Andrea Bonime-Blanc oversees internal audit, enterprise risk management, ethics, corporate responsibility and compliance for Verint Systems, a global software company. She reports to the Chairman of the Audit Committee and indirectly to the Chief Legal Officer. In a recent BNA Insights article (Corporate Governance Reports) she gives four reasons why such a role should report to legal. This topic stretches far beyond the meager confines of a blog post, so I will simply annotate a comment or two.
-
“The complexity of modern compliance legislation and regulation requires legal expertise and therefore belongs in the legal department.” True as far as it goes, but what percentage of compliance depends on interpretation of laws and regulations?
-
“The GC is in a better position to coordinate disclosure and regulatory contact.” This ought to depend on whether the information provide and interaction requires legal background or administrative, process skills.
-
“Attorney-client privilege is automatically created.” But only if the lawyer acts as a lawyer.
-
“Compliance is paramount, and legal compliance is within the purview of the legal department.” I question the premise, and the second part of the sentence does not logically require that the GC serves as the chief compliance officer. Compliance staff can always come to the law department for guidance when legal counsel is needed.
The author then presents five arguments in favor of the independence of the Chief Ethics and Compliance Officer (CECO) role.
-
“Ethics, compliance, and risk management are best served through independence from the GC, as there can be inherent conflicts of interest.” Perhaps, but a CECO officer who balances three responsibilities also faces conflicts among them. Others have raised this objection (See my post of Oct. 21, 2005: conflicts between compliance and law; Jan. 16, 2006: conflicts of GC as CCO; and Jan. 14, 2011: Ben Heineman view and rejoinder.).
-
Separation of the roles creates a checks and balances on other staff functions. I don’t understand this, since a unified law/compliance position could also moderate and balance actions of the other staff functions.
-
“The compliance roles cover many more areas than strictly legal and regulatory compliance.” Agreed, since process activities, monitoring, and administrative reports should not fall on the law department.
-
The compliance function focuses on creating a culture of integrity not just a culture of compliance. Neither the implicit criticism of law departments and the culture they nurture nor the claimed superiority of the compliance culture is a given. Many general counsel view their departments as “beacons of integrity.”
-
“The GC may be conflicted by the demands of the business, and thus not able to exercise completely independent judgment regarding ethical issues.” What exempts chief compliance officers from the same demands?
I thank my friend Jeff Kaplan for sending me the article.