Conundrum: You’re Only Kinda In Charge…
It happens all the time. There is a compliance-related area that is simply not in the Compliance department’s remit. Except it is. Sort of. As in, you have some responsibility or oversight responsibilities, but you don’t own the area. You may risk stepping on other people’s toes if you jump in too much, but you can’t not participate. How do you manage this successfully?
Leave it to Joe Murphy, the Godfather of Compliance, to ask the question and offer the answer. He was kind enough to let me share his thoughts. Without further delay….
The following is written by Joe Murphy:
How does the Chief Ethics and Compliance Officer (CECO) deal with other compliance functions?
That was the practical question I heard at a recent PLI program in New York on compliance program management. It is not unusual to have compliance-related activities that are not under the direction of the CECO. These can include environment, workplace safety, discrimination and harassment, product safety, consumer protection, and other, specially-regulated areas. In long-established companies, these may be functions that predate the Sentencing Guidelines and appear to be functioning effectively.
Is the answer just to give up and say they will do their own thing, or to be aggressive and wage a turf war to try to take over everything related to compliance?
Cooperation is Key
I believe the answer is to break the silos and work cooperatively. Just like the point that compliance does not need to report to legal to work interactively with the lawyers, so it is also true that not every compliance area needs to report to compliance but that all players can work cooperatively.
Working with the General Counsel
This concept of cooperation is much needed in our field.
I should note that a great deal of the controversy about whether compliance should report to the general counsel is a false dichotomy addressing this same point. The general counsel reporting issue is positioned as if there was only one choice: either compliance reports to and is subservient to the general counsel, or there is a complete divorce with a wall between the two, each blindly following its own path.
This is just foolishness. Legal can work with compliance the way it would with other control-related departments such as HR and audit. I have not seen anyone assert that HR and internal audit need to be reporting to the general counsel; only in discussions about compliance is this set up as an all or nothing proposition, built on a foundation of silos.
So what is the solution for compliance and other functions, including separate compliance functions?
Let’s start with a general proposition: they need to work together. The CECO needs to work with the other compliance functions. Never should they be completely separated.
These are nice sounding words, but how do we make them work? Here is what I have seen as useful tools for this purpose.
How to Fix It
I recommend having a senior-level compliance management committee to support the CECO. Members would include senior people from legal, HR, audit, IT, and security. But this would also include members from other compliance-related fields such as environmental, safety, regulatory, etc. This only works, however, if the CECO is positioned as a senior officer, high enough to have the respect of others. But then, that is necessary for any compliance program to operate effectively and credibly.
It is also necessary, if this is going to work, that the CECO have a direct line to the board, and meaningful access to those who hold power on the board, including the chair of the audit committee. The CECO needs to be able to add value for those who work with the compliance program. This comes from the board access, but also from other essential elements of a compliance program. For example, the CECO should have input into promotions and evaluations of other managers. This ability to add value can also come from the CECO having access to an effective company-wide communications vehicle.
When I was in-house we had a very popular newsletter – called Report on Integrity – that carried summaries of actual compliance cases. It was an interesting read, and every feedback source indicated it had real reach. Others came to us to have their messages included.
When the CECO is positioned this way, here is what happens:
The environmental compliance manager who wants to get a message out to the field operations, the HR leader who needs budget for an anti-harassment program, the product quality expert who believes quality controls are in dangerous disrepair – they all know the CECO can get them the visibility and resources they need.
In effect, the CECO needs to have power, access to the company and its data, and independence. This makes the CECO a go-to resource for others to value. These others will also be a key source of information on any form of misconduct in the company, to fulfill a mandate from the board that the CECO inform the board of any compliance risks. The CECO in this position is enabled to ensure the board keeps the commitments required by the Delaware corporate law under the Marchand case.
If the CECO is seen as powerful and with access to important resources, others in the company will crave access to this leader. Each side can see the value of this alliance, and at the same time ensure that the board can rely on the CECO to meet its responsibilities as well.
Joe Murphy, along with Kirsten Liston and me, wrote a book together called The Compliance Entrepreneur’s Handbook, which can be found HERE. Information about Joe Murphy can be found HERE.
Senior Advisor, Compliance Strategists
For over 40 years, Joseph E. Murphy, JD, CCEP has championed compliance and ethics issues and has been a requested speaker on six continents, having published over 100 articles and given more than 200 presentations in 19 countries.
CEO of Spark Compliance Consulting
Kristy Grant-Hart is the founder and CEO of Spark Compliance.
She’s a renowned expert at transforming compliance departments into in-demand business assets.