Transforming Compliance Risk into Value: Customizing the Reporting Structure of Your Ethics & Compliance Program

There has been a raging debate in certain quarters about where the ethics and compliance function should report within companies. In my opinion, the important thing is that companies have a program in place at all. It is therefore important to try to strike a balance between what I believe are somewhat extreme positions being articulated in the marketplace today.

On the one hand, there are those who advocate that all compliance (and ethics) should always report to the CEO and board. This is a view I sympathize deeply with as I have been there and done that (i.e., reported to the CEO and the board) and I have also been there and not done that (i.e., suffered the consequences of reporting to the wrong functions and people).

On the other hand, there are those who would advocate the sole and strict legal department supervision of all things ethics and compliance. This too is quite extreme and in some cases retrograde as the ethics and compliance role is truly not a legal role for all intents and purposes – it is and should be first and foremost a risk management and culture promoting role that acts cross-functionally and reports to supportive leadership (both executive and governance-based).

My bottom line is this: as with everything else in life (except for those things that will kill, hurt or damage), each company/organization needs to strike its own customized balance of what makes sense for it under its real world circumstances.

Screen Shot 2015-05-23 at 3.10.47 PMIf that means, for example, that the general counsel is the best or only person/ function to be able to create and/or supervise an ethics and compliance program because of a variety of real world reasons (e.g., the CEO couldn’t care less or the company is young and under-resourced and somebody needs to start this function), then by all means let the general counsel or another executive competent and willing to create and supervise this role do so! It’s better than not having anyone do this important work…

However, if you ask where I think the ethics and compliance function belongs in an evolved, global Fortune 1000 company, I will almost unequivocally advocate that it be an independent, properly resourced, executive role that reports to the board and the CEO. Short of a certain amount of complexity and size, I believe companies and organizations need the room to customize and create what will work for them at their moment in time and under their particular circumstances.

Such circumstances may include consideration of one or more of the following:

  1. How big, complex and regulated are you?
  2. What stage of development are you in – are you a start-up, a mid-size company or a global powerhouse?
  3. How broad is your footprint? Are you mostly local, regional, national or global?
  4. How large and spread out is your employee population? How about third parties (suppliers, vendors, partners, others)?
  5. How many stakeholders do you have and how complex is your relationship with them?
  6. Do you have a track record of problems, bad audits, legal troubles or (god forbid) scandals?
  7. Do you have great leaders who “get it”, mediocre one’s who are muddling through or ostriches who are willfully blind on ethics and compliance issues?
  8. How centralized or decentralized is your organization?

Answers to these questions will help any organization figure out the best, most customized structuring of their ethics and compliance program under their circumstances – not some dicta imposed by either extreme of the spectrum described above about where the program should belong under any circumstances.

Once again, in the real world, would it better to have no program at all?

For more on these topics, please see the following resources:

Andrea Bonime-Blanc & Martin Coyne III. “A Life-Cycle Guide to Ethics and Compliance Programs”. NACD Directorship Magazine. December 2014-January 2015 Issue. Available here: http://bit.ly/1ctFvSh

Bob Barker interviews Andrea Bonime-Blanc. “Creating Compliance from Scratch: Q&A with a Risk Expert”. Inside Counsel Magazine. May 22, 2015.     http://bit.ly/1elc7TI

The Reputation Risk Handbook: Surviving and Thriving in the Age of Hyper-Transparency (DO Sustainability 2014): http://bit.ly/1mIWCrN