Integrating Risk, Legal and Compliance Functions in Large Corporations
Boeing's recent decision to assign its new chief legal officer the responsibility for both global compliance and the law department reflects an emerging interest in integrating the risk, legal, compliance and ethics functions in large corporations.
May 21, 2020 at 11:04 AM
6 minute read
Boeing's recent decision to assign its new chief legal officer the responsibility for both global compliance and the law department reflects an emerging interest in integrating the risk, legal, compliance and ethics functions in large corporations.
According to its press release, the reorientation of Boeing's legal and compliance activities was part of a larger organizational effort to achieve greater cross company integration and continuous improvement; align enterprise services with current business conditions while increasing value; streamline leadership roles and responsibilities, and prepare for a post-pandemic environment.
The decision to combine legal and compliance (as well as trade controls, ethics and business conduct) under the leadership of the CLO is intended to enhance Boeing's existing compliance and governance program through "focused accountability for, and a more integrated approach to, its compliance responsibilities."
Boeing is one of the latest of a number of large corporations that have adopted more administratively integrated approaches to compliance program effectiveness. Another prominent adopter was a large national financial services company that changed its risk and compliance infrastructure following a significant scandal. That company shifted from a decentralized, federated compliance model (with compliance staff reporting to the business units they oversaw) to a more centralized model under a newly created strategic execution and operations office. This change was intended to provide greater oversight and to facilitate a coordinated response to risk and compliance issues.
Last month a major U.S.-based global media and technology company appointed a new chief compliance officer, responsible for oversight of domestic and international compliance. The position reports to the corporate general counsel. In addition, many of the publicly announced general counsel hirings to date in 2020 combine the role of chief compliance officer within the general counsel position. This group includes companies across the commercial spectrum, ranging from technology, private equity, insurance, pharma and mortgage companies to a major motorcycle manufacturer and a global contract logistics supplier.
All of this seems to confirm that there is no "one size fits all" approach to the coordination of corporate legal and compliance functions, to compliance officer/general counsel reporting relationships and to whether the roles of compliance officer and general counsel can be combined into one position. An organizational structure that achieves the greatest degree of effectiveness may depend upon the circumstances of the particular company.
Companies are continuing to adopt structures that offer them the greatest opportunity to achieve enhancements to, and efficiencies arising from, their legal and compliance functions. There is a particular interest by some companies to seek increased horizontal coordination of the various organizational functions involved with enterprise risk. These include the traditional (e.g., legal and compliance) and the non-traditional (e.g., information services, technology, supply chain and human resources).
Especially post-pandemic, increased value will likely be attributed to effective risk based knowledge and information sharing, in order to identify and quantify risk on a more timely basis. Such cross-disciplinary communication is more likely to succeed in the absence of artificial barriers that limit coordination between personnel with risk/legal/compliance/audit duties. In these circumstances, the advantages of a "siloed" approach to such duties become less obvious.
Nevertheless, there are several elements of the legal/compliance relationship that regulatory agencies (such as the Department of Justice) will look for when evaluating the effectiveness of an organization's compliance program. These include, but are not limited to,: the compliance officer holding a senior hierarchical position in the organizational chart; appropriate experience and qualifications of the compliance officer; a direct reporting relationship from the compliance officer to the CEO; a futility bypass right to the board or its audit committee; and board oversight of the hiring, compensation and termination of the compliance officer (and the general counsel).
The presence of these and similar traditional elements is especially important in industries such as health care, and with regulatory agencies such as the Office of Inspector General of the Department of Health and Human Services. OIG is somewhat unique in its single-minded objection to the chief compliance officer reporting to the general counsel. Indeed, in corporate integrity agreements, the OIG not only precludes such reporting to the general counsel, but also the performance of legal functions for the company (and thus presumably could not themselves place an investigation under privilege). The specific CIA language says that the compliance officer "shall not be, or be subordinate to, the General Counsel or Chief Financial Officer or have any responsibilities that involve acting in any capacity as legal counsel or supervising legal counsel functions for" the company under the CIA.
For that reason, efforts by health industry companies to integrate corporate risk, legal and compliance functions should focus on structures that are sensitive to the OIG's concerns. Note in this regard, Boeing's plan is to soon appoint a new compliance officer who, while reporting to the general counsel, would also have a direct reporting relationship to the CEO and to the board's audit committee.
Many companies periodically recalibrate their compliance and risk management practices to adjust to changes in their business model, the environment in which they operate, and the relevant regulatory climate. In that context, it is increasingly likely that a more integrated approach to these practices may be appealing, as long as it reflects an organizational commitment to compliance and to the support of its legal and compliance functions.
Boeing's decisions with respect to legal and compliance integration do not constitute some new "best practice." They may not even suggest a new wave of practice. But they do represent a unique way to achieve effective legal, regulatory and ethical compliance in a rapidly changing risk environment. That's something to be considered by corporate executive and board leadership as they periodically evaluate the effectiveness of their own legal and risk programming.
Michael W. Peregrine, a partner at the law firm of McDermott Will & Emery, advises corporations, officers, and directors on matters relating to corporate governance, fiduciary duties, and officer and director liability issues. His views do not necessarily reflect the views of the firm or its clients.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllA Blueprint for Targeted Enhancements to Corporate Compliance Programs
7 minute readThree Legal Technology Trends That Can Maximize Legal Team Efficiency and Productivity
Corporate Confidentiality Unlocked: Leveraging Common Interest Privilege for Effective Collaboration
11 minute readTrending Stories
- 1A&O Shearman, Hogan Lovells and the Stories That Shaped Africa This Year
- 2Borden Ladner Gervais Cyber Expert Warns of AI-Boosted Ransomware Attacks
- 3Phila. Judge Upholds $68.5M Verdict Over Construction Worker's Death
- 4Biden Vetoes Bill to Create More Federal Judgeships
- 5Memories of a Straight Shooter
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250