Keeping an eye on compliance

When Mark Adams was promoted to the top legal job at AGF Management Ltd. in December, he assumed the reporting line for compliance in the organization. As vice president, general counsel, and corporate secretary, compliance issues now flow through to him. “We haven’t merged legal and compliance in any respect but I am now overseeing compliance as the general counsel,” says Adams. “I am in the camp where I think they need to be distinct for it to really work well together.”
It can differ in various organizations — sometimes compliance and legal are separate while in other instances they can be morphed into the same department. Many argue it is a distinct skill set, but clearly as business units in a large organization, because they are both on the risk-management side, compliance and legal often work together — or at least they should.

Compliance and how it fits with the legal department in an organization is undergoing somewhat of a review in corporate circles these days. In part, it may be due to the increase in regulatory legislation and globally due to politics, but there are others. According to John Boscariol, leader with McCarthy Tétrault LLP’s international trade and investment law group, there is a laundry list of things that should encompass compliance and the legal department should be aware of them and make sure senior management knows they are being monitored. He refers to this as “compliance convergence.”

Boscariol says compliance requires senior management commitment to drive it and there should be structured tools to help back it up including a compliance manual and guidelines. It also means having an authoritative senior officer responsible for compliance. From there, you need training and education for employees, officers, board members, and business partners. A good compliance regime also includes internal audits, reviews, and investigations, covers voluntary disclosures, contract reviews, mergers and acquisition due diligence, and the screening of customers, suppliers, and all other business partners.

Boscariol says where the convergence point comes is really about knowing who you’re doing business with as supplier, customer, creditor, debtor, or what your product or technology service is used for and by whom. “It brings together issues like economic sanctions, export controls, anti-money laundering, anti-terrorism rules where you’re going to be doing the same things, compliance-wise, within your organization to protect it going forward,” he says.

In many companies those areas are dealt with in silos. “There could be a clerk in the warehouse dealing with a customs broker and for anti-corruption it might be in-house counsel. Or economic sanctions might be handled by someone else and it can become quite costly and inefficient, quite honestly.”

Sound daunting? It definitely could be in the beginning. “It all comes down to information and that’s where people fall down,” says Adams. “It’s not that people don’t want to be compliant — they just aren’t aware of certain things. Company footprints get large. I honestly feel better positioned as a general counsel when I know what’s going on in the various aspects of our business — there shouldn’t be any surprises that way.”

In a smaller organization it’s probably easier to manage and in some cases the general counsel will assume compliance responsibilities.

Georges Dessaulles is a compliance and business ethics consultant who was with RBC before retiring two years ago. He says the compliance function is continually evolving. “There are all kinds of models for compliance and it’s a moving target,” he says. “Historically, compliance in the banks reported to the general counsel’s office and had its own function and independence but ultimately reported to the general counsel.” Dessaulles says compliance has now matured to the point where in most organizations it is a stand-alone function and equal to, if not more important than, the legal function.

Smaller companies may not be able to afford a separate compliance function and general counsel will have responsibility for both, but it can make their life a bit difficult. “You have to be aware the roles are different and issues can arise that require them to wear one hat more than another,” says Dessaulles. “It won’t be a problem if you have the right person — you have to have backbone — you can’t be a general counsel who always wants to please the business unit; there will be times you will disagree.”

In a small in-house department where the general counsel is flying solo or with only a small support staff in place, juggling compliance and legal matters may be required of them. In large organizations the roles of general counsel and compliance may need to stay separate, says Boscariol. “I think the trend we’re seeing is there is a focus on appointing a chief compliance officer that is separate from your general counsel because of perceived conflicts.”

John Williams, a Calgary-based partner with KPMG LLP, has worked with audit committees and boards as well as in-house counsel. “More often than not when we get involved with the GC it’s on a reactive basis because there’s been a problem,” says Williams. Often, it has been a situation when a senior-level
executive has engaged in some inappropriate behaviour such as a form of fraud or other financial misconduct and it often involves a call to a forensic accountant.

Williams says he can see Canadian in-house counsel following on a trend that’s been developing in the United States in which general counsel are working more closely with internal audit functions, compliance executives, and monitoring officers. He says large U.S. corporations are setting up compliance officers in cities where they have major subsidiaries. “My sense is that for the most part the people who are now fulfilling those roles are lawyers,” he says.

Those lawyers are mandated to ensure that employees are complying with corporate initiatives such as whistleblowing mechanisms, anti-bribery and anti-corruption policies, as well as concerns over financial reporting or various risk-management issues. “What I think is emerging out of the U.S. is the GC’s office is taking more of a proactive role to ensure there are proper governance structures put in place to jointly address the culture of the organization, to make sure people understand how they can report their concerns, and make sure the mechanisms are in place to give assurance to anybody who wants to report a concern that it’s a retribution-free environment,” says Williams. “Of course there’s always a caveat that if someone does it with a malicious intent all bets are off.”

From his vantage point, Williams says the role of GC has expanded significantly since 2004. “They’re becoming more critical in terms of ensuring that corporations are setting the proper tone and satisfying their statutory obligations in terms of compliance.” In fact, he says, general counsel hold a unique position in an organization. “More often than not, general counsel can stay above the fray. The ones I know don’t let emotion creep into their decision-making and are generally effective in steering the corporation down the right path, making sure they don’t stray ethically with difficult situations, and holding everyone else to a higher standard.”

Dessaulles says the general counsel can wear two hats. “It shouldn’t be a conflict — for example, in the banks the compliance and legal functions are very closely related and work closely together.”

If you’re general counsel and don’t have a separate person handling compliance and you find yourself in a situation being pressured to do something you don’t feel is right you have to stand up and be counted. In that kind of circumstance Dessaulles says the general counsel has to evaluate whether to go with the business or say no and refer it up the line to someone more senior to make the decision. “You have to go beyond the business unit. If the general counsel is going to take a position that disagrees with the business unit, it will have to go to the next level. I think the general counsel today tends to report to a fairly senior officer in the company.”

Williams says there needs to be a healthy culture of openness in an organization for compliance to work smoothly and for proper information exchange to happen. “It’s tough for in-house counsel to be in charge of the internal controls but where they can be great is in the role of making sure the organization is in full control of all the compliance issues and statutes and working on a culture of compliance. From there, once it gets into the DNA of the organization, it doesn’t mean things won’t happen but it really minimizes a catastrophic loss.”

Success also depends on the maturity of the organization, says Dessaulles, adding it depends a lot on whether the company has truly accepted the GC as part of senior management. “If the GC is just a functional lawyer hired to do contract work then it may not work, but if general counsel is seen as part of senior management and as somebody there to keep the company out of trouble then yes, it can and should work.”

Adams says each company has to weigh its own risk tolerance. “At the end of the day it’s not about doing something that’s not compliant, it’s a matter of assessing a priority to something. Take Dodd-Frank — everyone is going to make sure they are compliant with everything in Dodd-Frank given the importance of it, but there are other areas, too. Compliance is not just about compliance with law but in our business complying with what your clients are telling you what their personal rules are.”