Main Content

Casebook Read Credits
Corporate Risk and Compliance: Theory and Practice
Section 4 . 5

Hypo: Does a CCO have a duty to escalate to the Board?

Kim Otte

*Generated with ChatGPT

Hypothetical: “You Are the CCO”

Background

You are the Chief Compliance Officer of Falcon Automotive, Inc., a publicly traded automobile manufacturer. You report administratively to the General Counsel and have dotted-line access to the board’s Audit and Risk Committees.

Falcon’s public filings repeatedly describe vehicle safety as core to its brand and long-term success.

 

The Situation

Falcon recently launched a new compact vehicle, the Falcon Swift, under significant time and cost pressure.

During a routine compliance check-in with engineering leadership, you learn the following:

  • Internal crash testing showed that the Swift’s rear fuel tank is prone to rupture in low-speed rear-end collisions.
  • Engineers proposed a design fix costing approximately $12 per vehicle.
  • Senior management reviewed a cost–benefit analysis and decided not to implement the fix.
  • The vehicle meets all current federal safety standards.

No one suggests the analysis was manipulated or inaccurate.

 

What You Know (and Don’t Know)

Over the next several months:

  • You learn that engineering leadership believes serious injuries or deaths are foreseeable, though not inevitable.
  • You are told that:
    • “Every car has some residual risk”
    • “We are fully compliant with the law”
    • “This is a business judgment, not a compliance issue”
  • The CRO has flagged “elevated operational risk” internally but has not requested board review.
  • There is no formal escalation protocol requiring safety risks to be reported to the board unless there is a regulatory violation.

You are not aware of any intent to mislead regulators or the public.

 

The Pressure

Shortly after launch:

  • You read media reports of two fatal rear-end collisions involving the Swift.
  • Regulators make informal inquiries, requesting information but issuing no subpoenas.
  • The General Counsel tells you:

“Let’s not overreact. We don’t want to confuse the board or create a record suggesting we thought the car was unsafe.”

You are asked to:

  • Help coordinate responses to regulators
  • Ensure messaging is “consistent and careful”
  • Avoid unnecessary escalation “until we know more”

 

Your Dilemma

You must decide:

  • Whether to escalate the safety issue to the board
  • How to frame it if you do
  • To whom you escalate (GC, CEO, Risk Committee, Audit Committee, full board)
  • When escalation is required, if at all

You are concerned about:

  • Overstepping your role
  • Undermining management
  • Creating personal exposure
  • Being blamed for either over- or *under-*reacting

 

The Question (for Discussion)

As CCO, what should you do next?

Specifically:

  1. Is this a compliance issue, a business issue, or both?
  2. Do you have an obligation to escalate to the board even in the absence of illegality?
  3. What risks do you face if you do not escalate?
  4. What risks do you face if you do?
  5. How would your analysis change after Marchand and the Wells Fargo enforcement actions?

You may assume Delaware law applies.

This book, and all H2O books, are Creative Commons licensed for sharing and re-use with the exception of certain excerpts. Any excerpts from the Restatements of the Law, Principles of the Law, and the Model Penal Code are copyright by The American Law Institute. Excerpts are reproduced with permission, not as part of a Creative Commons license.