Compliance Officer and Legal Counsel Relationships

February 9, 2017

I am often asked my opinion whether a general counsel can also serve in the role of compliance officer.  At first blush, it seems the general counsel would be a perfect fit for the role because of general knowledge of regulations applicable to the organization.  Clients are often surprised when I tell them it is not appropriate to assign the compliance role to the general counsel.  In fact, there is a lot of support for the proposition that assigning these responsibilities to legal counsel makes a compliance program less effective.  It also runs the risk of making the general counsel less effective in the legal counsel role.

The reason legal counsel should generally not fill the compliance role arises from differences in the role each professional plays within an organization.  Legal counsel is an advocate for the organization.  When compliance issues come up, legal counsel advocates the position of the client.  The compliance officer on the other hand, is responsible for proactively looking for compliance problems and designing appropriate ways to correct discovered problems.  The roles go hand in hand in many ways, but what happens when it is legal counsel who structured a deal in a manner that does not comply with applicable regulations?  In cases like this, legal counsel is in an inherent conflict of interest.

In all but the very smallest organizations that clearly cannot absorb the cost of two separate functions, there presents increased compliance risk to the organization for legal counsel to also be the prime individual responsible for compliance within the organization. Dividing the compliance and legal counsel functions is clearly the “best practice” when it comes to organizational compliance.  This conclusion is supported by comments from the Office of Inspector General (OIG), reading the Federal Sentencing Guidelines (FSG), the position taken by the government in Corporate Integrity Agreement fraud and abuse settlements, and general ethical standards that apply to the general counsel.

The case for dividing the functions of legal counsel and compliance officer and creating a separate compliance office with direct line of authority to the Board or a Committee of the Board is quite compelling. In fact, many organizations who previously ran the compliance role through the office of general counsel are now reviewing this practice and making changes to their organizational structure and compliance plans.

A study done by the American Health Lawyers Associations and the Office of Inspector General in 2004 concluded at that time, only 20% of health care organizations polled had their compliance function under the authority of their legal counsel’s office.  It is safe to say in view of more recent pronouncements by the OIG and by comments made in the Supplemental Compliance Guidance for Hospitals released in 2005, the percentage of “dual role” organizations is now less than that figure.

The first source to be examined when defining the role of the compliance officer within an organization is the FSG. The FSG do not specifically mention a compliance officer per se, but require the compliance and ethics program be assigned to “high-level” personnel. As organizations first began creating compliance programs in response to the FSG, oftentimes the responsibility was assigned to legal counsel.  This seemed to be a natural outgrowth of the function of the office of legal counsel. In that regard, it made organizational sense because the office of legal counsel had resources and personnel in place to implement the compliance program without creating an entirely new organizational division.

Over time, the assignment of compliance functions to legal counsel began to raise questions and concerns whether legal counsel was in fact “high level” personnel.  Additionally, questions were raised as to the degree that giving legal counsel the dual role of compliance officer and legal counsel sufficiently conveys the appearance of the importance the organization placed on compliance. As a result, some lawyers and compliance experts began to question whether creating a “dual role” compliance officer put the organization at risk of not receiving benefits afforded under the FSG if the organization was ever in a position to need these benefits.

The OIG made its position clear for legal counsel to not exercise a dual role. An examination of many recent Corporate Integrity Agreements entered between providers and the OIG clearly demonstrates the OIG’s position on this matter. Most CIAs outline the role and position of the compliance officer in the organization. The standard language used by the OIG is as follows:

“The Compliance Officer shall be a member of senior management of [Provider], shall make periodic (at least quarterly) reports regarding compliance matters directly to the Board of Directors of [Provider], and shall be authorized to report on such matters to the Board of Directors at any time. The Compliance Officer shall not be or be subordinate to the General Counsel or Chief Financial Officer.” [Emphasis Added]

Although the FSG do not affirmatively address dual role situations, Commentary to the Sentencing Guidelines state “applicable industry practice or the standards called for by any applicable governmental regulations” are factors to be considered. Failure to follow these standards “weighs against a finding of an effective compliance and ethics program.”

At the same time, both the FSG and the OIG Compliance Guidance recognize size of the organization is a factor in judging the level of compliance. This recognizes that in cases where an organization is small and fewer resources are available, the organization can meet its obligations without necessarily creating a structure that separates the roles between legal counsel and the compliance office. However, there is no precise definition of whether an organization is a “small organization” that can fulfill its compliance functions in less formal ways or a “large organization” that will be expected to devote suitable resources to create a completely separate compliance function.

This uncertainty leaves an organization’s board of directors without precise guidance concerning an appropriate structure given the size and nature of its organization.  At the same time, best practice, given available resources, is to separate the compliance and legal counsel functions.  The potential consequences of failing to use an appropriate structure for the size of the organization is increased penalties in the event of organizational criminal misconduct; so the consequences can be quite serious.

Back to all News & Insights


The content in the following blog posts is based upon the state of the law at the time of its original publication. As legal developments change quickly, the content in these blog posts may not remain accurate as laws change over time. None of the information contained in these publications is intended as legal advice or opinion relative to specific matters, facts, situations, or issues. You should not act upon the information in these blog posts without discussing your specific situation with legal counsel.

© 2022 Ruder Ware, L.L.S.C. Accurate reproduction with acknowledgment granted. All rights reserved.