The dilemma facing the legal and compliance departments is common to many areas within organizations: The two departments have overlapping, but sometimes conflicting goals. The general counsel is an advocate for and sometimes defender of the organization, while compliance is charged with training employees on applicable regulations and policies and then uncovering and investigating wrongdoing. A compliance officer often must document the findings of the organization’s investigations, while the general counsel may believe the organization is better off not recording this information. At the same time, both areas must work together to further the organization’s goals.
This isn’t to suggest every legal and compliance department is engaged in battle. “There can be a tenuous relationship, but in our experience, on the whole, the legal department is one of compliance’s most trusted partners,” says Roy Snell, chief executive officer with the Society of Corporate Compliance and Ethics (SCCE). According to a 2012 survey by the SCCE, “Stress, Compliance, and Ethics,” most compliance professionals rate their relationship with legal either a four or five out of five.
The concern is that tension between these two areas can expose an organization to problems. At a minimum, they’re apt to duplicate each other’s work. At worst, a lack of communication may mean the two departments fail to identify emerging risks.
While some conflict may be inevitable, compliance can take steps to bolster the relationship. One way is to offer several solutions when questions over a specific activity arise, says Robert Tull, an officer with the National Society of Compliance Professionals and chief compliance officer with an asset management firm. “You have to have the discussion, ‘can we do it?’ and then, ‘should we do it?’ ” If the organization decides a course of action complies with applicable laws and regulations, compliance should offer a range of ways it can move forward and discuss the pros and cons of each. “If compliance says, ‘We can only do this X way,’ people will want to marginalize compliance, because it’s not working to further the desires of the business,” he says.
“There can be a tenuous relationship, but in our experience, on the whole, the legal department is one of compliance’s most trusted partners.”
Roy Snell, CEO, Society of Corporate Compliance and Ethics
Compliance professionals also can help their colleagues in legal anticipate regulatory change, notes Bryan Jones, partner and leader of KPMG’s dispute advisory services network. He points out compliance professionals often have some knowledge of likely upcoming regulatory changes from conversations with peers, networking, and the publications they read. In contrast, legal may be more familiar with the details of legislative changes. If both departments can focus on their own areas, but keep the other abreast of their findings, they can more effectively to minimize the organization's exposure to risk.
Another step is basic, yet often overlooked. That’s initiating a dialogue with the legal department. The goal is to build rapport and clarify each party’s roles upfront, rather than figure them out as problems or incidents arise, which can confuse employees and lead to turf wars. “It may seem obvious, but it doesn’t always happen,” says James Merklinger, vice president and chief legal officer of the Association of Corporate Counsel.
Compliance often is more familiar with business operations than their legal colleagues, given that it’s charged with translating rules and regulations into policies and procedures the business units can follow. “Share that information with legal,” says Carey Roberts, deputy general counsel, chief compliance officer, and corporate secretary at Marsh & McLennan Cos. She notes that the compliance professionals she works with have helped her legal team develop strategies to, for instance, “operationalize” policies on insider trading.
Another way compliance can foster effective relationships with general counsel is to develop a rapport with the business units. These relationships lend credibility and reinforce the idea that compliance offers value to all areas of the company.
How can compliance do that? “Business people need to get things done. Compliance should help them achieve their goals, but in a compliant way,” says Kathleen Meriweather, partner with EY and former assistant U.S. attorney. For instance, when a business unit is heading into new markets or launching new products, compliance can help it structure the operation so it follows applicable rules and policies.
The chart below from the Society of Corporate Compliance and Ethics rates compliance’s relationship with other departments.
Source: Society of Corporate Compliance and Ethics
Of course, this is difficult if compliance is excluded from business meetings. One way to gain an invitation is to show how compliance can add value or streamline processes. For instance, Meriweather worked with a company in which adding a vendor required dozens of steps and approvals. The CCO worked with others to streamline the process, so the time required to approve a new vendor dropped from six weeks to less than three. When compliance can show it’s there to facilitate resolution of business issues, it can act from a position of strength, she adds.
While technical knowledge is essential, a compliance officer’s skill at communication, collaboration, and diplomacy often will drive the relationship with legal and other executives. “You have to walk a fine line between building trust with diplomacy, yet at the same time, having a backbone so you can point out risks that need to be dealt with,” says a compliance officer with an asset management firm.
Relationships between compliance and legal should continue to improve. The speeches and guidelines coming from the Securities and Exchange Commission and the Department of Justice, which repeatedly emphasize the need for an independent, appropriately-resourced compliance department with direct access to senior management, are helping more senior executives understand and appreciate the distinction between legal and compliance. And as the compliance function continues to mature, legal and other executives are gaining a greater understanding of its role and value.
Legal and compliance: Better together?
One question that inevitably arises in a discussion of the compliance and legal departments is the organizational relationship between the two. While many compliance departments initially reported through legal, that’s changing. According to the 2015 Deloitte/Compliance Week report, “CLOs and CCOs: A new era of collaboration,” 59 percent of 2015 respondents said their top compliance position at their organizations was a standalone position, up from 37 percent in 2013. Similarly, 57 percent of compliance functions reported directly to the CEO or board of directors in 2015, up from 51 percent in 2013.
The larger and more regulated the company, the more likely the two areas are independent, says Rob Biskup, Deloitte advisory director and an author of the report. As the numbers show, the trend is to independent compliance departments, he adds.
Compliance “needs board access,” says Bryan Jones, partner and leader of KPMG’s dispute advisory services network. Having compliance report to the general counsel may raise questions about the independence of the compliance function and whether the general counsel will assert legal privileges over the work of compliance.
On the other hand, compliance and legal can operate effectively when [acting as] one department, says Carey Roberts, deputy general counsel, chief compliance officer, and corporate secretary at Marsh & McLennan Cos. “The relationships are very company-specific,” she says. No matter what the organizational chart looks like, both sides have to understand the role of the other and the value each can bring, and then work together to accomplish the organization’s objectives, she adds.