The Compliance team is often seen as the poor relation to the in-house legal team in a business; but I suspect this is all about to change.
Imagine asking any Board director “Would you please specify the laws and regulations that apply to your business that you will be choosing not to comply with in future?” The answer, of course, will be an incredulous “No”. It is the shortest answer any question can have, but this “No” is packed with consequences.
First and obviously it indicates that the Board expects to comply with all applicable laws and regulations. This must be the position of all Boards and a completely uncontroversial statement; but if this is the case then all Boards must also be interested to understand:
- What exactly are the applicable laws and regulations in every jurisdiction in which we trade?
- How do those laws and regulations apply to our business?
- How do we track how any new laws will impact our business?
- How do we then comply with all these laws in a way that is proportionate to the risk, but which is also assuredly within the law?
- Then, how do we know we are actually complying with these laws so that we have the evidence to back up our desire to comply? And finally
- What do we do if we sense that we are not complying and what do we do when we find out that we are definitely not complying?
And so for any significant and mature business the Compliance function is born.
In-house legal teams might once have been a little sniffy about compliance work; it was, after all, for the “box tickers” down the corridor; but in fact Compliance is of far more interest to a Board than most of the work a legal department undertakes. It is directly relevant to the duties of directors, goes to the heart of personal and corporate reputation and is always on the formal business agendas.
It is very hard to outsource Compliance and not lose empathy and proportionality. In addition a compliance failure will often be brought to the attention of a regulator and this in turn can impact reputational risk, the ability to trade as well as having financial penalties. In extreme circumstances directors may even face personal sanctions in a way that most legal work does not entail.
Whereas nearly all legal work can be outsourced and in any event does not usually impact every policy, process and person in the business. Legal work, in this context, is frankly not that significant. Indeed I will go so far as to say that if in-house teams do not embrace Compliance and bring to it all their creativity and expertise, then they are putting at risk their own value to their businesses and missing a significant opportunity to become strategically important.
The opportunity to do so however is very much alive. This is not a closed shop and there is much work to be done for lawyers and compliance professionals alike. For many organisations Compliance is something of a mystery, while for others it is very much a maturing function. The Compliance journey has really only just begun.
It would be easy to make Compliance bureaucratic, insensitive to business priorities and superficial. Not only should it be the opposite of these failings, it should also encourage better risk management, help to raise standards in the conduct of business and mitigate the consequences of any failings that are probably inevitable in any large scale operation.
Importantly businesses must also come to appreciate that they have a duty of care to help all their employees avoid the consequences of inadvertent breaches of rules and regulations. In this context if a company is true to its values then it will invest in ensuring compliance requirements and responsibilities are evident in the recruitment process, induction, training and appraisal. Compliance is part of everything.
Compliance might not be sexy in the way that that some lawyers think an M&A deal sets the pulse racing or a high profile dispute plays out in the courts, but it is an essential assurance function and a crucial link in the governance chain. Indeed it is one of the few areas that provide everyone from Board member to the lowest operational grade with a common objective.
Legal work will continue to be important (obviously) and if it is done well it will always be of significant value; Compliance however can be and should be part of the DNA of a business. It is an unsung function, but one that I predict will become increasingly significant, increasingly valuable and increasingly strategic.
External advisors and in-house lawyers look out; this may be your best opportunity to make a very big difference to your business; so don’t be sniffy about it and don’t leave it to the box tickers!