Accounting is a risk area. Marketing and sales is a risk area. Quality control is a risk area. That got me to wondering: Aren’t all departments risk areas? If all departments are risk areas, should risk managers consider the legal department a risk area? In all my years in compliance, I have never heard anyone ask that question. Given that the compliance profession is so concerned about identifying risks, it seems that the question should have been asked by now and debated. The legal department makes the most complex and important legal decisions of any department in the organization. Some legal decisions also come with complex ethical ramifications that can magnify the risk. If not following the rule of law is a risk, should risk managers consider the department making most of the legal decisions a risk area?
So if legal is a risk area, why do some compliance professionals report to the legal department? And what are the conflicts of interest involved with that relationship? It’s why I asked this question to a panel I facilitated for Corpedia in 2011: What are the conflicts of interest that the enforcement community is concerned about when suggesting compliance officers be independent from legal departments?
The panel’s charge was to discuss current hot topics in the compliance and ethics profession. My question wasn’t an easy one to answer for some of the panel members. One of them was Al Rosa, GE’s chief compliance director and senior executive counsel. Rosa’s answer was a bit of a long and winding road, and he never really answered the question. Instead, he answered a different question and then said he reported to the general counsel and supported that approach.