Within the C-Suite: CLOs and CCOs – Collaborating for Success

Presentation to ACC – Minnesota Chapter November 4, 2014

Contents

CLOs and CCOs – expanding responsibilities 3

Compliance moving away from Legal 6

Potential tension triggers – Compliance and Legal 10

Potential benefits of a combined structure 17

Potential benefits of an independent structure 19

The keys to success….communication and collaboration 21

CLOs and CCOs

Expanding Responsibilities

4 CCO & CLO Collaborating for success Copyright © 2014 Deloitte Development LLC. All rights reserved.

Today’s CLO role typically includes: Chief Legal Officer today

Defender and Protector

Trusted Advisor

“Steward”

“Eyes and Ears”

Traditional roles & responsibilities

and…. Board Liaison

5 CCO & CLO Collaborating for success Copyright © 2014 Deloitte Development LLC. All rights reserved.

Today’s CCO role typically includes: Chief Compliance Officer today

Risk Manager

Compliance Controller

“Steward”

Compliance Auditor

Traditional roles & responsibilities

and…. Enforcement

Compliance moving away from Legal

7 CCO & CLO Collaborating for success Copyright © 2014 Deloitte Development LLC. All rights reserved.

Compliance is increasingly a standalone role Many companies are moving toward an independent compliance function.

In Focus, Compliance Trends Survey, Deloitte & Compliance Week, August 2013

13%

13%

9%

37%

15%

14%

Is also the general counsel

Is also the chief audit executive

Is also the chief risk officer

Is a stand-alone job wholly separate from the general

counsel or anyone else

We don’t have a specifically identified CCO

Other

8 CCO & CLO Collaborating for success Copyright © 2014 Deloitte Development LLC. All rights reserved.

Compliance is increasingly independent • Many companies are progressively moving to a more independent CCO • The CCO role is evolving to have a direct reporting line to the CEO

In Focus, Compliance Trends Survey, Deloitte & Compliance Week, August 2013

20%

34% 7%

17%

2%

19% The general counsel

The CEO

The CFO

The board

Other

The CRO

9 CCO & CLO Collaborating for success Copyright © 2014 Deloitte Development LLC. All rights reserved.

Compliance has been moving away from Legal

Independent CCO

Compliance risk assessments

Training, education, and communications

Compliance internal controls

Monitoring, technological enablement, auditing

Internal investigations, fact finding, remediation

Compliance policies and procedures

Potential tension triggers – Compliance and Legal

11 CCO & CLO Collaborating for success Copyright © 2014 Deloitte Development LLC. All rights reserved.

Potential tension triggers — Chief Compliance Officers (CCOs) and Chief Legal Officers (CLOs)

Ethical Stewardship

Legal Risk Management

Privilege

People

Independence

CCOs and CLOs may have viewpoints that are opposing or prioritized differently based on overlapping roles

Examples of potential tension areas

12 CCO & CLO Collaborating for success Copyright © 2014 Deloitte Development LLC. All rights reserved.

Ethical Stewardship Potential tension triggers — CCO & CLO

• The CCO typically is charged with instilling an ethical corporate culture and tone at the top, and implementing effective programs to prevent, detect, and remediate violations of law and company policy

• The CLO and other senior company management (e.g., HR) may perceive their role as having some of the same characteristics and responsibilities

13 CCO & CLO Collaborating for success Copyright © 2014 Deloitte Development LLC. All rights reserved.

Legal Risk Management Potential tension triggers — CCO & CLO

• The CCO typically is charged with identifying, prioritizing, and mitigating, via effective internal controls and business processes, sources of risk pertaining to legal and regulatory

• The CCO also may be vested with “ownership” of certain legal risk areas (e.g., privacy, anti-corruption, RIM)

• The CLO may perceive these functions and risk areas to be part of their scope of responsibilities

14 CCO & CLO Collaborating for success Copyright © 2014 Deloitte Development LLC. All rights reserved.

Independence Potential tension triggers — CCO & CLO

• The CCO views organizational independence and autonomy as critical enablers of an effective compliance program, and essential to compliance with the letter and spirit of the US Federal Sentencing Guidelines and other authoritative frameworks

• The CLO may view CCO independence and autonomy as creating the potential for confusion on roles and responsibilities related to legal risk management, and the potential for misaligned communications with the Board and Management

15 CCO & CLO Collaborating for success Copyright © 2014 Deloitte Development LLC. All rights reserved.

People Potential tension triggers — CCO & CLO

• The CCO requires a dedicated, centralized staff with an increasingly varied set of specialist skills (e.g., legal, internal control, audit, human resources, law enforcement, business operational)

