Originally published at Corporate Counsel on March 17, 2015.
The bulk of 2014 was a milestone year for the compliance and ethics field, marking the demise of the failed “Compliance 1.0” model (compliance as a captive arm of the legal function) and the rise of “Compliance 2.0” (compliance freed from the legal department and positioned for success). Some big developments—such as the now standard separation of compliance from legal in the health care industry, and similar momentum in big banks after a series of record-breaking settlements involving LIBOR rate fixing, mortgage fraud and money laundering—have led to some (now prophetic) media headlines including “Legal Losing Its Grip Over Risk and Compliance,” “Ethics and Compliance Moving Out of the Law Department” and “Report: More Companies Splitting Legal and Compliance.” Several industry surveys have mirrored this momentum.
A careful observer will have noted three key events from 2014 that can be categorized as “nails in the coffin” for the decades-old, fatally flawed Compliance 1.0 model:
Nail No. 1: Wal-Mart’s Big Compliance Overhaul
When none other than the world’s largest retailer, with every resource and expert at its fingertips, decides to reject the Compliance 1.0 model as part of its well-publicized “compliance overhaul,” organizations the world over took notice. Compliance Week reports that “Decision No. 1” of Wal-Mart Stores Inc.’s new chief compliance officer, Jay Jorgenson, was to split legal and compliance into two separate departments. Jorgenson has explained:
“The chief compliance officer can’t be buried in the organization. She can’t be wearing half a hat. . . . They need to be independent, senior executives, who all report back into Bentonville.”
Nail No. 2: GM’s DIY Compliance
Need a cautionary example of what can happen when legal drives compliance? Look no further than General Motors Co.’s deadly delayed recall of vehicles with a faulty ignition switch tied to at least 50 deaths. The path has been analyzed in detail by the media in reporting such as “GM Lawyers Hid Fatal Flaw, From Critics and One Another.”
GM also is the answer to the question: “What happens when the compliance mandate to prevent and detect problems runs smack dab into legal’s drive for secrecy and defense?” Compliance through a legal prism: It’s not pretty. As more and more companies are concluding, beware “DIY Compliance”—it’s about as dangerous as “DIY Brain Surgery” performed by your pediatrician!
Nail No. 3: Under Pressure from Regulator, Bank of America Separates Compliance from Legal
Smart regulators can read the tea leaves, too. The latest big bank to kick the Compliance 1.0 model to the curb, Bank of America Corp., did so with the help of its regulator, the Office of the Comptroller of the Currency. How do you know for sure that you’re looking at the demise of Compliance 1.0? When regulators, prosecutors and other gatekeepers all start to get the memo, that’s how.
It’s fair to say that none of these “Nails in the Coffin” would have come as a great surprise to anyone even casually reading last year’s compliance tea leaves (and headlines), yet there are those who have fought the rise of Compliance 2.0 with fierce anger, misplaced righteousness and a degree of “knickers-in-a-wad” alarm bordering on the hysterical.
It would be easy to dismiss this reaction as a predictable pushback by those who have profited handsomely from the status quo, but on reflection, I imagine there must be another motivating factor. So as with all of life’s big mysteries, we look to the iconic film “The Godfather” for the answer.
In the film, a powerful studio head who refuses to give a coveted movie role to the Godfather’s godson, explains it thus: A top actress ran away with the godson and made him (the studio head) look ridiculous. “And a man in my position can’t afford to look ridiculous!” So in compliance, as in “The Godfather,” it seems some people are most motivated by a desire not to have their very public positions shown to be wrong, such that they (or their clients) look ridiculous. Yep => #KnickersinaWad!
So, memo to boards, C-suites, regulators, prosecutors and gatekeepers who don’t want to look ridiculous: Compliance 1.0 is DEAD and Compliance 2.0 is on the rise. Boards and senior management teams that are serious about maintaining robust, up-to-date compliance practices should take note—because, as I’ve said before, #TheRisingCCOLiftsAllBoats! And the opposite is true, too.
In my next few columns, I’ll be reviewing some practical steps companies stuck in Compliance 1.0 can take to jump-start their upgrade to Compliance 2.0 and stronger protection for their reputations and licenses to operate. There is much work to be done and the profession is now poised to achieve it.