C-Suite Role Is Evolving — What Do You Need to Succeed as Digital Investigators?

Corporations across every industry continue to increase focus on compliance, as evidenced by the growing number of Chief compliance officers (CCO) within large enterprise. As the architects of their company’s compliance strategy, structure and processes these professionals must understand complex regulations and laws and simplify them down to required behaviors in a policy document. CCO responsibilities include education, monitoring and detection programs. The CCO serves as the primary contact to the regulators, and works closely with the GC during investigations and audits.

Despite an unrelenting flurry of compliance and policy regulations, according to a 2015 Compliance Week survey “59% of CCOs are only somewhat confident, or not confident at all,” that the IT systems the compliance department uses can fulfill the CCO’s reporting and responsibilities.” How is this key C-Suite role evolving, and what do they need to succeed as digital investigators?

Watchdog Role

The government increasingly sees the CCO as a “watchdog.” Evangelizing a culture of accountability and compliance is also central to the role. Whistleblowers must feel safe to come forward to report any unethical or other misconduct.

After a record-setting corporate integrity agreement and $2.3 billion settlement with a pharmaceutical giant, federal authorities commented that “[t]he lawyers tell you whether you can do something, and compliance tells you whether you should. We think upper management should hear both arguments.”

Last year, a drug company raised the price of a toxoplasmosis drug by 5000 percent, with major reputation hits quickly following. Another pharma company increased a cardiac drug price by 525 percent after acquiring it. Both were within the letter of the law, with moves no doubt designed to increase shareholder value. Yet they both sparked huge ethical debates, with the cardiac drug company experiencing a 91 percent drop in share price. How strong was the CCO’s voice in these companies?  The rising importance of the ethical and culture-building role is evident in the growing use of the chief compliance and ethics officer (CECO) title, putting more emphasis on the ethical bullhorn of the role. 

Who do CCOs Report to? 

CCOs or CECOs reporting structures vary greatly. In some companies the compliance responsibilities reside in a General Counsel-Chief Compliance Officer dual role, reporting to the CEO. PWC reports that 62 percent of pharmaceutical companies have a separate compliance role, frequently reporting to the CEO. In some organizations the CCO reports to the Board, CFO or legal. In 2016 Bloomberg reported that a major U.S. bank shifted its compliance group from legal to risk management under pressure from regulators. The concern was the legal group was trying to minimize rules application. Other major banks similarly took the CCO role out from under the direction of the GC following government settlements. 

Why CCOs’ Role in Digital Investigations Matters 

Regardless of who the CCO reports to or how much they evolve to be the ethics voice inside corporations, there is no doubt that this role will need to be champions in using technology to monitor digital data for misbehavior and regulatory compliance. CCOs must quickly gather highly accurate, forensically sound information on possible violations, assess what happened, who is responsible and determine what disclosure and remediation actions are needed.  Financial Industry Regulatory Authority (FINRA) has stepped up focus on a culture of compliance in recent years. “The challenge of how you deal with good people making bad decisions … is more and more important than it’s ever been before,” commented FINRA’s CEO in May 2016. He added that there is a direct line “between culture and the probability or severity of an enforcement action.” In the last few years, CCOs have been held personally liable for compliance violations, making them even more motivated to excel at digital investigations to root out bad behavior. In June 2016, the SEC fined a CCO of a financial advisory firm $25,000 and the company $150,000 for failing to implement polices to prevent misappropriation of client assets, failing to conduct an annual review and filing misstatements.  Chief compliance officers may lead audits to identify all protected health information (PHI) across the organization, and collaborate with IT and governance to secure it and limit access to a “need to know basis” to comply with the Health Information Portability & Accountability Act (HIPAA). The government has been much more aggressive in enforcing HIPAA regulations, fining one healthcare provider $5.55M for lapses. CCOs in healthcare and their service partners are bolstering their digital investigative capabilities to monitor PHI safeguards and employee activities to avoid hefty fines.  Global company CCOs must ensure their enterprise is ready to comply with the EU General Data Protection Regulations (GDPR) by 2018. Security measures and protocols must be in place to protect European citizens’ data stored on U.S. servers. The regulation applies to data gathered online on customers, users and even to the companies’ EU HR data. With non-compliance fines up to 4 percent of annual global revenue or €20 Million, whichever is greater, CCOs will want to be confident in the technology they have to monitor and audit GDPR compliance. 

An Equal Employment Opportunity Commission (EEOC) action settlement can involve a full-scale audit of all management activity related to hiring practices, and updates to policies. Fraud investigations require finding and analyzing the content of tens of thousands of emails.

Foreign Corrupt Practices Act regulator actions are increasing. Monitoring and collecting data from mobile laptops, phones, tablets and other devices used by global employees conducting business around the world is becoming table stakes. Not having forensic mobile technology in your arsenal could mean missing out on favorable outcomes under the Department of Justice pilot disclosure program.

Conclusion

Evolving chief compliance officers looking for fast and efficient digital investigations can benefit from a blended suite of forensic and e-discovery technology that is changing how compliance monitors and analyzes misconduct in large companies. Whether stopping bad actors or sloppy employee practices somewhere in your organization, having the right tool in place to ensure sound digital investigations is key to compliance success.