ETHICS CORNER DEFENSE CONTRACTING
Reasons to Outsource a Chief Compliance Officer
The outsourcing of high-level management functions is nothing new. It has been done with chief financial officers, general counsels, internal audit, IT, and even CEOs and chief operating officers for decades.
Similarly, some small- to mid-sized government contractors are finding that outsourcing the chief compliance and ethics officer (CCEO) role is more effective, both as to cost and effectiveness, than hiring one internally. One estimate states that nearly a quarter of firms outsource some or all of their compliance functions.
A contractor may be required by Federal Acquisition Regulation 52.203-13 to have a corporate compliance and ethics program. According to a 2017 survey, the average annual total compensation of a CCEO in the aerospace and defense industry is $198,000, a hefty price for a small- to mid-sized company. Moreover, finding an experienced person to fill that role who really understands what constitutes an effective program, and who has some degree of credibility with government agencies, can be very difficult.
There are several reasons why outsourcing the role may be the better solution. One is immediate confidence in the compliance expert and the expert’s advice by stakeholders. Stakeholders may be aware of the current lack of in-house skills and want better assurance regarding the company’s compliance measures and program.
Another is trust among the regulators. An independent, objective, third-party compliance professional may give government officials more confidence in a company’s program and demonstrate its commitment to invest in ethics and compliance. This is one of the primary reasons government agencies may require a company to engage an independent corporate monitor when resolving issues involving misconduct.
It might also save time and money. Because the outsourcing of the function may be done using flat monthly rates, the company benefits from more accurate costs for budgeting, as well as on-demand expertise for: compliance policy drafting/revising; training and guidance; hotline investigations; compliance and ethics risk assessments; auditing and monitoring; and reporting — all without the added costs of recruiting, training, orientating, supporting and managing internal compliance staff.
The monthly cost of outsourcing the chief compliance and ethics officer role to an expert can be significantly less than hiring an experienced professional in-house.
Companies should also appreciate that having just a code of conduct, some policies and trainings do not constitute an effective compliance program. Things are made a bit more complex for government contractors in that the Federal Acquisition Regulation provides little to no precise guidance or specifics on how to comply with the mandatory requirements of FAR 52.203-13, and contracting officers and other relevant agency personnel are poorly — if at all — trained on what constitutes effective compliance.
"Companies may be vicariously liable for the actions of their employees, subcontractors and others."
FAR Subpart 3.10, “Contractor Code of Business Ethics and Conduct,” obliges all government contractors, regardless of their size, to conduct themselves with the highest degree of integrity and honesty. It further states contractors should have a written code of business ethics and conduct. To promote compliance with the code, contractors should have an employee business ethics and compliance training program and an internal control system that: are suitable to the size of the company and extent of its involvement in government contracting; facilitate timely discovery and disclosure of improper conduct in connection with government contracts; and ensure corrective measures are promptly instituted and carried out.
To ensure that a compliance program meets the FAR requirements and helps protect the company from other enforcement risks, it is best to design and implement one in accordance with §8B2.1 of the U.S. Federal Sentencing Guidelines. This will be what a government contractor’s compliance with the Federal Acquisition Regulation will be tested against by agency suspension and debarment officers.
In addition, companies may be vicariously liable for the actions of their employees, subcontractors and others. Should misconduct occur, a company that does not have an effective compliance and ethics program is exposed to corporate criminal and civil liability, as well as suspension and debarment from all federal government contracting.
Overall, §8B2.1 has two primary requirements for companies: exercise due diligence to prevent and detect criminal conduct, and otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.
To meet these objectives, §8B2.1 identifies and elaborates on seven essential elements of an effective compliance and ethics program: standards of conduct, policies and procedures; a compliance officer and committee; education and training; monitoring and auditing; reporting and investigating; enforcement and discipline; and response and prevention.
Small- to medium-sized federal government contractors should seriously consider outsourcing the compliance function — at least for a while. Designing and implementing a compliance program that is effective and meets requirements takes a lot of time, resources and expertise. By bringing in an expert to get the program up and running well — which should take 12 to 18 months — the company can then consider recruiting a compliance professional to work in-house as the chief compliance and ethics officer, or continue outsourcing the role.
John Hanson is the executive director of Artifice Forensic Financial Services, a consultancy providing services in the areas of forensic accounting/fraud examinations, corporate compliance and ethics programs, and independent corporate monitoring.