Embedding Compliance Personnel in Business Operations

Compliance professionals learn from each other.  Recently, I had the good fortune of meeting two experienced compliance professionals in Los Angeles for dinner and a thoughtful discussion.  I learned a lot from them at the dinner.

One idea we discussed was a new model for compliance – embedding compliance professionals within business units of an organization.  Let me try and explain what I learned.

Many companies maintain a centralized compliance office with specific responsibilities assigned to groups or individual compliance staff.  That is the model for most compliance offices.  It reflects the resource limitations of a compliance office – there are not enough compliance personnel to fan out into an organization.

If you assume that a company dedicates sufficient compliance personnel to the company, maybe another model should be examined.  Instead of a centralized compliance office, the company could assign and embed compliance personnel within individual business units.  Each unit would have a dedicated compliance staff, consisting of one or more compliance officers. 

Co-location of business and compliance staff would foster communications between business and compliance staff, and more importantly, improve the chances that compliance staff would participate in new business initiatives from the inception.   Co-location also would increase communications and break down divides which normally inhibit communications between business units and compliance staff. 

The challenge for the model would be management of the compliance staff across business units to ensure consistent policies and practices.  But consistency is not an end to itself – sometimes flexibility for specific business units or issues may be warranted. 

If implemented, compliance managers would have to be vigilant to communicate among the compliance staff.  The risk of such a management structure is the loss of control over compliance policies and procedures.  The upsides of such a management structure outweigh the possible downsides.

The key factor (besides resources) for a company to consider is the structure of its operations.  For global companies, such a design may be challenging.  There may be too many moving parts to try and embed compliance professionals throughout an organization. 

The best indication of whether this is feasible is the extent to which a global company already embeds other corporate functions in local offices.  For example, if legal, auditing or procurement staff is assigned to locations around the globe, compliance can certainly be divided in the same way.  If the company does not have sufficient compliance staff to accomplish this task, then the company needs to hire additional compliance staff. 

In many cases, the benefits of embedding compliance staff will outweigh the downsides.  The closer compliance can “touch” business units which are involved in risky interactions with foreign government officials the greater the likelihood that a business person will avoid potential bribery.  This is an idea worth considering.

You may also like...

3 Responses

  1. Bill Wilson says:

    I always chuckle when I hear about a "new" model for something that some organizations have been doing for decades.  In 1986, I was attending the staff meetings of my business unit clients, as did many of my colleagues, an unheard of practice for the most part in many organizations.  It gave me insights I would never have gotten back in my office at headquarters, along with the possibility of early intervention when needed.  It also gave me visibility at a level of the organization that said "this function matters."  Embedding does not necessarily have to mean daily presence, though it can.  It simply means developing a close relationship with the client that puts you on their radar and availability that makes it painless to get your help.  

  2. This model is relatively new in pharma and has taken off in many large pharma companies.  When I started in international compliance ten years ago, it was unheard off to be former sales professional working in compliance.  I would suggest the embedded role its different than just spending time with clients. Today, in pharma, I'm no longer the exception.  For the last two years, I had the opportunity to serve as a senior-level compliance professional embedded on a BU leadership team.  I still reported to the CCO and we still had operational staff, but the value of working shoulder to shoulder with the business was invaluable for them and me. We saw ourselves as teammates with different responsibilites, but striving for the same objectives.    They saw me as member of their leadership team, contributing (not policing) to the development of business unit strategy and evaluating ideas before they were implemented.  I was also a sounding board and was received as a valued consultant to leadership.  Equipping leaders with enhanced risk accumen informed decision-making and made for far more impactful communications (form BU leaders, not me). Down the line, front line employees recognized me as a member of the leadership team, which gave credibility to compliance and demonstrated leadership's committment to ethics and compliance.  It was a very successful model highlighted in GSK's recent Corporate Integrity Agreement.

  3. John Buckley says:

    I agree with Bill Wilson.  I've seen these compliance management models evolve over 30 years as they are applied to each new compliance program that sprouts up.  The centralized support model often starts being too politically weak, and then the pendulum swings too far the other way to a centralized command model that imposes requirements on the business operations without much support, then the decentralized model tries to balance that out, then people eventually gravitate to a model that has some of both with an ocillation of political clout between central and decentralized.  The audit function should stay centralized, but a mix of decentralized compliance generalists and centralized niche experts usually is the end result.