Are we were required by law to have a dedicated compliance officer, who cannot be the same individual who handles HR?
No. In general, companies are not required by law to have a dedicated compliance officer. However, some sectors have specific guidelines in place for compliance officers.
For example, in the financial sector, compliance officers are subject to regulations and enforcement by the Securities and Exchange Commission (SEC), the Financial Industry Regulatory Authority (FINRA), and the Department of Justice (DOJ). Each agency looks at the compliance officer’s supervision in both legal and compliance matters, and the DOJ also looks at individual accountability in compliance matters.
In the healthcare sector, the U.S. Office of Inspector General (OIG) has issued compliance guidelines specific to hospitals. While not mandated by law, the OIG strongly recommends that hospitals develop a compliance program and have a compliance officer available to ensure that hospital standards and ethics are upheld. The OIG guidelines state that each hospital should designate a high-level official to serve as compliance officer. Depending on the size and resources of the hospital, the compliance officer may be an HR professional, in-house counsel, or another designated appointee. Some hospitals may choose to hire a full-time compliance officer.
Therefore, while companies are not required to have dedicated compliance officers, in heavily regulated industries such as finance and healthcare, compliance officers are recommended and even held individually liable in some instances. To determine whether a dedicated compliance officer is necessary for your organization, it is best to consult with your counsel.