Skip to content


When It All Hits The Fan: The CCO’s Role As Crisis Leader

By GAN Integrity

A compliance problem can become a crisis when internal investigations and communications are mishandled. While people typically associate crisis leadership with an organization’s CEO or board, the role of the Chief Compliance Officer (CCO) has become more visible as internal corruption investigations have become more widely reported by the media. The CCO must be ready to step into a leadership role when it all hits the fan.

Let’s say an employee blows the whistle on a potential bribery problem, and after doing some initial fact-gathering interviews or internal investigation, you realize that the company is facing a serious issue. How do you lead efforts to resolve this issue with the other executives, the CEO and the board?

Learn five tips CCOs can use to prepare their organizations for what may happen -- without causing unnecessary alarm.


The CCO has to prepare other executives and leaders for the problems that could arise as a result of corruption or other compliance issues. These could include employee morale issues, litigation threats and potential government investigations, fines, sanctions and financial performance problems.

It’s important to always remind others in management that unexpected compliance issues can and do arise, despite everyone’s best efforts. That’s why you have situations like the SEC and DOJ declining to prosecute the Harris Corporation, despite violations of the FCPA by its newly acquired subsidiary, CareFx Corporation. While this case demonstrates how robust compliance programs can shield companies from potential prosecutions, it also shows that corruption can take place even when the company has the right compliance effort, resources, training and technology in place.


  1. Educate executives and the board on evaluating compliance issues.Part of the CCO’s role is to discuss how the organization wants to respond when a problem arises: How much do the board and other executives want to know, and how quickly? Certainly, you don’t want to call a special board meeting every time someone blows a whistle. But if you have a serious problem, you don’t want your fellow executives or the board to feel like you went through an entire investigation or hired outside counsel before they even have heard about it.
  2. Promote a calm, measured attitude toward potential problems. Alarm and panic can make almost any problem worse. When there are serious breaches, the CCO can demonstrate leadership by providing context to other upper management, helping them see that even serious concerns are not cause for alarm.
  3. Collaborate to understand the worst-case scenario.A compliance crisis could create a variety of different problems, from PR problems to risk of litigation from shareholders and customers. You’ll want to be able to advise on the fiscal consequences of these problems, and that means working with other people in the organization to understand what the worst-case scenario could be.
  4. Take timely action. You can’t sit on a potential compliance issue; you have to take action relatively quickly. The first step is going to involve basic internal investigations or fact-gathering in conjunction with issuing a document hold. The document hold helps prevent documents or emails that could relate to the incident from being destroyed either in the regular course of business or by an employee trying to cover up evidence.
  5. Consider bringing in outside counsel or communications crisis management. Bringing in outside counsel as part of your legal or PR strategy demonstrates that the company took a matter seriously enough to invest in this expertise, and helps to lessen any concerns that you could be hiding cracks in your compliance program to protect yourself or the organization. If the situation appears dire, you may also want to consider outside communications crisis management, which is typically hired by the legal or compliance department in conjunction with senior management.

In the end, you can mitigate risk and minimize compliance risk, but you can’t eliminate it. You may have exemplary due diligence, for example, but a person with zero negative history could still be tempted by a commission to push a sale through in a corrupt fashion. That’s why it’s important for today’s CCOs to have a global approach to compliance crisis management and be prepared to respond to problems in a calm, measured way.

Related reading

Join the E&C Community

Get the latest news from GAN Integrity in your inbox.