Boeing's recent decision to assign its new chief legal officer the responsibility for both global compliance and the law department reflects an emerging interest in integrating the risk, legal, compliance and ethics functions in large corporations.

According to its press release, the reorientation of Boeing's legal and compliance activities was part of a larger organizational effort to achieve greater cross company integration and continuous improvement; align enterprise services with current business conditions while increasing value; streamline leadership roles and responsibilities, and prepare for a post-pandemic environment.

The decision to combine legal and compliance (as well as trade controls, ethics and business conduct) under the leadership of the CLO is intended to enhance Boeing's existing compliance and governance program through "focused accountability for, and a more integrated approach to, its compliance responsibilities."

Boeing is one of the latest of a number of large corporations that have adopted more administratively integrated approaches to compliance program effectiveness. Another prominent adopter was a large national financial services company that changed its risk and compliance infrastructure following a significant scandal. That company shifted from a decentralized, federated compliance model (with compliance staff reporting to the business units they oversaw) to a more centralized model under a newly created strategic execution and operations office. This change was intended to provide greater oversight and to facilitate a coordinated response to risk and compliance issues.

Last month a major U.S.-based global media and technology company appointed a new chief compliance officer, responsible for oversight of domestic and international compliance. The position reports to the corporate general counsel. In addition, many of the publicly announced general counsel hirings to date in 2020 combine the role of chief compliance officer within the general counsel position. This group includes companies across the commercial spectrum, ranging from technology, private equity, insurance, pharma and mortgage companies to a major motorcycle manufacturer and a global contract logistics supplier.

All of this seems to confirm that there is no "one size fits all" approach to the coordination of corporate legal and compliance functions, to compliance officer/general counsel reporting relationships and to whether the roles of compliance officer and general counsel can be combined into one position. An organizational structure that achieves the greatest degree of effectiveness may depend upon the circumstances of the particular company.

Companies are continuing to adopt structures that offer them the greatest opportunity to achieve enhancements to, and efficiencies arising from, their legal and compliance functions. There is a particular interest by some companies to seek increased horizontal coordination of the various organizational functions involved with enterprise risk. These include the traditional (e.g., legal and compliance) and the non-traditional (e.g., information services, technology, supply chain and human resources).

Especially post-pandemic, increased value will likely be attributed to effective risk based knowledge and information sharing, in order to identify and quantify risk on a more timely basis. Such cross-disciplinary communication is more likely to succeed in the absence of artificial barriers that limit coordination between personnel with risk/legal/compliance/audit duties. In these circumstances, the advantages of a "siloed" approach to such duties become less obvious.

Nevertheless, there are several elements of the legal/compliance relationship that regulatory agencies (such as the Department of Justice) will look for when evaluating the effectiveness of an organization's compliance program. These include, but are not limited to,: the compliance officer holding a senior hierarchical position in the organizational chart; appropriate experience and qualifications of the compliance officer; a direct reporting relationship from the compliance officer to the CEO; a futility bypass right to the board or its audit committee; and board oversight of the hiring, compensation and termination of the compliance officer (and the general counsel).

The presence of these and similar traditional elements is especially important in industries such as health care, and with regulatory agencies such as the Office of Inspector General of the Department of Health and Human Services. OIG is somewhat unique in its single-minded objection to the chief compliance officer reporting to the general counsel. Indeed, in corporate integrity agreements, the OIG not only precludes such reporting to the general counsel, but also the performance of legal functions for the company (and thus presumably could not themselves place an investigation under privilege). The specific CIA language says that the compliance officer "shall not be, or be subordinate to, the General Counsel or Chief Financial Officer or have any responsibilities that involve acting in any capacity as legal counsel or supervising legal counsel functions for" the company under the CIA.

For that reason, efforts by health industry companies to integrate corporate risk, legal and compliance functions should focus on structures that are sensitive to the OIG's concerns. Note in this regard, Boeing's plan is to soon appoint a new compliance officer who, while reporting to the general counsel, would also have a direct reporting relationship to the CEO and to the board's audit committee.

Many companies periodically recalibrate their compliance and risk management practices to adjust to changes in their business model, the environment in which they operate, and the relevant regulatory climate. In that context, it is increasingly likely that a more integrated approach to these practices may be appealing, as long as it reflects an organizational commitment to compliance and to the support of its legal and compliance functions.

Boeing's decisions with respect to legal and compliance integration do not constitute some new "best practice." They may not even suggest a new wave of practice. But they do represent a unique way to achieve effective legal, regulatory and ethical compliance in a rapidly changing risk environment. That's something to be considered by corporate executive and board leadership as they periodically evaluate the effectiveness of their own legal and risk programming.

Michael W. Peregrine, a partner at the law firm of McDermott Will & Emery, advises corporations, officers, and directors on matters relating to corporate governance, fiduciary duties, and officer and director liability issues. His views do not necessarily reflect the views of the firm or its clients.