Originally published at Corporate Counsel on October 16, 2014.
What would it look like if the human resources team woke up one day and suddenly decided it was going to take over the job of the internal audit function? Would managers somehow be asked to incorporate audit activities into their performance reviews? Would audit become 90 percent training? And more importantly, would the organization find itself less capable of identifying and fixing control risks?
NO, you say! That could never happen! Because everyone knows Internal Audit has a certain highly developed subject matter expertise, and that’s why this must be left to the experts.
And you would be right, of course. Which is why so many compliance and ethics authorities are uncomfortable with the prospect of the legal department or the general counsel driving compliance. To paraphrase Sen. Charles Grassley, R-Iowa—You don’t have to be a former chief compliance officer and recovered lawyer to see/smell the General Motors-style folly of that arrangement.
So to state the blindingly obvious, to this former CCO and recovered in-house lawyer, GM looks like a textbook case of “DIY Compliance.” Kinda like the product of a law department luncheon in which the GC starts out with, “Hey people, what if the law department dreamed up its own version of compliance? Now go talk amongst yourselves!” What might one expect to see from this exercise of “DIY Compliance Through a Legal Lens”? How about a nifty PowerPoint training campaign on “69 Naughty Words” like “explosion,” “deathtrap” or ”rolling sarcophagus,” and a new rule against taking notes in certain safety or engineering meetings?
Gee, that sounds like it belongs in the same CYA bucket as the language many lawyers and managers wish they could put in company hotline instructions: “Anyone using the hotline to call in a concern that is not in good faith will be drawn and quartered at the next Town Hall meeting.”
And of course, isn’t it always the compliance subject matter expert who must draw the reins in on that runaway team of horses by explaining the nuance of the chilling effect of such language on all the many potential good faith callers, but not on a single bad faith one? In hindsight it’s easy now to see how GM, its GC, the legal department and at least 13 victims of the failed ignition-switch recall might have benefitted from a little independent subject matter expertise, right?
Because C&E, like anything having to do with human behavior, is all about the nuance. That’s why I say that DIY Compliance performed through a 100 percent “protect and defend” legal lens (performed and directed by lawyers reading from the Legal Mandate Playbook) is like DIY Brain Surgery performed by your pediatrician: guaranteed to end in tears.
You can pretty much predict that a GM legal-managed compliance program would gum up the works for an efficiently speedy recall—instead of guaranteeing it or highlighting important risks to the appropriate senior levels. To that point, former federal prosecutor Michael Volkov, CEO of The Volkov Law Group (and an occasional contributor to this column) has summarized GM’s debacle experiment of legal managing compliance as “When the In-house Lawyers Run Amuck” in a vivid post on the matter.
This is also why I have said that any smart or reasonably cautious GC should demand a strong, independent compliance voice in the room when important decisions on compliance are being made. But let’s not pick on only poor GM. My second candidate for DIY Compliance poster child? Easy: Wal-Mart Stores Inc., pre-Jay Jorgensen overhaul (separating compliance from legal, and many other important and savvy reforms). Well-known Foreign Corrupt Practices Act expert and blogger Tom Fox has described Walmart’s decision to free its compliance function from its legal master as “the end of discussion” of how these departments should be structured.
At a bare minimum, that particularly visible act of best-practices leadership should cause compliance-savvy boards of directors and non-Kumbaya-driven CEOs to ask some hard questions about the effectiveness of their own compliance programs and departments. It’s the difference between having DIY Compliance and Effective Compliance at your company.
Donna Boehme is an internationally recognized authority in the field of compliance and ethics, designing and managing compliance and ethics solutions for a wide spectrum of organizations. Principal of Compliance Strategists, a N.J.-based consulting firm, Boehme is the former chief compliance and ethics officer for two leading multinationals. She has been named to The Top 100 Thought Leaders in Trustworthy Business 2014 by Trust Across America, is a recipient of the 2014 SCCE International compliance and ethics award for extraordinary contributions to the field, and can be reached at firstname.lastname@example.org.