In the midst of a bribery scandal surrounding its Mexican unit, Wal-Mart (NYSE:WMT) is revamping its compliance department. According to a recent article from The Wall Street Journal, Wal-Mart sent out a companywide memo announcing its plans to merge its compliance, ethics, investigations, and legal functions into one unit that reports to the company's general counsel, or GC.
The same memo quoted CEO Mike Duke as saying, "This move will allow us to leverage our strengths in these key disciplines around the world, resulting in close coordination and integration."
Perhaps. But will this "close coordination and integration" result in a more ethical and law-abiding culture at Wal-Mart? I think not. Putting the GC in charge of the ethics and compliance function subordinates broader concerns about fostering an ethical and law-abiding corporate culture to more short-term concerns about external liability risks.
Going against best practices
Subordinating the chief compliance officer, or CCO, to the general counsel goes against best practices in ethics and compliance, which stipulate that the person in charge of the ethics and compliance function should not be the same person as or subordinate to the GC or CFO.
For example, Donna Boehme, former group compliance and ethics officer at BP and principal at Compliance Strategists, points out that this separation has such broad support that it's increasingly incorporated into corporate integrity agreements and deferred prosecution agreements. Government regulators required a corporate integrity agreement (link opens PDF file) at Tenet Healthcare (NYSE:THC) after allegations of Medicare fraud and a similar one (link opens PDF file) at Pfizer (NYSE:PFE) after allegations of illegal promotional practices.
Best practices for a reason
There are good reasons many government settlements require the separation of the GC and CCO roles, and prohibit making one subordinate to the other.
These roles have distinct mandates. While the GC's job is to reduce the risk of external liability and defend the business against external allegations of illegal behavior, the CCO's job is to detect and prevent internal wrongdoing and to foster an ethical and law-abiding culture.
These mandates not only require different types of expertise; they can (and do) sometimes come into conflict.
Promoting a culture in which employees are empowered and motivated to follow federal laws and other organizational rules requires more than just legal expertise. It also requires strong management skills, teaching/training skills, the ability to pinpoint the causes of wrongdoing (which sometimes relate to organizational incentives or other pressures from the leadership), and the ability to come up with ways to eliminate the root causes of wrongdoing.
People with legal training may be excellent candidates for the CCO role, but few individuals possess all of the skills necessary for both the CCO and GC roles, and the responsibilities associated with both positions are full-time jobs.
So that shows why these roles shouldn't be occupied by the same person, but why is it problematic to make the CCO subordinate to the GC? Because they frequently have conflicting mandates -- and subordinating the CCO undermines that person's ability to effectively design, implement, and monitor the compliance function.
While fostering a culture of ethics and integrity often requires detecting and punishing wrongdoing and creating a culture of transparency, reducing short-term litigation risk often requires settling matters quietly.
For example, an organization's CCO and GC may disagree about how to punish an employee caught committing fraud. While the GC may wish to let the problematic employee resign quietly with a severance, the CCO may worry that this will send a message to the rest of the workforce that the company doesn't place a high value on integrity, and that other employees caught for wrongdoing will be given similar lax treatment.
It's not possible for the both the CCO and the GC to get their way in such a case. But as argued by former Chief Counsel for the Office of the Inspector General Lewis Morris, "upper management should hear both arguments." That way, they can weigh the costs of short-term litigation risk against the value of long-term culture-building. But unless the CCO reports directly to the CEO, upper management is likely to hear only the GC's proposals.
One possible explanation for subordinating the CCO and other functions (including investigations) to the legal department may be to allow the company to successfully expand the range of information covered by attorney-client privilege. In Wal-Mart's case, for example, that expansion could allow the company to keep secret the results of internal investigations and other compliance-related correspondence.
A veil of secrecy?
Given that federal enforcement agencies often look more favorably on policies where the CCO reports directly to the CEO, and is not the same person or subordinate to the GC, why doesn't Wal-Mart -- one of the world's largest companies -- apply these best practices?
From my perspective, Wal-Mart's decisions suggest that the real intent of its reorganization has little to do with ethics and much more to do with minimizing short-term legal risks. However, while Wal-Mart's reorganization may mitigate short-term legal risk, it continues to expose the company to longer-term and potentially more serious compliance risks.