You can listen to a webinar from the Georgetown Journal of Legal Ethics Fall Symposium – Corporate Compliance: The Role of Company Counsel from October, 2007.
- Mitt Regan, Professor, Georgetown Law
- Tanina Rostain, Professor of Law, New York Law School
- Kathleen Barlow, Vice President, Marsh USA
- Ann Straw, Vice President & Chief Compliance Officer, Laidlaw International
- Scott Killingsworth, Partner, Powell Goldstein
Professor Rostain started off with a summary of her paper: General Counsel in the Age of Compliance – A Research Agenda (.pdf).
She cites two reasons for compliance regimes. One is the diffusion of compliance throughout the organization. The goal is to centralize the management of those functions. The second is the multi-disciplinary approach to compliance. You need different types of knowledge and expertise. In-house counsel needs to relinquish some of the control to group managers.
Are in-house counsel managers first? or are they lawyers first? Which is the better model? Do they exert more influence when they take the role of manager or the role of lawyer? Professor Rostain cited some previous studies on these topics. If they focused on legal risk, they had less influence over corporate decision making. Lawyers limited to explaining the risk and deferring the risk decision to the managers had less influence in the the corporation. One survey responder equated managers as playing offense and counsel playing defense.
Professor Rostain stated an example of counsel making clear what her personal opinion was and what her professional opinion is.
Killingsworth pointed out the dark side of the new powers of general counsel. After SOX, new reporting obligations were forced on general counsel. One problem is that the general counsel may be investigating a potential violation and have a duty to report it at the same time, making it difficult to do both well. Counsel are also worried about the increased risk of criminal action against in-house counsel. You only talk to regulatory people about your compliance program when it has failed. You need to penetrate down to everyone that can get you in trouble and everyone that can keep you out of trouble. Is important to mpve from abstract compliance terms into the mechanics of the business processes.
Straw states that “knowledge of the business” is the most important part of creating an effective compliance program. The face of compliance needs to be visible and accessible. A code of conduct sitting on the bookshelf is not effective.
Barlow focused on risk. She talked about ERM, the process and how it fits into compliance.