Compliance Officer Should be Independent of Legal Counsel

Key Points:

• Many organizations see the Compliance Officer and Legal Counsel as a single role.
• DOJ, OIG, USSC: Compliance should be separate and independent of Legal Counsel.
• This decision becomes very significant when there are encounters with enforcement agencies.

One of the most commonly discussed issues in compliance is the differing roles and authorities of the Compliance Officer and Legal Counsel. In 2010, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) and American Health Lawyers Association (AHLA) published a joint study that found that one quarter of the surveyed health care organizations had their compliance function under the authority of their Legal Counsel. In addition, one out of five health care organizations had their Compliance Officer reporting to Legal Counsel. In a 2012 survey, the Society of Corporate Compliance and Ethics (SCCE) and Health Care Compliance Association (HCCA) similarly found that 15 percent reported both functions under Legal Counsel. More recent results from the 2020 SAI Global Healthcare Compliance Benchmark Survey (Survey), developed with and analyzed by Strategic Management, found that 15 percent of respondents reported that their Compliance Office function was part of Legal Counsel’s responsibilities. Further, elsewhere in the Survey, 15 percent of respondents’ results indicated having the Compliance Officer reporting to Legal Counsel.

Both the Department of Justice’s (DOJ) and OIG’s views on this matter have been for Legal Counsel not to exercise dual roles. They view Legal Counsel as an advocate for the organization and not as an independent gatherer of fact and evidence, who should voluntarily disclose violations of law and regulation to appropriate authorities. They have also encountered Legal Counsel exercising their attorney-client privilege to avoid full disclosure. Corporate Integrity Agreements (CIA) clearly reinforce the OIG’s position regarding Legal Counsel’s involvement with compliance and include standard language stating that, “The Compliance Officer shall be a member of senior management. . . and shall not be or be subordinate to the General Counsel or Chief Financial Officer.” The U.S. Sentencing Commission (USSC) has also weighed in on this by questioning whether Legal Counsel meets the definition of “high level” management, or if it is a staff advisory support function. In short, Legal Counsel assuming the “dual role” or having the Compliance Officer report to them puts the organization at risk of not receiving benefits afforded to them through a proper compliance program.

Information regarding conflicting roles, duties and responsibilities is a whole other topic for future blog pieces. See also: http://smslegacy.local/blog/legal-counsel-versus-compliance-officer/ and http://smslegacy.local/publications/the-dynamic-duo-ensuring-partnership-between-legal-and-compliance/.