Riddle me this; you are a C-Suite adult at the world’s second largest banking conglomerate, with at least 1.9 billion reasons to establish a compliance program. Do you (a) hire the best, experienced chief compliance officer with a successful track record that your well-paid headhunter army can find and position them for success with the right mandate and resources,or (b) acquire with fanfare an ex-British spy (former head of MI-5) and an ex-U.S. DEA agent to impress your regulators and PR Wizards of Smart? Here is my not surprised face at HSBC’s election of (b) => :/ zzz. Because that worked out so well for Barclay’s, right?
Well, how about Option (c)? Maybe Harrison Ford can be persuaded to come on board and do a little “DIY Compliance”(because at least some of his past movie plot lines involved international money-laundering!!) And then everyone can join hands and sing Kumbaya! Dear Boards and C-Suites: Please be advised that ‘big name’ ex-regulators and law firm partners are no more likely to deliver a meaningful ethics and compliance program to your companies than Harrison Ford as Indiana Jones or Jack Ryan! It is maddening to watch companies in compliance trouble keep making Rookie Mistake #2: the fatally misguided belief that a high profile candidate with a legal regulatory, law firm or prosecutorial background is the silver bullet for those problems! And shame on the regulators and prosecutors who fall for that fairytale!
If a best practice ethics and compliance program is what you need, the place to go is to the profession with the subject matter expertise. Any other hire and you get GM-Style DIY Compliance, which is the same as hiring your pediatrician to do DIY brain surgery – guaranteed to end in tears! If the spectre of Sir Hector Sants, former U.K. FSA head, resigning after less than a year as Barclay’s Compliance head, due to “stress and exhaustion” isn’t enough of a cautionary tale for this kind of “Hail Mary” hire, then GM’s debacle in “DIY Compliance” ought to serve as a serious wake up call to Boards and C-Suites contemplating a foray into Rookie Mistake #2.
For context, GM gets this year’s trophy for Rookie Mistake #1: making Compliance a captive arm of Legal, rather than an independent check-and-balance subject matter expert empowered to do its job well! The simple undeniable truth is that (i) the Compliance and Legal mandates are different and each has an important role in the compliance infrastructure, and (ii) when either is prevented or detoured from doing that job well, the entire organization is at risk. Witness the GM in-house Legal Department, now the subject of federal investigation to determine whether its actions were so incompetent or negligent as to hide damaging facts pointing to an urgent need for a recall. Boards and C-Suites should be asking; ”What happens when the Compliance mandate for openness, transparency, and accountability to ‘find, fix, and remedy the problems’ runs straight up against the Legal drive for secrecy and suppression to ‘protect and defend’ the enterprise?”
As GM has vividly demonstrated, the critical Compliance mission to find and fix problems can be easily be detoured by a Legal driver to “Suppress and Defend Boulevard!” Sorry folks, this is not “competent representation” but an outright hijacking! GM’s Legal group squandered time and effort that should have been spent supporting the Ethics and Compliance mission, instead redirecting it to the infamous “69 Naughty Words” and email deletion and “take no meeting notes” campaigns. This served to obscure and suppress a pattern of damaging facts which has been linked by the company to at least 42 deaths. Sadly, this is ”DIY Compliance” at its worst.
“DIY Compliance” is what happens when junior lawyers with a conflicting mandate are either instructed or self-directed to abandon the Ethics and Compliance mission and decades of subject matter expertise and best practices because of role confusion, career ambition, lack of empowerment, fear and retaliation or worse. That model didn’t turn out too well for GM, the victims of the delayed GM recall, or the gatekeepers who failed in their respective missions, and has led to a closely followed nail in the coffin for the failed Compliance 1.0 model. Let’s hope Boards, C-Suites, regulators and policymakers who are serious about Ethics and Compliance are paying attention.