The Compliance and Legal Officer in Practice: Guardians of Integrity

Overview of Compliance and Legal Officer Role

Navigating the evolving regulatory landscape requires organizations to stay ahead of potential compliance and legal pitfalls. The fundamental question for Chief Compliance Officers (CCO) and Chief Legal Officers (CLO) is whether they are compliant. CCOs and CLOs work in concert to ensure company integrity and compliance, as well as all legal matters. While both play crucial roles in the governance and risk management structures of an organization, their specific duties can vary widely across industries. A CCO and CLO may occupy the same role in organizations that are smaller, less regulated, or less legally sophisticated, but larger, regulated organizations often separate these functions for the purpose of efficiency and specialization.
Within compliance and legal departments, the relevant laws and regulations will dictate further specialization for either departments or teams responsible for compliance obligations, global markets, legal risks, securities compliance, etc. Taking a closer look at the CCO/CLO function and the role’s contributions will assist organizations in ensuring their management structure provides adequate governance, risk management and controls.
There are numerous examples of government relations and compliance departments becoming integrated as legislative bodies called for increased accountability . An example would be the various Federal Sentencing Guidelines that were designed in the wake of significant marketing and pricing scandals affecting the banking and pharmaceutical industries, respectively.
The regulation of anti-bribery and corruption risks is a natural extension of the CCO/CLO function. There are various regulatory bodies that govern practices depending on the source of income. Bank regulators will impose standards on financial services companies. Securities regulators will also impose subsidiary responsibilities on its SEC regulated companies. Companies with public shares or those involved in the movement of goods across borders will have additional regulatory regimes to consider. For example, the Sarbanes-Oxley Act (SOX) requires that publicly held corporations establish and implement procedures to obtain information regarding, document, evaluate, and disseminate all of the information known by each of their officers and their directors in order to provide accurate information on financial performance. Other jurisdictions will require detailed anti-bribery and corruption compliance measures for anti-money laundering and bribery of foreign officials.

The Role of the Compliance Officer

The primary responsibility of a compliance officer is to monitor the organization’s regulatory environment and implement policies and procedures to help ensure compliance with relevant laws and regulations. This typically includes identifying applicable rules and regulations. The officer must then make sure that company policies reflect, in writing, how to comply with those rules. The compliance officer will then be responsible for auditing existing company policies and procedures to determine if rules are being followed. When policies and procedures are not being followed and a new rule has been adopted, the compliance officer must update company policies and procedures and conduct employee training to make sure employees understand the new rules.
No compliance program will be effective unless there are checks and balances in place to confirm that company policies and procedures are working as intended. Because the compliance officer is responsible for monitoring the regulatory environment, conducting internal audits, and providing or arranging for employee training, the compliance officer is in a good position to observe possible compliance failures. It is important that an organization establish organization rules that allow the compliance officer to report possible compliance failures directly to the board of directors.

The Legal Officer and Mitigating Risk

Legal Risk Management
The legal officer is responsible for managing risks related to its anticipated or pending litigation. All scenarios of litigation have a certain legal risk and/or business risk. Once the officer identifies a scenario, and discusses it with other executives, she can then determine whether to participate in a settlement or a court battle. Although trial management is a collaborative effort among the legal team, once the decision of whether to litigate is made, the officer oversees all litigation. As needed, the officer may exercise a balance between managing legal and business risks.
Sounds simple? It can be, and arguably should be, something that is managed like any other business risk. Legal risk management is not something peculiar to lawyers; it is the determination of real and potential losses from risk that is internal to the company. It also includes identifying, quantifying, minimizing, and eliminating such risks. With the natural inclination of most lawyers to act only as advisors, this places the legal officer a bit outside the norm. This is an example where the junior officer must provide education and information to the senior officers in order to bring the executive to understand what counts as risk and what is important.

Skills and Qualities of a Compliance Officer

Apart from the qualities and competencies mentioned above, a wide range of skills are essential for a successful compliance and legal officer. These include analytical thinking, the ability to make sound judgments, good attention to detail, knowledge of the relevant regulatory environment that governs the business, people management, and strong communication skills. A grasp of English is increasingly the core language of business, and may be essential for cross-border cooperation where the company has international operations. Good oral and good written communication is essential for progress in this role. As previously mentioned, if working under a CCO, the compliance and legal officer must cultivate good relationships with other team members and a willingness to resolve issues collaboratively. In addition to these skills, an understanding of the relevant industry and the nature of the business being conducted will also be very helpful. Many of these skills can be cultivated through experience and training. A thorough grounding in areas such as marketing, sales, finance, and even general regulatory issues, will enable compliance and legal officers to ensure their compliance policies and procedures are all-encompassing and effective. For example, having experienced salespersons involved in the design and roll out of a new policy on the solicitation and retention of business may do much to reduce the risks of non-compliance occurring. It is essential to choose who will write compliance policies carefully. They need to be persuasive and authoritative. The power of persuasion is a critical development tool for an effective compliance and legal officer. If they cannot convince the business leaders to follow the processes they have set, or manage and disseminate all information necessary to communicate change, they are unlikely to be able to manage effective internal compliance.

