There it is on page 39, under “Compliance Leadership and Oversight: The Compliance Officer’s Primary Responsibilities”:
“. . . the compliance officer should not lead or report to the entity’s legal or financial functions, and should not provide the entity with legal or financial advice or supervise anyone who does. The compliance officer should report directly to the CEO or the board.”[1]
This comes from the November 2023 General Compliance Program Guidance (GCPG) issued by the U.S. Department of Health and Human Services Office of Inspector General (OIG). This is the first in a series of updated guidance documents OIG plans to issue. And OIG’s support of autonomy for the compliance officer is very clear.