A ‘PRE AND POST’ APPROACH TO COMPLIANCE

What is the proper role of the compliance function in an organisation? How can the compliance team best contribute to the growth and success of the firm? Despite the decades-long development of compliance into a valuable and valued function, compliance officers and their companies still struggle to answer these questions.

From time to time, a great debate erupts in the compliance community – generally fuelled by a new set of rules and regulatory expectations to meet – about the responsibilities of the compliance function and team. As one example, many companies are still trying to figure out whether compliance or information security, or some other unit, should ‘own’ data privacy and security.

This debate has been re-energised lately, driven by the focus on environmental, social and governance (ESG) issues, and the explosion of laws and regulations that has come with that attention. Companies of every size and industry face enormous challenges from the constantly-evolving and ever-expanding regulatory requirements and risks regarding ESG. In this environment, with its confluence of rising expectations for compliance and shrinking tolerance for failings, compliance officers have their own challenges to both help their companies find the right overall responses, and to identify where they best fit in to ensure that those responses have been implemented and are working.

Not surprisingly, compliance officers are reacting in wildly-divergent ways, ranging from “compliance should lead ESG” to “ESG is not our job”. A survey reported by Compliance Week in November 2021 reflected this diversity, finding that: (i) 13 percent of compliance officers said they had primary oversight for ESG in their organisations; (ii) 24 percent played the role of adviser; (iii) 27 percent were members of an ESG committee; (iv) 9 percent said they were an “advocate”; and (v) 25 percent had no role in ESG at all.

Jan-Mar 2023 Issue

Giordano, Halleran & Ciesla