Lawyers are trained to view everything through a legal lens. Which is pretty much like anyone who is trained to do something at a high level: your eye sees what your brain has been taught to look for.
In my family, when someone has a gardening question, they call the cousin who is a gardener because that’s the expertise they need. Within organizations, it’s the same thing. When businesses need legal advice, they go to the experts with the mandate to advise and defend the company, and to provide its professional expertise through a legal eye.
Similarly, corporate compliance needs to be managed and overseen through a professional compliance lens. Compliance has a distinct advisory and control mandate, and uses very different competencies, skillsets, mindset and priorities to achieve it. Most aspects of compliance have nothing at all to do with the legal function. A modern compliance function is neither a subset nor extension of legal.
Within a typical company, there are several advisory functions, including legal and compliance. The mandate of legal is to provide legal advice and defend the company. Compliance’s mandate is to find, fix and prevent problems, and to support a culture of transparency and accountability. Both are important, and each serves as a healthy check and balance, and a line of defense against organizational threats.
Usually, these two separate mandates are mutually supportive. However, compliance and legal do not always see eye to eye or have the same priorities—and when that happens, neither should automatically veto the other. As the chief counsel for the U.S Department of Health and Human Services’ inspector general said to Pfizer Inc.: “Lawyers tell you whether you can do something, and compliance tells you whether you should. We think upper management should hear both arguments.”
Some in the in-house legal community don’t want to talk about the conflicts in mandate when legal tries to manage compliance. When asked about this, they become defensive and say that the idea is “ridiculous” and that a general counsel can’t be “biased” because they are governed by a lawyers’ code of professional responsibility.
Really?
When was the last time that a GC, before deciding to “hush up” an internal bribery investigation by referring it back down to the local counsel who approved suspected payments in the first place, consulted his professional responsibility code for guidance? Should an internal whistleblower have confidence that a professional code will stop an in-house attorney from retaliating against that very whistleblower?
And I wonder, what does the professional code tell lawyers about a need-to-know list for investigations, the cultivation of ethical leadership, or the need for transparency in a compliance program? When legal and compliance differ on the details of an employee engagement survey or have opposing input on a disciplinary case, what does the professional code say about that?
If I were a GC, I would not want to have responsibility for compliance. I would want an independent, collaborative sister function with 100 percent focus on the mandate of compliance. I would want fewer reasons for others, including plaintiffs, regulators and the media, to suggest that the company’s legal or compliance decisions were “conflicted,” or investigations less than robust, arms-length and professional. I would want employees to have more confidence, and less fear, when coming forward with real concerns that could be important early warnings of problems. I would want prosecutors, business partners and investors to be impressed with my company’s commitment to a strong, independent compliance function with unfiltered reporting to management and the board of directors.
No comments:
Post a Comment