Donna Boehme – November 6, 2015
It’s not too hard to spot the winds of change that are blowing today’s corporate compliance ships into Compliance 2.0 territory. Maybe it depends on your industry. If you are in big banking, it’s difficult to ignore the domino effect of all the big banks that have opted to separate their Compliance and Legal groups, as we have discussed here. By empowering their Compliance departments to pursue their independent mandates, these big banks (and in some cases, their regulators) have recognized the folly of “DIY Compliance” which is what happens when a manager lacking Compliance subject matter expertise employs a “check-the-box” approach using nothing more than Chapter 8 of the U.S. Federal Sentencing Guidelines and a Google search engine. As I have observed: 1) Compliance is not a subset of Legal but a completely new profession and discipline and 2) DIY Compliance is about as dangerous as “DIY Brain Surgery” performed by your pediatrician.
Roy Snell uses simple logic to explain why Compliance is different from Legal: The compliance profession is here because those who came before the compliance officer often pointed and advised but did not fix all the problems they found. So society invented the compliance officer role and the job definition includes fixing all the problems. Some don’t want the compliance officer to have that authority, responsibility and independence. Yet, that’s exactly what compliance officers need to do their job effectively. Let’s stop talking, hoping, theorizing, pointing, and advising and, instead, take action. Let’s give the compliance officer authority, responsibility, and independence. Let’s revitalize the business community’s reputation.
That brings us next to the health care industry, where the Office of Inspector General of Health & Human Services recently blessed Compliance 2.0 in a straightforward joint guidance. It clarified the separate mandates of Legal and Compliance and otherwise endorsed an independent, empowered governance model.
And finally, the global auto industry has had two very visible examples of Compliance 1.0 failures, where a little bit of subject matter expertise might have been worth its weight in gold: GM and VW. So far, it is encouraging to see that at least VW has responded to its compliance troubles by moving strongly to a Compliance 2.0 model, following the lead of other forward-thinking German companies, Daimler and Siemens, which both elected for Compliance 2.0 and Compliance subject matter expertise to run their Compliance ships.
So back to my initial question: Who needs Compliance subject matter expertise? The simple answer: Any Compliance 2.0 CCO, any company seeking an effective Compliance 2.0 program – especially in the big bank, health care and auto industries – and smart regulators like the OIG HHS and DOJ.