Establishing a Sound Compliance Program

A robust compliance program is essential in establishing a culture of compliance and risk awareness within an organization. In addition to complying with applicable legal requirements, the program should be designed to identify and address changes in both the regulatory environment and business operations. The following components are integral to the structure of an effective compliance program:
Training
Similar to having documented policies and procedure, all compliance-related training should be documented as well. The training provided by the company should be designed in a way that it empowers the employees to understand the implications of their decisions and empowers them to seek guidance when issues arise. Training should be tailored for all levels employees and should be based on the inherent risks of the specific industry. Additionally, training should occur at least annually, or more often if necessary.
Regular Monitoring
Regular monitoring of the compliance program should be used to identify high-risk areas. In order to effectively determine the level of risk , a company should consider factors including, but not limited to, the type of business, geographic locations, and available resources. These elements will assist in the implementation of an effective program, which should not be a "one-size-fits-all" approach. Key areas of focus for compliance monitoring may include the following:
Reporting Violations
An effective compliance program should contain management commitment to fostering a culture that emphasizes compliance and ethical behaviour at all levels of the organization. To this end, among its policies and procedures, a company should designate a person or group responsible for overseeing compliance efforts, developing compliance policies and procedures, and maintaining quality training programs. In addition, internal reporting channels should be established and consistently promoted. All employees should have a whistleblower policy which establishes the reporting process for violations. Clear and protected lines of communication are imperative in ensuring that the compliance program is being effectively communicated and enforced throughout the company.

Challenges for Compliance Officers and Legal Officers

Staying abreast of the ever-evolving legal and regulatory environment continues to be one of the more common hurdles that corporate counsel and compliance professionals must navigate. This is particularly challenging in international organizations that must comply with multiple legal requirements across different jurisdictions. As we mentioned in a previous post, regulators are introducing new rules at a significant pace, and it can be difficult for companies to stay compliant if they lack a system or process to periodically review their existing policies and internal controls to determine whether they would survive an audit from regulators or law enforcement agencies.
Organizations also face challenges during times of organizational change, including when they pursue mergers or acquisitions, reorganize their internal structure, try to enter a new markets, or try to implement a new policy or system. For example, in the merger and acquisition context, organizations will often try to harmonize their compliance program and internal controls with the other party’s program and controls in order to promote efficiency and ensure compliance. However, depending on the parties’ systems, this undertaking may be challenging, expensive, or even impossible. Similarly, if a company is in the process of restructuring its compliance program, overhauling its internal controls, or revising its policies to comply with changes in the law, its Compliance Officer may find it difficult to focus on these issues when he or she is also being asked to support a transaction or change in structure.
In addition, organizations that operate in high-risk areas (such as foreign assistance or export control) may also have to deal with more potential compliance risks and enforcement scrutiny, while contending with a smaller internal compliance team or none at all. These problems can be compounded when those officers do not have the support of upper management or access to sufficient legal and compliance resources. In fact, it is often difficult for these attorneys and compliance officers to balance the sometimes conflicting obligations to "stay out of trouble" and to "move the company forward."

Collaboration

Compliance and legal officers understand that their role is not limited to oversight and governance. In emergent and rapidly changing industries like Fintech, the relationship between compliance, legal and operations requires vigilance and collaboration to ensure appropriate risk mitigation. The role of a compliance and legal officer is to ensure the organization meets all regulatory requirements while onboard they also have experience and expertise to help management identify and resolve potential legal and compliance issues.
A compliance and legal officer can support business strategies and initiatives and often forge great relationships with other departments . Forward-thinking organizations look for individuals ready to support operational needs that maximize the efforts of the compliance department. They continue to promote collaboration between departments, as this becomes an important value-add for employees who often report these individuals can turn friction into a level of comfort with their presence. Along with being great communicators, employees find compliance and legal officers appreciate their daily challenges and are willing to engage to resolve issues to achieve compliance.