The Time Is Now for Legal Departments to Step Up in Ethics & Compliance

In-house lawyers have probably never been better positioned to be in the room where it happens.

NAVEX Global’s 2017 Ethics & Compliance Benchmark for Legal Professionals reaffirms an increasingly common belief: Legal departments should take on greater leadership when it comes to ethics and compliance. Put another way, in-house lawyers have probably never been better positioned to be in the room where it happens.

The aforementioned benchmark report is NAVEX Global’s first ever data cut revealing role-based findings from our annual research regarding third-party programs, policy and procedure management and training. In one of the most interesting findings, 42 percent of legal-team members said their organization’s approach to policy and procedure management was reactive or basic – compared with 33 percent of respondents from other departments. Meanwhile, 22 percent of legal respondents said their organizations reviewed applicable laws and regulations only reactively, compared with 13 percent of respondents from other departments.

You might think this reflects the kind of hand-wringing that’s par for the course in legal departments. I don’t. I think it’s an inflection point. If you ask the average general counsel, they’ll tell you that their C-suites are asking more of them amid a constantly shifting ethics and compliance landscape.

Why Is this Happening?

Whether it’s the Foreign Corrupt Practices Act, the UK Bribery Act or the looming European Union General Data Protection Rule changes, the regulatory landscape is becoming more and more complex. Meanwhile, enforcement agencies are becoming more coordinated than ever before. Even state agencies are more likely to work amongst themselves or move against an organization based on federal action than they would have been five or 10 years ago.

As a result, C-level officers and board members are turning to the general counsel for help identifying and limiting exposure and designing plans for what to do if (or, really, when) something goes awry.

Put simply, the terrain is getting tougher, and legal professionals have the maps that everyone else must follow. It’s incumbent on us, then, to help show our organizations the way.

Different Views on Training

Legal professionals, according to the new benchmark report, are largely aligned with other survey respondents on the top challenges for training. But they’re not completely aligned, and we can draw some lessons from the differences.

Legal professionals were more concerned about having the necessary resources for training than the time to carry it out. But they were less concerned about the effectiveness of training, as just 10 percent – compared with 19 percent of other respondents – worry that it is not seen as effective at changing attitudes and behavior.

At first glance, the conclusion might seem obvious: In-house counsel are more in favor of devoting time and resources to training, likely because they see more value in it. But that’s because they, more than other departments, are privy to all compliance problems within an organization and not just the ones that affect certain departments. They also understand that regulators consider the presence of effective compliance programs (of which training is a key part) when deciding whether to prosecute.

Reactive Policy Review?

Legal professionals were nearly twice as likely as their counterparts to say their organizations reviewed policies reactively, when a potential issue was raised. And they were less likely to say policies were reviewed annually (23 percent to 30 percent).

Even policies that are reviewed regularly will likely contain information that’s factually incorrect. And, sometimes, changes in laws and regulations could actually end up making things easier on an organization.

This could be discouraging, but instead it should serve as motivation for legal professionals. Given the high-profile compliance failures regularly in the news, general counsel can make a strong case for reviewing policies more frequently. Even policies that are reviewed regularly will likely contain information that’s factually incorrect. And, sometimes, changes in laws and regulations could actually end up making things easier on an organization.

There are several examples in the last year where regulations and significant cases gave general counsels clear (or at least clearer) guidance on how regulators and courts were viewing issue which prior to, the legal function had to “guess” on a spectrum of how things might be resolved through litigation or an administrative process.  This undoubtedly resulted in policies and procedures which were more conservative than they need to be, based solely on an abundance of caution.  Reviewing policies and the landscape they purport to cover could be a competitive advantage to your company.  One brought about solely through Legal’s proactive review of existing policies.

Differing Views of Third-Party Risk

The top three objectives for third-party management programs were the same for legal and non-legal respondents. But legal teams were more focused on legal and financial risk (77%, compared with 66% from all other respondents) and less on protecting reputation (39% compared with 46%).

Clearly, legal professionals are focused on immediate and quantifiable impacts of third-party compliance failures (fines, damages and lawsuits). But they should also remember that reputational damage can affect the bottom line, to say nothing of the difficulty (especially in the social media age) that bad headlines can create for hiring and recruitment.

Big picture, those of us in the legal profession must realize the significance of this moment, as we clearly have the opportunity to make our voices heard and demonstrate our value in the realm of ethics and compliance. The days in which legal counsel could sit in back rooms waiting for the latest regulatory changes and call it a day are, pretty clearly, over. And for that, we should be excited.

Download the New Benchmark Report for Legal Professionals

Chat with a solutions expert to learn how you can take your compliance program to the next level of maturity.

Defining the GDPR’s Data Protection Officer Requirement

Under the upcoming GDPR, many organizations will be required to appoint a Data Protection Officer tasked with specific responsibilities under the new regulation. Learn from a current data privacy officer what this will actually look like, who it should be, and what capabilities and characteristics this person should possess.

Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

Name Is “Psychological Safety” but My Friends Call Me Culture

In a quest to find the secret sauce that makes for effective high performing teams, researchers uncovered a unique group dynamic that out performed the rest. It is called psychological safety, and it can be a key trait practiced by organizations that want to create effective speak-up cultures.

Next Post Previous/Next Article Chevron Icon of a previous/next arrow.