The Role of Chief Compliance Officers

The chief compliance officer has to report back to the directors on her compliance programs.
i Jupiterimages/Goodshoot/Getty Images

After the introduction of corporate compliance legislation such as the Sarbanes-Oxley (SOX) and Dodd-Frank Acts, the job of chief compliance officer (CCO) is a lot more taxing. The U.S. Bureau of Labor Statistics reports that compliance officers “Examine, evaluate, and investigate” a company’s compliance with laws covering licensing, contracts and permits. But according to the U.S. Office of Inspector General for the Department of Health and Human Services, an organization’s board of directors is ultimately responsible for all legal compliance. The CCO reports directly to the chief executive officer and both work to support the directors’ compliance responsibilities.

Design and Implementation

The CCO, according to a job description posted on the Society of Corporate Compliance and Ethics (SCCE), designs, writes and implements a set of policies which aims to get a company legally compliant. Once these policies are drawn up she will keep them updated as new laws and regulations emerge. Another practice she can pursue is developing training programs for staff whose jobs are affected by specific legislation; for example, HR staff or supervisors need to know the legal requirements of hiring and firing. Also, the CCO needs all general staff to be aware of legislation that affects them such as health and safety regulations.


Monitoring is also part of the CCO’s role. This is done across the entire organization and she will have to be kept informed about compliance progress across all departments. Many companies will periodically launch new marketing and advertising campaigns. Best practice for a CCO will be to draft and implement a sign-off procedure where each new marketing campaign will have its content signed off by her to ensure it’s legally compliant.


To make certain that her legal compliance systems are successful, the CCO needs to design an enforcement system. One way of being informed about non-adherence is a hot-line system where staff can make the CCO aware of compliance breaches. As part of the original compliance policies, the CCO will have devised a set of procedures on how she responds to and investigates non-adherence and then the action taken if non-compliance is identified.


The board of directors is ultimately responsible for the corporation’s integrity and legal compliance. The CCO needs to report back to the board on all aspects of compliance: policy development and implementation, monitoring and enforcement. One of the board’s roles will be to decide on strategy for the company. Corporate strategies are always high risk and the CCO as the corporate compliance expert will have to assess and report to the board on any compliance risks with new strategies.

the nest