What is Legal? Key Characteristics
In the broadest sense, legal refers to anything legally derived or regulated by law. In corporate parlance, legal is used most often to describe compliance with existing laws. Legal departments work closely with all levels of business to ensure that company operations and operating procedures are compliant. Legal departments help address and solve internal and external legal matters as a means of protecting both the company and its clients/customers. Lawyers working within corporations as in-house legal counsel are tasked with an array of duties outside of direct litigation involvement. Instead of spending the vast majority of their time arguing cases in court , in-house legal personnel must be just as good at negotiating resolution to various legal issues and representing the company in regulatory and administrative proceedings. They may also assist in the negotiation, drafting, and execution of corporate contracts and guiding company governance and compliance.
Understanding Compliance: Key Functions
Compliance can be defined as the process of adhering to all governing laws, regulations, policies, and internal guidelines that pertain to an organization. This can range from external laws (e.g. SOX, HIPAA, or PCI-DSS) to internal policies (e.g. acceptable use policies for IT equipment). In short, compliance is ensuring that an organization conforms to requirements.
To accomplish this, every business needs one or more compliance officers responsible for assessing and reporting the company’s adherence to governing requirements. This role can fall to a CCO (Chief Compliance Officer); alternatively, a CCO may oversee other compliance officers employed by the company.
By ensuring that the organization adheres to regulations and maintains compliance certifications, the compliance officer is able to give assurance to management and governing authorities that risks are being managed appropriately.
The Difference Between Legal and Compliance
The legal and compliance functions, although distinct, share common goals within a corporate context. The legal function advises on and manages the risks and liabilities that are created by regulatory compliance, while the compliance function, with respect to regulatory compliance, is responsible for the policies and communication to the company on the requirements by regulation which exist for both the company and its individual employees. Legal and compliance both assess risk and must at times deal with the fall out of inappropriate behavior by staff in the company. However, the legal function will be defensive while compliance must – as a primary role – be constructive in order to ensure compliance with regulations and an improved compliance culture. The two roles are also viewed differently from a regulatory perspective in their interactions with regulators and other external stakeholders. Due to the strength of the legal privilege, when it is applied appropriately, the legal function is more likely to have less interaction with regulators and therefore avoid the personal exposure to enforcement actions that compliance officers face. The compliance function is required to apply authority to policies that require cooperation by work colleagues and executive management alike. While at the same time responding to the authorities with some regulatory "teeth" in the form of possible penalties for companies that might not appropriately respond to and self-report violations, the compliance function also has to convince work colleagues and senior executives to make operational changes that sometimes require effort from all people across the company.
Interaction Between Legal and Compliance Functions
While the two functions are distinct, legal and compliance team members often find themselves in the position of working collaboratively in an effort to ensure risk management is properly handled. For example, a solution or process improvement resulting from corrective actions for a compliance issue may address some of the same concerns that would have been uncovered by the legal team in conducting investigations into employee misconduct. On the other hand, an investigation by the legal team may uncover issues regarding compliance programs that pose further operational risk to the company. The two teams can make each other’s jobs easier by proactively collaborating on internal concerns; for instance , conducting regular joint organizational assessments to proactively identify processes that could benefit from improvement.
Legal and compliance professionals are similar in that they each serve an independent interest, but they differ in that legal specialists have particular knowledge of the rules and laws governing a company and its personnel, whereas compliance professionals are more likely to be focused on internal processes and procedures. A corporate compliance team has the duty to evaluate and improve the effectiveness of the company’s risk management operations. A legal team, on the other hand, is more focused on risk mitigation and internal investigations. Depending on the size of the organization, there may be multiple legal teams that report to the general counsel, including those that classify themselves as transactional, litigation or employment lawyers.
Challenges with the Integration of Legal and Compliance
Organizations commonly face challenges when bridging the gap between legal and compliance functions. These challenges may exist because the two departments have inherently different, sometimes conflicting, responsibilities that require a common strategy to align them. Legal traditionally has exclusive responsibility for privacy and anti-bribery and corruption issues. The Department of Justice (DOJ) and Securities and Exchange Commission (SEC) require companies to conduct anti-bribery and corruption audits, generally every two years, to assess risk and implement any adjustments to their compliance programs. Many companies combine these audits with privacy and data security audits to avoid duplication of effort. In both instances, however, these audits tend to be focused on the legal requirements of the regulations, leaving compliance potentially out of the loop regarding any additional administrative or operational controls. Many companies also typically take a similar approach with global anti-corruption programs. In establishing anti-bribery and corruption compliance programs, counsel often looks to the DOJ and SEC 2012 Guidance and other applicable international, federal, state and local laws where the company operates and not necessarily to industry best practices. This reliance on legal advice can lead to missing opportunities to incorporate other relevant global compliance program elements. Furthermore, without involving other subject matter experts or stakeholders, the compliance program may not offer the greatest overall benefit to the company. To face these and other challenges, companies should seek to adopt a holistic approach to legal and compliance duties. This will create more opportunities for collaboration and reduce the risk of one group undermining the other. It will also ensure that legal and compliance strategies work together and are coordinated to reduce the cost and effort associated with managing risk. Through the integration of strategies, there may be fewer audits and information sessions to review and manage and a greater focus on information sharing. Such collaboration can be invaluable in remaining compliant with anti-birbery and corruption laws or regulations, as well as in privacy compliance.
Value of Having Both Legal and Compliance in an Organization
The importance of both legal and compliance in business cannot be understated; they work in tandem to provide a company with the safety net it needs to be protected from a multitude of different issues. Where the legal department will be focused towards highlighting the legal implications of a company’s actions, the compliance department will ensure that the company is preventing issues internally and externally from coming to fruition.
When a company has a strong legal team, they are able to take on board external legal advice and offer up guidance as to what issues must be avoided from a legal standpoint, and how best to do this. While the compliance department will be concerned with preventing legal ramifications, the legal department will work to keep the business protected from employees’ actions that may have an impact on it legally.
The legal department will essentially seek to protect the company from the legal repercussions that comes as a result of poor ethics and procedural compliance, which highlights why having both departments is so important . Where the ethics compliance department will focus on protecting the company from employees’ negative or unethical actions, the legal department is more interested in protecting the company itself and its brand image. The legal team will provide legal advice to the company and staff members who interact with regulators or the media, which may not form a part of highly regulated industries, but which will nevertheless form a part of their responsibilities.
When there are unethical actions taken, the compliance department will seek to mitigate the risk of any legal issues, whereas the legal team will react to the matter as a dispute comes site. The duality of this is important, given that if a compliant company is not a ethical and fails to follow policies and guidelines set out for employees, the risk of legal action increases. Therefore, having both teams in place ensures that a company covers all aspects of its legal protection.
