Compliance officers and enforcement authorities alike have long debated the arguments for splitting the corporate chief compliance officer role from that of the general counsel, but what about the benefits realized when the two are a combined force?
We caught up with Carey Roberts, deputy general counsel, chief compliance officer, and corporate secretary of global professional services firm Marsh & McLennan Cos., to talk about her dual legal and compliance role at MMC, and what value each function brings to the other. She also shares a little about how the compliance program is structured at MMC.
First tell us a little bit about Marsh & McLennan, generally.
Marsh & McLennan Cos. is a professional services firm. We have about 60,000 colleagues worldwide, and we operate in 130 countries. We have four operating companies: insurance broking and risk management company Marsh; reinsurance broking company Guy Carpenter; health, wealth, and career consulting firm Mercer; and management consulting company Oliver Wyman.
How is the compliance department structured at Marsh?
We have a combined legal and compliance department with over 400 people. We combined the functions about a year and a half ago.
We are about evenly split between legal and compliance roles, although some colleagues cover both legal and compliance issues. This occurs most often in jurisdictions where we only have one legal and compliance colleague; in that case, they cover both sets of issues.
I report to MMC’s general counsel. Our compliance team is organized by operating company and then, within each operating company, by region or line of business. On top of that, we have Centers of Excellence that address significant legal and compliance risks that apply across our operating companies and across regions—risks like sanctions, anti-corruption, investigations, data privacy. Those issues are significant for all of our businesses, no matter where they’re operating. Then if you’re looking at a business-specific compliance risk in, say, South Africa, there would be a regional team that addresses those business-specific issues.
What benefits has MMC realized by combining the legal and compliance functions?
We are one team. It’s becoming more seamless, which was our ultimate goal. The reason for combining the functions is that we are really focused at the core on the same thing, which is managing risks—whether it’s legal or compliance risk, or some combination of the two—while also enabling business to do what it needs to do and thrive. So, having the functions combined makes a lot of sense.
Wearing the “compliance hat” makes me much more effective, because I’m involved in a broader set of issues from a substantive standpoint. That’s a huge benefit for me personally. For our business colleagues, they have also seen better coordination and more alignment on substantive issues, which makes us more effective.
What value does each function bring to the other?
I see the benefits all the time. I first started at Marsh & McLennan as deputy general counsel and then added the chief compliance role. In my deputy general counsel role, for example, one of the things I did was think about the kinds of disclosures we need to make to our investors. Wearing the “compliance hat” makes me much more effective, because I’m involved in a broader set of issues from a substantive standpoint. That’s a huge benefit for me personally. For our business colleagues, they have also seen better coordination and more alignment on substantive issues, which makes us more effective.
Let’s talk ethics. How does MMC foster an ethical culture?
Culture is so elusive. It’s a constant conversation we have to have as a company. We have to be thinking about the kind of culture we want and continually take action to reinforce that vision.
It starts with the business leadership. When you are talking about ethics, if they are not committed to an ethical culture, then it’s really difficult as a legal and compliance function to change that. Our leadership believes very much in an ethical culture. It helps us reduce risk. It helps us maintain healthy client relationships.
Even when you have the top-down messaging right, and you have the tone-from-the top right, you really have to trust business colleagues all over the world to embrace that message and carry it through in their day-to-day work.
How is the value of ethics reinforced among employees?
Messaging is the starting point. We talk about it a lot. We try to have a continuing conversation about ethics, what it means, and how important it is.
For us, the starting point for that conversation is our code of conduct, The Greater Good. The Greater Good was developed over five years ago and we have made a real commitment to integrating it into our culture. No matter where I go in the world, colleagues talk to me about The Greater Good—how it defines us, how particular behaviors they see are, or are not, consistent with its principles. It has become short hand for who we are as a company. We are very lucky to have that as our ethical foundation.
We also encourage colleagues to speak up, and we hold people responsible for behavior that is not in keeping with the ethical values of the company. We do that in a couple of different ways. We have a committee we refer to as the issues panel, which is composed of senior leaders. When there is a significant breach of The Greater Good, wherever it happens around the world, that gets escalated to this panel. The panel reviews those issues, and we make recommendations to the business about what actions should be taken in response. That panel reports up to our audit committee, so we have independence around the process.
If you don’t have some sort of independent process for looking at ethical violations, it’s very difficult for you to make sure that there is a consistent approach being taken across the business or that people are being held appropriately accountable.
In the compliance community, we hear all the time about the elusive challenge of measuring program effectiveness. How does MMC achieve that?
It really depends on the particular compliance risk. Certainly, when it comes to ethics, we look very carefully at the kinds of ethical issues we’re seeing, where we’re seeing them and how they are being reported. We track those metrics over time to see if the actions we take to address specific issues have been effective—quite simply, are we seeing fewer issues as a result? The actions we take may be in the form of strengthening controls, modifying processes, or even changing a business model to reduce the particular risk.
What are some of the biggest challenges of maintaining a global compliance department?
Just that, it’s the global nature of the company. Messages about ethics and compliance become very diffuse. What seems very clear to me from where I sit may seem much less clear in another part of the world, far removed from our headquarters. That’s a huge challenge.
The rogue employee is probably my greatest fear. With 60,000 employees, you are not going to be able to control what every single one of them is doing every minute of the day. We try to address that risk by asking our colleagues to take responsibility for our culture and encouraging people to speak up. We rely on all of our colleagues to do their part.
What lessons have you learned in your role as a deputy general counsel and compliance officer that other peers may be able to learn from?
Certainly, addressing challenges by making things easier for business colleagues is one of the most important things you can do, so thinking about ways to mitigate legal or compliance risk that are user-friendly for the business. Most people know that. That’s a well-known lesson in the compliance world, but it’s something you have to keep in mind all the time. I believe that most people fundamentally want to do the right thing. The easier you make it for them, the better off we all are.