In the last five years, law firms and companies have aggressively added resources and capabilities to respond to increased FCPA enforcement and compliance needs. Outside counsel have established practice areas dedicated primarily to FCPA enforcement and compliance issues.
Five years from now is an eternity in the law enforcement and compliance fields. What will the landscape look like?
The most important change has been — and will continue to be – an increased focus on compliance. Corporate leaders now recognize that compliance is the new field for innovation and opportunity. Business focus on compliance is not limited to anti-corruption issues but embraces a variety of issues, including accounting fraud, employee misconduct, anti-money laundering, information security, sanctions, antitrust and other significant risks.
With the greater awareness of the importance of compliance, growth in the compliance field – not just in numbers of professionals but in compliance tools and resources will increase. If you gaze into the compliance crystal ball, the transformation of the role of a compliance officer into a C-Level executive and the development of new compliance tools and resources will be the most significant change in corporate governance. You can bet on this – it is a sure thing.
Many companies already have recognized the importance of risk evaluation and compliance. Some have already started to implement new and innovative compliance mechanisms by creating a Compliance Committee at the board level and elevating the Chief Compliance Officer to a C-Level position. Those two simple steps can do more for “tone-at-the-top” than any other actions.
At the same time, some companies have veered off into an inexplicable set of actions. In response to the new enforcement environment, companies are creating risk managers, or C-Level risk executives while ignoring the need to elevate the compliance office. This is a fundamental mistake.
A Chief Compliance Officer has two primary responsibilities: identification/ranking of risks and implementation of compliance controls to minimize those risks. Companies that divide up these two functions need to re-examine the issue.
There is no need to separate these two functions, especially since the issues work hand-in-hand. A division of responsibility is worse than a Solomonic solution to the proverbial “splitting the baby.” It is likely to have catastrophic consequences to an entire organization.
When I work with companies on compliance and governance issues, the issue of risk management and compliance is one of the first issues I focus on when discussing compliance.
In my old age, and with my grey hair, I find myself repeating advice like the KISS rule – Keep it Simple Stupid. There is a reason that the rule has been cited for many years. And it clearly applies in the situation where an organization is trying to identify and minimize risks. That responsibility has to reside in one person, one office and with one overall mission – that is the compliance office headed by a Chief Compliance Officer.