and consequences intrude into those lofty ideals, holding true to core values is much more difficult. We would be kidding ourselves to believe otherwise.

Still, compliance officers are gatekeepers. They are expected to uphold a higher standard. They are expected to be the first voices in the organization to raise alarms about misconduct, not the ones who wait for somebody else (the board, the CEO, the Justice Department) to come along and solve the problem.

Ethics Under Processes, Too

On a practical level, that also means compliance officers should strive to build business processes based on clear ethical values. The clearer those values are, the more people understand how the process should work, and the more quickly they will understand when the process does not work.

That’s why businesses spend so much time and effort on anti-bribery policies and procedures, for example. Bribery contravenes the ethical values of honesty and fair play. If a company emphasizes the importance of those values — clearly, simply, repeatedly — employees and third parties will see that anti-bribery stance and know that opposition to bribery should be their first position in a business transaction.

That understanding can save a company considerable headache in the future, because eventually employees will encounter some scenario the anti-bribery policy didn’t anticipate. And they’ll be much more likely to make the right decision because they will be thinking about upholding values, rather than following procedure.

Make no mistake, procedure is important. But values are always even more important. That is the fixed point around which compliance officers’ duties and responsibilities must orbit.

Or to put it more simply, compliance officer liability isn’t a serious threat to compliance officers who take their job seriously. So, let’s all be thankful this community is a bunch of serious-minded sticklers!



About Matt Kelly

Matt Kelly is an independent compliance industry analyst and consultant, who studies corporate compliance, governance, and risk management issues. He maintains a blog,, where he shares his thoughts on business issues; and speaks on compliance, governance, and risk topics frequently.

Kelly was named as ‘Rising Star of Corporate Governance’ by Millstein Center for Corporate Governance in inaugural class of 2008; and named to Ethisphere’s ‘Most Influential in Business Ethics’ list in 2011 (no. 91) and 2013 (no. 77).

Kelly previously was editor of Compliance Week, a newsletter on corporate compliance, from 2006 through 2015. He lives in Boston, Massachusetts, and can be reached at or on Twitter at @compliancememe.