No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Program Management: The Relationship Between E&C and Legal And the Role of E&C Liaisons

by Rebecca Walker
April 24, 2015
in Compliance


In last year’s program management section of the Risk Forecast Report, we looked at the ethics and compliance (E&C) program characteristics of independence and authority in light of the level of board oversight of the program and the positioning of the Chief Ethics and Compliance Officer (CECO) within the management structure of the organization. This year, we will again look at the key program characteristics of independence and authority, with a focus on (1) the relationship between ethics and compliance (E&C) and the Legal Department, and (2) structuring E&C liaison networks effectively. Both of these aspects of program management, while distinct, have enormous capacity to contribute to the level of independence and authority of an E&C program.

The Relationships Between E&C and the Legal Department

 In recent months, the E&C profession has re-energized its discussion of the appropriate relationship between the Legal Department and the E&C function. Several new surveys have produced fairly different results regarding the number of E&C programs that report to the general counsel or are otherwise positioned in the Legal Department—some indicating that the number is falling significantly, and others indicating that it is holding steady at around 40 to 50 percent. Regardless of the accuracy of the data, however, the surveys have invigorated the healthy debate regarding the appropriate relationship between Legal and E&C, a discussion that is largely focused on three questions:

  • Does Legal have the appropriate expertise to oversee an E&C program?
  • Does the relationship between Legal and E&C provide E&C with the recognition and authority it requires to implement an effective program?
  • Does having E&C reside in Legal create a conflict of interest between the two functions?

What often seems to be missing from this debate is a close look at the primary purpose of the E&C function, and whether a given organization’s program structure furthers that purpose. It is helpful to go back to the basics and ask the question of what E&C seeks to accomplish in order to assess how it can best do so.

In conjunction with asking this fundamental question, you should also consider reviewing the E&C program charter for your organization (and, if you do not have one, consider drafting such a document). It is helpful to ask whether the program charter adequately reflects the goals that the organization has created for the program. And if not, it may be appropriate to reconsider the charter or reconsider the goals, and to obtain feedback from both senior leadership and the board on these framework questions.

So what are the goals of an E&C program? For most organizations, the primary goals of the program are to prevent, detect, and respond to misconduct.[1] Additional goals, which serve to further the primary goals, are to (1) enhance the culture of compliance and business ethics, and (2) serve as a check on the business and other functions. The traditional elements of an E&C program are all carried out in furtherance of these primary goals. Thus, for example, in order to prevent misconduct at an organization, it is necessary to assess legal and compliance risks; utilize due diligence in hiring and entering into agreements with third parties; and educate and raise the awareness of employees and others through policies, training, and communications. And, in order to detect and respond to misconduct, one utilizes the traditional program elements of monitoring, auditing, reporting systems, investigations, discipline, and otherwise enhancing controls to prevent future similar misconduct. (The detection and response elements are also helpful in preventing misconduct, of course. For example, knowing that one’s work is being monitored or may be subject to audit, and knowing that misconduct may be reported, investigated, and disciplined, all serve as effective deterrents.)

The relationship between E&C and Legal should be assessed and determined in light of the goals of the program and the E&C activities conducted in furthering those goals. Many of these activities can effectively be carried out by an E&C function that is part of Legal. Legal is typically a good resource for assessing legal and compliance risks, conducting investigations, structuring due diligence for both employees and third parties, and some forms of monitoring and auditing. However, there are other E&C activities at which Legal has not historically been as adept, such as creating engaging training and communications and some aspects of culture promotion. Each organization should consider the goals of its program and the primary activities of the function in determining the most effective program structure.

With respect to the second question (regarding recognition and authority of the program), at some organizations, if E&C is not part of Legal, it simply will not have the clout it needs to operate effectively. And while it may be easy to say that an organization should simply give E&C the clout it needs, that is often not possible—at least in the short- and medium-term—depending on the culture, history, and existing management structure of an organization. Related to this question of recognition and authority is the consideration of whether having E&C as part of Legal impacts the perception of employees and others regarding the role of the E&C Department. If this structure has the impact of sidelining the E&C department, or diminishing the sense that E&C is a part of the business, then that weighs in favor of separating the functions.

The final question of whether combining E&C and Legal creates a “conflict” because of E&C’s role in serving as a check on the business and other functions is a more nuanced question than some commentators indicate. In considering this question, it is important to consider whether the Legal Department is a foreseeable source of risk to the Company (and hence would benefit from the “checks” that could be performed by a separate department). It is also important to consider whether E&C’s ability to serve as a check on the business and other functions would be diminished by separating E&C from Legal. Sometimes E&C relies on Legal as a source of authority and clout necessary to serve as an effective check.

For all organizations, the question of the appropriate positioning of E&C with respect to Legal should be answered following a careful assessment of the goals of the program, and whether separating E&C from Legal will further those goals or hinder them. Likewise, the extent to which any given program structure enhances or impedes the program’s level of independence and authority will differ for every organization. However, understanding the primary goals of a program, and understanding that independence and authority are simply program characteristics that service those primary goals, will assist organizations to make more accurate assessments. An organization’s structure should be determined not on the basis of convenience, but on the basis of effectiveness.

E&C Liaisons 

In recent years, many organizations have adopted networks of E&C liaisons. At some organizations, these liaisons are part-time and report primarily to other functions (such as Legal or HR) or to the business, but they typically also have important responsibilities for implementing the E&C program in their geographies or businesses units. Structured effectively, these positions can have an enormous impact on a program and on the culture of compliance within an organization. Liaisons can help make E&C programs more relevant to the local business they serve; they can provide critical input to the E&C office regarding the effectiveness of the program “on the ground,” and they often play an important role in implementing certain aspects of the program, such as rolling out training, receiving reports of suspected misconduct, and conducting E&C investigations.

