One of the most common questions I am asked is “to which function should the anti-corruption compliance post be attached?” As previously mentioned, it cannot be connected to an operations role for reasons of conflict of interest.
My answer to this question may appear paradoxical: I consider the issue to be secondary, but important.
Secondary because more relevant than the position of the compliance function within the organigram, is the level of support it receives from the General Management. General Management’s support is essential in convincing operational managers that anti-corruption compliance matters.
Important because the position of compliance within the organigram can influence the ease with which the function can carry out its role.
Over the past 20 years I have observed a number of different organizational structures for compliance and they all have their advantages and drawbacks.
Compliance integrated into the legal department
The integration of compliance into the legal department is frequent. The advantage is that it entails solid legal support for the Compliance Officer. The proliferation of legal recommendations and guidelines makes it vital to incorporate new developments in the company’s business practices as the law evolves. In addition, most compliance risks are of a legal nature.
Including compliance in the legal department can however give the impression that anti-corruption compliance is exclusively a legal issue. As important as the respect for laws, rules and procedures is in compliance, compliance’s overall attitude of vigilance is just as crucial. This is especially true when new challenges that may have gone unnoticed by the legal department arise.
When integrated within the legal department, the compliance function must cultivate a strong relationship with operations managers and be open to learning about and responding to new challenges in the business appropriately.
Compliance integrated into the audit or internal controls department
The integration of compliance within the audit and internal controls department is often found in companies in which anti-corruption compliance has been established for some time. The function includes verifying that procedures have been respected and detecting whether infractions have been committed. The advantage of this choice is that it puts compliance and financial reporting at the same level of hierarchical influence.
However, in this scenario, too much emphasis might be put on controls to the detriment of prevention. Another risk is that compliance may become too rigidly entrenched in processes and not flexible enough to respond appropriately to developments or new business challenges.
If integrated within the audit and internal controls department, the compliance function must ensure that it focuses on corruption prevention and on the identification of emerging risks.
Compliance integrated into the Corporate Social Responsibility department
The integration of compliance into the Corporate Social Responsibility department sends a strong signal to external observers that compliance is a priority throughout the business and that business will be conducted with integrity. Such commitments are given similar importance to those made to uphold human rights and environmental protection.
Integrating compliance into the Corporate Social Responsibility department can, however, minimize the fact that anti-corruption compliance is a series or group of practical procedures designed to ensure that business with integrity is a daily reality. Integrity is a value and compliance in business makes it possible to work ethically.
If integrated into the Corporate Social Responsibility department, then the compliance function must ensure that its procedures are fully integrated into corporate business strategy and practices.
Ethics and compliance as an autonomous entity
The latest trend I have observed involves combining ethics and compliance into one entity that reports to the General Counsel or another member of the General Management (administration, finance).
This structure offers the advantage of having two different, yet complementary, functions being used to support integrity in business: those of ethics and of compliance (see previous chapter). Ethics puts the responsibility of maintaining an appropriate behavior on the individual while compliance focuses on the procedures that allow each employee to take the right decision with respect to their ethical conduct.
When ethics and compliance form an autonomous body, it is important that the ethics component of this entity can count on legal backing, either from an external source or from the legal department. Just as crucial, the compliance activities should receive the support of the audit department in the implementation of controls for corruption detection.
On this last point, I believe it is essential for the assessment or the investigative activities not to be undertaken by the Head of Ethics and Compliance, even if he is the one that initiated such activities. If the Management of Ethics and Compliance conducts investigative audits, the relationship of trust it needs to establish with operations could be jeopardized.
Compliance: a function that must be able to evolve…
To end this brief overview, I would like to reiterate that there is no ideal situation. What matters is the efficiency of the compliance function. This efficiency depends as much on the culture of the company as it does on its organization. And the organization depends on the size of the company….
On the issue of where to locate compliance, there is no definitive answer. Companies need to be mindful that as they develop and grow, the risk of corruption evolves alongside, and the compliance department must be flexible enough and structured in such a way as to meet the new challenges.