Our recent blog - which addressed the topic of whether a legal background was necessary or not for compliance professionals - stirred quite the debate! The vast majority were in agreement that it was not necessary, even though legal qualifications or experience is commonly requested when recruiting for compliance professionals (predominantly in the U.S).
Following on from that - and in light of some high profile cases - there has been some renewed discussion lately surrounding the wisdom of combining legal and compliance functions. While there is inevitably some crossover between these two teams – with shared goals and a responsibility to collectively manage risk – there is a strong argument for keeping the two departments separate within an organisation.
Merging the two functions has the benefit of a ‘one team’ mentality, but there is the potential it will lead to conflicting priorities and blurred lines of accountability.
This article will explore the reasons why legal and compliance might consider remaining separate functions and how organisations could benefit from a clear distinction between the two.
1. Different Roles and Responsibilities
One primary argument to keep legal and compliance functions separate is the simple fact that they serve fundamentally different roles in an organisation.
- Legal Function: The legal department is focused on protecting the organisation’s legal interests. Lawyers are primarily concerned with interpreting laws, managing litigation, drafting contracts, and minimising legal risks, as well as looking at business opportunities and providing strategic guidance based on legal risk (and rewards). They act as advisors on legal strategy and ensure that the company operates within the boundaries of the law.
- Compliance Function: The compliance team, on the other hand, is tasked with ensuring that the organisation adheres to external regulations and internal policies. Compliance professionals proactively identify compliance risks, implement policies, and monitor the organisation’s adherence to these standards. They focus on fostering a culture of ethical behaviour and preventing violations before they occur.
While both teams are responsible for protecting the organisation, they do so from different angles or with competing priorities; although an effective Legal & Compliance Function(s) will see close interaction between both teams.
2. Balancing Legal Risk with Ethical Compliance
Maintaining a clear separation between legal and compliance functions helps organisations achieve a balance between complying with the law and adhering to ethical and regulatory standards. While legal teams may focus on defending the organisation’s actions from a strictly legal perspective, compliance teams ensure that the company maintains high ethical standards and avoids reputational risks that could arise from unethical behaviour, even if it is technically legal.
- Example: Consider a situation where a company is operating in a country with lax labour laws. The legal team may determine that certain practices are legally permissible in that country, but the compliance team may recognise that these practices are inconsistent with the organisation’s own code of ethics. In this scenario, the compliance team’s role is to ensure that the company operates in a manner consistent with its ethical standards, even if it means going beyond what is legally required.
By having two distinct teams, businesses can benefit from legal guidance on how to navigate the law while also maintaining a strong compliance culture that prioritises ethical integrity and social responsibility.
3. Accountability and Oversight
When legal and compliance functions are separated, each team can maintain a higher level of accountability and oversight. This separation allows organisations to create a system of checks and balances, where one function is responsible for managing legal risk and opportunity, and the other for ensuring regulatory compliance.
- Compliance as an Independent Monitor: One of the primary roles of compliance is to serve as an independent monitor within the organisation, identifying potential regulatory or ethical violations and ensuring that they are addressed. This requires the compliance team to act independently from other functions - including legal - to avoid bias or conflicts of interest. If compliance is merged with legal, there is a risk that compliance concerns could be deprioritised in favour of legal strategies focused only on business growth or defending the company from external litigation.
- Separate Reporting Lines: In many businesses, it is considered best practice for compliance to report directly to the Board of Directors or an Audit Committee, rather than to the General Counsel. This creates a direct line of accountability and oversight for compliance issues, ensuring that senior leadership is aware of and engaged with the company’s compliance efforts. This type of reporting structure is rather more tricky to implement when compliance is sat within the legal function.
4. Responding to Regulatory Expectations
Regulators and enforcement bodies often reiterate the importance of maintaining a clear separation between legal and compliance functions. Many regulatory frameworks and guidance documents, including those from bodies like the U.S. Department of Justice (DOJ), the Securities and Exchange Commission (SEC) and international financial regulators, stress the need for a strong, independent compliance function.
- Regulatory Scrutiny: Regulators are increasingly scrutinising companies for their internal compliance structures, particularly in highly regulated industries such as finance, healthcare, and pharmaceuticals. A lack of clear separation between legal and compliance functions may raise red flags for regulators, who could question whether the compliance team is empowered to identify and address risks independently from the company’s legal defence strategy.
- Fines and Penalties: Failing to separate legal and compliance functions can also lead to more severe regulatory fines or penalties. Regulators want to see that compliance programmes are effective, well-resourced and independent. If compliance is seen as merely an extension of legal, it could be perceived as less effective or less proactive in preventing misconduct.
5. Culture of Compliance and Integrity
A strong culture of compliance is essential for companies to maintain their reputation, foster trust among employees and build long-term success. Keeping the legal and compliance functions separate sends a clear message to all stakeholders – including regulators - that compliance is a business priority, not just a legal formality.
- Empowerment: When compliance is an independent function, it has more authority and autonomy to address potential issues, investigate concerns and raise ethical dilemmas without the influence of legal risk management strategies. This empowerment is key to creating an environment where employees feel encouraged to speak up about potential compliance issues and trust that they will be handled appropriately.
- Clear Communication: Separating legal and compliance also ensures that clear communication is maintained with employees about the importance of compliance. It reinforces the idea that compliance is about more than just legal defence - it’s about upholding values and promoting ethical business practices. This distinction is critical in building a compliance-driven culture.
Conclusion
While legal and compliance functions share the common goal of protecting their employer, they approach it from different perspectives and serve distinct purposes. By maintaining separate legal and compliance functions, organisations can achieve a balance between managing legal risk and fostering a culture of ethical behaviour.
While there are of course strong arguments for combining the two functions, keeping them separate from one another provides clearer accountability, reduces conflicts of interest, and strengthens the company’s ability to meet regulatory expectations. It also empowers the compliance team to proactively address risks and promote ethical standards within the organisation, thereby ensuring long-term success and sustainability.
Fundamentally, the effectiveness and success of both Legal and Compliance functions is strongly affected by availability of resources and buy-in and support from C-Suite and senior management. Combining functions with the primary purpose of saving money or headcount gives a strong indication of business priorities and can not only lead to non-compliance issues or litigation but greatly impact long term sustainable growth of the organisation.