• The CLO and other senior company management (e.g., IA) may view the compliance staff as duplicative, inefficient, and having the potential of creating channel conflict and confusion due to perceived overlapping responsibilities

16 CCO & CLO Collaborating for success Copyright © 2014 Deloitte Development LLC. All rights reserved.

Attorney Client Privilege Potential tension triggers — CCO & CLO

• The CCO sees the need for substantial transparency in carrying out the activities of the Compliance Office, consistent with regulatory and other stakeholder expectations

• The CLO has understandable concerns around protecting the corporate attorney-client privilege in appropriate circumstances

Potential benefits of a combined structure

18 CCO & CLO Collaborating for success Copyright © 2014 Deloitte Development LLC. All rights reserved.

Several potential advantages are apparent … When Legal and Compliance are combined

Shared People Unified compliance communications

Structurally lean

Lowest cost option

Single SME pool

Single legal risk management function

One voice of ethical stewardship

Less potential for overlap

Focus on Attorney Client Privilege

Less complexity for small and mid sized

companies

Advantages should be weighed against

advantages of the “split” model

Potential benefits of an independent structure

20 CCO & CLO Collaborating for success Copyright © 2014 Deloitte Development LLC. All rights reserved.

Several potential advantages are apparent … When the CCO is independent from the CLO

Consistent with the trend Specialized cadre of compliance skills

Preferred by many regulators

Sends a message

Independence in appearance and fact

Multi-disciplinary approach to legal risk

management

Unfiltered transparency with board and management

Focused and sustained compliance efforts

Ownership of risk “orphans”

Scalable solutions for larger companies

Advantages should be weighed against

advantages of the “combined” model

The keys to success … communication and collaboration

22 CCO & CLO Collaborating for success Copyright © 2014 Deloitte Development LLC. All rights reserved.

Collaborating for success

With growing roles and responsibilities for the CCO and CLO, multi-level collaboration should occur across the enterprise – board, management, and operations

Enterprise Alignment

CCO

CCO

CCO

Board of Directors

Business Operations

CEO, Legal, Audit, HR, IT,

Security

23 CCO & CLO Collaborating for success Copyright © 2014 Deloitte Development LLC. All rights reserved.

Several Key Areas of Communication and Collaboration

Multi-level approach (board, management, operations)

• Culture • Independent program assessments • Precise roles, authority, accountability • Risk “orphan” ownership • Dynamic risk assessment process • Continuous control enhancements • Integrated audit plans and gap closure

governance • Risk based third party compliance • Data quality systems and procedures • Investigation playbooks • Documented escalation criteria • Compliance archives

Compliance Maturity Framework

Regulatory Concerns

Technology Innovation

Privacy Concerns

Independence

Compliance Hotlines

Corporate Culture

Corporate Business Strategies

Regulatory Agencies

Resources

Talent Concerns

Attorney Client Privilege

Finance Issues

Policy and Procedure Manuals

Risk

Internal Investigations

Q&A

26 CCO & CLO Collaborating for success Copyright © 2014 Deloitte Development LLC. All rights reserved.

Bios

Director, Deloitte Forensic rbiskup@deloitte.com

+1 313 396 3310

Robert Biskup has over 28 years of experience in the corporate sector and private professional settings, and is among the leaders of our national Corporate Compliance practice. He also serves as a regional leader of our Corporate Investigations and Foreign Corrupt Practices Act (FCPA) practice areas.

Rob is the former global chief compliance officer at Ford Motor Company, and also worked as the company’s assistant general counsel and assistant secretary. As Ford’s head of compliance, he was responsible for global compliance program design and implementation at the parent company, as well as Ford Credit, Mazda, Volvo, Jaguar, Land Rover, Aston-Martin, Hertz, and operations in 44 countries worldwide. With his vast international experience, Rob brings valuable insights to Deloitte’s compliance capabilities, and deep experience in designing and implementing compliance programs in complex organizations.

Robert T. Biskup Deloitte Financial Advisory Services LLP

Partner george.martin@FaegreBD.com

+1 612 766 7055

For more than 25 years, George Martin has assisted clients with their international mergers, acquisitions, joint ventures and FCPA compliance obligations. He has lead deals and investigations in more than 40 countries, and is a trusted counselor to multinational company Boards of Directors and senior leadership teams in connection with many of their most significant and sensitive business, compliance, governance and related personnel matters.

George D. Martin Faegre Baker Daniels

This presentation contains general information only and Deloitte is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this presentation.

About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. Please see www.deloitte.com/about for a detailed description of DTTL and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. Copyright © 2014 Deloitte Development LLC. All rights reserved. 36 USC 220506 Member of Deloitte Touche Tohmatsu Limited