A few critical requirements of an effective E&C liaison network include clearly articulated responsibilities and ensuring that liaisons have sufficient training, time, resources, and accountability to perform those responsibilities. In addition, the reporting relationship of E&C liaisons is an important factor in creating a successful program structure. Where liaisons have a solid-line or even a dotted-line reporting relationship to E&C, the likelihood of creating a successful E&C network is significantly increased. And where a CECO or E&C Committee has the ability to provide formal feedback to E&C liaisons regarding their work, including through input into the liaisons’ performance evaluations, the level of accountability—and thus the chance of success—is enhanced.

Conversely, where the E&C liaison does not have a reporting relationship to the E&C office, there is typically a negative impact on the level of effectiveness of the liaison network. E&C has long dealt with this same concern with respect to E&C investigations that are performed by employees in functions other than E&C. Where E&C has no ability to provide formal feedback to investigators, there can be a negative impact on effectiveness.

Not only does reporting to the E&C function help ensure accountability, it also enhances the level of independence of the E&C liaison, and thereby of the entire E&C program. When the E&C liaison has a formal reporting relationship of some type to E&C, the ability of the liaison and the entire program to serve as a check on the business and other functions is thereby enhanced.

Recent deferred prosecution and corporate integrity agreements emphasize the importance of an effective reporting relationship between E&C directors responsible for particular subject matter areas (such as anti-money laundering) or particular geographic regions or businesses and the CECO.[2] These agreements require E&C directors to report directly to the CECO—not to the business or region where they are located. While solid-line reporting may not be possible where, for example, the E&C liaison is a full-time member of the Human Resources or another function, the importance of some type of formal reporting relationship is highlighted by these agreements.

In addition to independence, E&C liaisons should also possess an adequate level of authority within the business or region that they serve—another topic that has been the focus of E&C agreements, some of which have required E&C directors to be a member of senior management of the relevant business unit or geography. The same reasoning applies to E&C liaisons. In order to conduct investigations, oversee controls, and otherwise implement an E&C program effectively, the liaison must have an adequate level of authority within the relevant business or geography.

Conclusion 

While E&C programs have made great strides in recent years, many organizations continue to grapple with questions of how best to structure their programs to ensure the level of independence and authority necessary for effectiveness. In tackling these questions, it can be helpful to focus on the principal goals of an E&C program (which, for most organizations, are to prevent, detect, and respond to misconduct). Program structures will undoubtedly change over time, but continually revisiting the question of how best to achieve the program’s goals, and how best to maintain independence and authority, should help ensure both an appropriate relationship between E&C and Legal and an effective network of E&C liaisons.

[1]           These goals obviously come right out of the U.S. Sentencing Guidelines, but they are also the primary goals of most E&C programs—whether articulated or not. U.S. Sentencing Guidelines Manual § 8B2.1(b).

[2]           See, e.g., the deferred prosecution agreement between the Department of Justice and HSBC Holdings plc (2012) and the corporate integrity agreement between the Office of Inspector General of the Department of Health and Human Services and GlaxoSmithKline LLC (2012).


Previous Post

What Employees Do When No One is Looking: Changing Compliance Culture

Next Post

Managing Cyber Risk in Health Care

Rebecca Walker

Rebecca Walker

Rebecca Walker is a partner in the law firm of Kaplan & Walker LLP, a firm that specializes in corporate compliance and governance located in Santa Monica, California, and Princeton, New Jersey. For over 20 years, Rebecca has specialized in advising clients on the development and implementation of compliance programs. She has also served as a monitor for the Department of the Air Force and as an independent consultant, reviewing programs for the U.S. Securities and Exchange Commission. Rebecca is the author of "Conflicts of Interest in Business and the Professions: Law and Compliance," published by Thomson West, as well as numerous articles and studies. She chairs the Practising Law Institute's Compliance and Ethics Essentials Institute in New York and the Advanced Compliance and Ethics Workshop in San Francisco and serves on the Advisory Board of "Compliance and Ethics Professional" magazine. Rebecca received her B.A. from Georgetown University and her J.D. from Harvard Law School.

Related Posts

no right answer

That ‘Do the Right Thing’ Mug? It’s Missing Some Fine Print.

by Vera Cherepanova
May 20, 2025

Ethics isn’t a slogan; it’s a practice

doj sign front

Assessing the Business Risks of the Trump Administration’s ‘Total Elimination’ Strategy

by José Cortina and Jennifer Christian
May 20, 2025

As cartels increasingly participate in mainstream economic activities, traditional due diligence practices become inadequate to address new material support risks

drug cartel soldier camo

Leveraging Human Rights Frameworks to Combat Emerging Cartel Risks

by Nate Lankford, Matteson Ellis and Nisha Sawhney-Murkett
May 19, 2025

As enforcement priorities shift to cartels and foreign terrorist organizations, established human rights processes can identify and mitigate emerging legal...

You are now registered!

Webinar: What Employee Experience Reveals About Your E&C Program

by Corporate Compliance Insights
May 16, 2025

11 a.m. - 12 p.m. ET Tuesday, June 3 Are your ethics and compliance metrics capturing what really matters? Programs...

Next Post
healthcare risk management

Managing Cyber Risk in Health Care

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights