Sorting the dual-hatted CCO

When someone at the firm acts as both chief compliance officer and general counsel, it’s important to know when their communications are protected by attorney-client privilege, write RK&O lawyers Eva Marie Carney and James Walker. 

Having one person serve as both the chief legal officer and chief compliance officer for a private equity firm or hedge fund allows the firm to capitalize on economies in merging the two roles. 

Dual-hatting may be costly for a firm, though, if care is not taken in executing the two roles so that the firm appropriately preserves its claims of attorney-client privilege and at the same time is able to demonstrate to its regulators, through non-privileged documentation, that it has executed its regulatory compliance responsibilities. 

The firm’s ability to preserve the attorney-client privilege as appropriate and to maintain non-privileged records that remain available for regulatory review separate from privileged communications depends on taking stock of, and being guided by, the distinct responsibilities of the two roles. The general counsel or chief legal officer and other in-house lawyers are responsible for assessing compliance risk and responding appropriately when presented with evidence of material violations. They also are expected to take the steps necessary to ensure that the firm adopts an appropriate response.  The chief compliance officer and other compliance personnel, in contrast, are charged with monitoring compliance with regulatory obligations and firm policies, implementing firm policies, and assessing the effectiveness of those policies over time and as the firm’s business changes.  Compliance personnel, further, create and maintain the firm’s records of compliance incidents that may merit further investigation, and of issues investigated and any resulting remediation.

Giving advance thought to which hat the CLO/CCO is wearing when executing her various duties within the firm; developing throughout the organization a working understanding of the dual role; and acting consistently with that understanding day-by-day, are all critical. Following this approach will appropriately protect the firm’s privileged records, avoid inadvertent disclosures, and even strengthen the company's ability to assert claims regarding privileged documentation. 

Privilege assertions receive heightened judicial scrutiny when they relate to communications with in-house counsel and regulators are expressing their own skepticism in this regard. Courts have made clear that “business advice” is not protected by the privilege even if it is conveyed by an attorney to her client because the communication was not intended to communicate legal advice.  And in our experience, the regulators of advisory firms (e.g., the SEC and FINRA) typically view compliance as a business matter, not a legal matter.


Courts have identified specific scenarios in which an in-house lawyer’s communications with employees, or communications among employees that do not include the in-house lawyer, will be deemed privileged, including: 

1. Where the communication either reflects or seeks legal advice and the recipients are those firm employees who are involved in the decision-making that will be guided by the legal advice (Roth v. Aon, Case No. 04 C 6835, U2008 U.S. Dist. Lexis 106161 (N.D. Ill. Jan. 8, 2009) (CFO sent comments and draft disclosure document to deputy GC and non-lawyer executives who were to comment on document));

 2. Where legal advice rendered previously is being transmitted to others in the organization who have a “need to know in the scope of their corporate responsibilities” (In re Vioxx Products Liability Litig., 501 F.Supp.2d 789, 797 (E.D. La. 2007)); and

3. Where the communication concerns information being gathered by the organization’s employees to transmit to internal counsel in order to obtain legal advice (United States, ex rel Baklid-Kunz v. Halifax Hospital Medical Center, 2012 WL 5415108, at *3 (M.D.Fla. 2012)). Notably, in Halifax Hospital Medical Center, the court rejected the hospital’s assertion of privilege over a referral log that recorded all reports of compliance issues that required investigation.  The hospital asserted that the log was prepared for the purpose of obtaining legal advice and in anticipation of possible litigation and/or administrative proceedings relating to the issues identified by the hospital’s compliance department.  The court rejected the hospital’s assertion, reasoning that the communications were between non-lawyers and reflected neither legal advice given previously nor information gathered by corporate employees for transmission to company counsel in order to obtain legal advice. 

Consistent with the guideposts above, the work performed or overseen by the CLO/CCO in making a legal assessment of compliance risk and in investigating potential violations appropriately may be segregated in privileged files and cloaked from disclosure under a claim of attorney-client privilege. 

Related communications between the CLO/CCO and others at the firm in connection with the investigation, documents created to assist the CLO/CCO's review, notes taken during the course of the assessment or investigation, and pre-decisional documents drafted by the CLO/CCO relating to the investigation also can be segregated.  The firm’s compliance log, in contrast, and the documentation created by the CLO/CCO that recites the facts revealed during her investigation, the conclusions reached, and the next steps that will be employed by the firm to remediate, are in the compliance and not the legal realm. Consequently, such documentation would not be labeled privileged or filed with the segregated, privileged records created or maintained by the CLO/CCO.

Guarding a firm’s privileged communications appropriately and ensuring that the firm has a full set of non-privileged compliance records that it confidently can hand over to SEC examiners or other relevant regulators promptly on request takes discipline. But exerting that discipline will serve a private equity firm or hedge fund advisory firm well.

Eva Marie Carney is a Washington DC-based partner at Richards Kibbe & Orbe who specializes in securities regulatory compliance. James Walker is a New York-based partner of the same firm who concentrates in regulatory proceedings, internal investigations, complex commercial litigation, professional liability and legal ethics.