Episode 7: Compliance Organization, Autonomy and Resources
“Organizing is when one person writes down what other people are doing.”
In episode 2 of our challenge, we found out that within the scope of its duty to follow the law, management ensures that the company is organized and supervised in such a way that it complies with applicable regulations. To this end, management sets up a risk-appropriate compliance organization. Management therefore considers compliance to be a primary task.
However: For many compliance officers, any talk of a “Compliance Organization” is pure wishful thinking. Even in multinational companies, this “organization” sometimes consists of exactly one person tasked with various responsibilities such as legal oversight, compliance, and data protection – all bundled together and assigned (for example) to the company lawyer. If this is you I will show you a few tips for meeting the many and varied requirements of your job.
Tip 1: Find Allies. Compliance officers should absolutely look for a network of “allies” who can support them in compliance tasks. Meaningful alliances can, in particular, be forged with Finance/Controlling, HR, Purchasing, IT or Internal Audit. If applicable, regular and proactive coordination with the works council or union representatives is also advisable in order to be able to exchange information early on concerning issues where these bodies may have participation rights.
A further aspect, important both for managing workloads and guaranteeing the effectiveness of a CMS, is the need to anchor compliance issues in daily business operations. This focus is needed because many questions arise in this context, for example in production or sales, which is far from where the compliance officer may work. How can he or she respond effectively to these issues?
Tip 2: Play in the “Champions League”. Look for contact persons within various company divisions. The establishment of a structure of “compliance champions” has proved to be very successful in some cases, even if some preparatory work is necessary. There are employees in almost every department who have a special interest in and understanding of the topic of compliance. They can be specifically trained and informed to pass on this knowledge to their departments. Employees often find it easier to address questions to their colleagues rather than directly to the compliance officer.
In addition to technical competence, the most important characteristic of a successful compliance officer is authority. It has two facets: authority as a personality trait and the authority of the position. The latter depends on what kind of role the management has created for the compliance officer – a decision which is visible to everyone in the company.
The FCPA addresses this aspect, together with the question of “autonomy“, in very specific terms: Those (senior executives) must have appropriate authority within the organization, adequate autonomy from management (…). Adequate autonomy generally includes direct access to an organization’s governing authority, such as the board of directors and committees of the board of directors (…).. (FCPA Resource Guide, p. 58).
Tip 3: Request Involvement. The question of the specific forms which authority and autonomy take in this context is often controversial. Ideally, a compliance officer should report directly to the management and also be a member of an executive committee. Only with this level of involvement can a compliance officer gain a first-hand impression of key issues and intervene effectively. This will raise the compliance officer’s standing, thus sends a strong signal boosting the credibility of the compliance program.
Tip 4: Form a Committee. In any case – and especially if regular participation in an executive committee is not (yet) realistic – the compliance officer should encourage the establishment of a compliance committee. This committee should meet regularly (for instance, every two months), bringing together representatives from different divisions (such as the “allies” mentioned above) to discuss and decide important compliance issues. This tool often proves quite effective.
Authorities such as the United States Department of Justice (“DOJ”) increasingly emphasize the importance of sufficient financial and human resources to evaluate the effectiveness of compliance programs. In the 2019 DOJ Compliance Guidelines, the word “resources” was used 42 times on 18 pages. In the 2020 update to the Guidelines, the question of whether compliance programs receive adequate financial resources was again given special emphasis.
Tip 5: Demand a Budget. Resources are not just “nice things to have”. It is not enough to put a “compliance hat” on someone in the company and then leave them alone. Realistic budgets are essential if a company’s commitment to compliance is to be seen as credible. Compliance officers must demand realistic budgets, ideally with concrete annual spending plans for their specific compliance projects.
In the next episode, we will continue with the topic “Communication, Training, and Consulting”.
If you are unsure how to set up and run your compliance project successfully, please feel free to contact me.