ETHIC Intelligence was very pleased to host its second annual international conference on Standards and Guidlines: Recent developments in Anti-Corruption Compliance on September 11, 2017 at the OECD conference centre in Paris. You can now view photos and video from the conference where experts from business, civil society and government exchanged and debated on how best to progress in the fight against corruption.
One of the most common questions I am asked is “to which function should the anti-corruption compliance function be attached?” Keeping in mind that it cannot be connected to an operations role for reasons of conflict of interest.
My answer to this question could appear paradoxical because I consider the issue secondary, but important and I will explain.
Secondary because more important than the position of the compliance function within the organigram is the level of support it receives from the General Management and its subsequent ability to convince operational managers that anti-corruption compliance matters.
Important because the position of compliance within the organigram can influence the ease with which the function can carry out its role.
Over the past 20 years I have observed a number of different organizational structures for compliance and they all have their advantages and drawbacks.
Compliance integrated into the legal department
The integration of compliance into the legal department is a frequent occurrence. The advantage is that its presence there ensures solid legal support. The proliferation of legal recommendations and guidelines makes it vital to incorporate new developments into the company’s business practices as the law evolves. In addition, most compliance risks are of a legal nature.
The potential drawback of including compliance in the legal department stems from the fact that its presence there gives the impression that anti-corruption compliance is primarily a legal issue. As important as the respect for laws, rules and procedures in the work of compliance is, it is equally important to stress that compliance is an overall attitude of vigilance particularly when new challenges arise that may not have been foreseen by the legal department.
When integrated within the legal department, the compliance function must cultivate a strong relationship with operations managers and be open to learning about and responding appropriately to new challenges in the business.
Compliance integrated into the audit or internal controls department
The integration of compliance within the audit and internal controls department is often found in companies where anti-corruption compliance has been established for some time. The function includes verifying that procedures have been respected and detecting whether infractions have been committed. The advantage of this choice is that it puts compliance on the same level of importance hierarchically as financial reporting.
However, the risk in this scenario is that too much emphasis is put on controls to the detriment of prevention. The other risk is that compliance may become too rigidly entrenched in processes and not flexible enough to respond appropriately to developments or new business challenges.
If integrated within the audit and internal controls department the compliance function must ensure that it focuses on corruption prevention and the identification of emerging risks.
Compliance integrated into the Corporate Social Responsibility Department
The integration of compliance into the Corporate Social Responsibility department sends a strong signal to external observers that compliance is a priority throughout the business and that the company seeks to demonstrate its company-wide commitment to conducting business with integrity. Integrity in business is given the same importance as human rights and environmental protection.
This situation can, however, minimize the fact that anti-corruption compliance is a series or group of practical procedures designed to ensure that business with integrity is a daily reality. Integrity is a value and compliance in business makes it possible to work ethically.
If included within the Corporate Social Responsibility department the compliance function must ensure that its procedures are fully integrated into corporate business strategy and practices.
Ethics and compliance as an autonomous entity
The latest trend I have observed involves combining ethics and compliance into one entity with reporting to the General Counsel or another member of the General Management (administration, finance).
This structure has the advantage that two different but complementary functions can be used to support integrity in business: ethics and compliance (see my earlier post). Ethics puts responsibility for appropriate behavior on the individual while compliance focuses on the procedures which allow each employee to take the right decision with respect to ethical conduct.
When ethics and compliance form an autonomous entity, it is important that the ethics component of this entity can count on legal support either externally or from the legal department and that the compliance activity receive the support of the audit department in the implementation of controls for corruption detection.
On this last point, I believe it is important that the head of ethics and compliance not be the one to undertake assessment or investigative activities even if he or she is the one to launch them. If the management of ethics and compliance conducts investigative audits, the relationship of trust it needs to establish with operations by listening to business challenges and questions, could be jeopardized.
Compliance: a function that must be able to evolve…
To end this brief overview, I would like to reiterate that there is not an ideal situation. What counts is the efficiency of the compliance function. This efficiency depends as much on the culture of the company as it does on its organization. And the organization depends on the size of the company….
On the issue of where to locate compliance, there is no clear cut, nor definitive answer. Companies need to be mindful that as they develop and grow, the risk of corruption evolves alongside and the compliance department must be flexible enough and structured in a way to meet the new challenges.
Philippe Montigny is CEO of ETHIC Intelligence and Chairman of its Certification Committee. Philippe has over 20 years of experience in advising companies on strategies to prevent corruption and leverage business integrity.
The compliance community must navigate amidst an ever-changing landscape of laws, recommendations, emerging corruption risks, trends in investigations and the threat of prosecution. The ambition of this blog is to bring this landscape into focus while raising compliance effectiveness from both a business and legal perspective.
Anti-corruption compliance is a major asset to companies; ETHIC Intelligence Certification of compliance programs and Validation of business partner commitments leverage this asset in a concrete way to help business.