Americans are celebrating the Fourth of July holiday this week, commemorating the separation of the United States as an independent country from the United Kingdom. Battles for independence can be long and filled with difficulty, including moments where freedom fighters feel defeated. As a profession and department, compliance is still young. Debates still rage about whether compliance needs to be independent, and what “independence” actually means in practice.

Three Types of Independent Review: The Board, the Compliance Department, and the Regulator

“Independent” is defined as “not influenced or controlled by others in matters of opinion or conduct.” Just as society needs businesses to provide goods and services, and to provide jobs to people who want to use their talents and support their families, society also needs to ensure that business is done in a way that supports broader social values. Three types of controls have been created to ensure that business is done the right way and in accordance with the law - the Board, the Compliance Department, and the Regulator.

A company’s board of directors is comprised of individuals with a fiduciary duty to oversee that the business is run in a profitable way within the bounds of the law. In more and more countries, board members have personal liability for their conduct when it comes to the company following the law. The imposition of this liability is intended to incentivize the board members to act independently from the desires of those inside the company who may be motivated by greed and internal pressure to push the limits. The Board is meant “not to be influenced or controlled” by the opinions of the internal business leaders when it comes to making decisions about doing business within the bounds of the law.

Regulators and prosecutors exist because society needs the capacity to enforce the laws it creates. They too must be independent in their oversight. In countries where the regulators, prosecutors, and judiciary are not independent, bribery and illegality tend to escalate rapidly.

The compliance function is the only internal check on how a company operates. The legal function plays much of the same role in many companies; however, the legal function tends to be focused on contracts and what is possible under the law as opposed to focusing on corporate ethics, integrity, and doing the right thing. In larger companies, compliance alone is tasked with creating the processes that will prevent and detect misconduct.

Regulators Expect the Compliance Function to be Independent

Regulators expect the compliance function to be independent and to have access to the board. In the Department of Justice’s guidance on the Evaluation of Corporate Compliance Programs, prosecutors are told to ask whether the compliance function has “direct reporting lines to anyone on the board of directors and/or audit committee?” They are also asked to evaluate whether compliance has sufficient autonomy from management, such as “direct access to the board of directors or the bord’s audit committee.” Lastly, the guidance asks prosecutors to evaluate whether the compliance function is “an independent function reporting to the CEO and/or board.”

The Independent Compliance Function: Best Practices…