We will discuss the role of compliance versus the role of legal in a corporation. While they are adjacent functions and can complement one another, they can also suffer from ambiguity and overlapping roles. We will study the maturity model for a compliance program in a corporation and how that is an important strategic measure related to overall governance of an effective compliance program.

Discussion Questions:

1. How would you define the role of a compliance professional in a corporation in distinction from the role of a legal professional?

2. Was there a "CCO" or compliance leader in your scandal? What role did they play? Were they targeted or brought into the prosecution/enforcement in any way?

3. Do you think that the lead compliance officer should or should not report to the General Counsel? Why?

fdfdf

*Generated with ChatGPT

Hypothetical: “You Are the CCO”

Background

You are the Chief Compliance Officer of Falcon Automotive, Inc., a publicly traded automobile manufacturer. You report administratively to the General Counsel and have dotted-line access to the board’s Audit and Risk Committees.

Falcon’s public filings repeatedly describe vehicle safety as core to its brand and long-term success.

The Situation

Falcon recently launched a new compact vehicle, the Falcon Swift, under significant time and cost pressure.

During a routine compliance check-in with engineering leadership, you learn the following:

• Internal crash testing showed that the Swift’s rear fuel tank is prone to rupture in low-speed rear-end collisions.
• Engineers proposed a design fix costing approximately $12 per vehicle.
• Senior management reviewed a cost–benefit analysis and decided not to implement the fix.
• The vehicle meets all current federal safety standards.

No one suggests the analysis was manipulated or inaccurate.

What You Know (and Don’t Know)

Over the next several months:

• You learn that engineering leadership believes serious injuries or deaths are foreseeable, though not inevitable.
• You are told that:
• “Every car has some residual risk”
• “We are fully compliant with the law”
• “This is a business judgment, not a compliance issue”
• The CRO has flagged “elevated operational risk” internally but has not requested board review.
• There is no formal escalation protocol requiring safety risks to be reported to the board unless there is a regulatory violation.

You are not aware of any intent to mislead regulators or the public.

The Pressure

Shortly after launch:

• You read media reports of two fatal rear-end collisions involving the Swift.
• Regulators make informal inquiries, requesting information but issuing no subpoenas.
• The General Counsel tells you:

“Let’s not overreact. We don’t want to confuse the board or create a record suggesting we thought the car was unsafe.”

You are asked to:

• Help coordinate responses to regulators
• Ensure messaging is “consistent and careful”
• Avoid unnecessary escalation “until we know more”

Your Dilemma

You must decide:

• Whether to escalate the safety issue to the board
• How to frame it if you do
• To whom you escalate (GC, CEO, Risk Committee, Audit Committee, full board)
• When escalation is required, if at all

You are concerned about:

• Overstepping your role
• Undermining management
• Creating personal exposure
• Being blamed for either over- or *under-*reacting

The Question (for Discussion)

As CCO, what should you do next?

Specifically:

1. Is this a compliance issue, a business issue, or both?
2. Do you have an obligation to escalate to the board even in the absence of illegality?
3. What risks do you face if you do not escalate?
4. What risks do you face if you do?
5. How would your analysis change after Marchand and the Wells Fargo enforcement actions?

You may assume Delaware law applies.