COMPLIANCE DEPARTMENT MODELS Prior to the early 1990’s, most companies had never considered the position of Compliance Officer or Vice President of Compliance to be needed. Since the lawsuits and media spotlight of that period, however, most insurers, many agencies and all broker-dealers have a head of Compliance that oversees risk abatement activities. For the insurance company in particular, under the very general category of Compliance are a number of functions and assignments, such as Privacy Officer (e.g. HIPAA and Gramm-Leach-Bliley), regulatory compliance (e.g. policy creation and filing), ethical compliance, advertising compliance, compliance with Federal Regulations (e.g, MoneyLaundering), and Special Investigative Units (SIU). Which of these responsibilities the Manager of Compliance takes on vary from entity to entity, but there seem to be four structural models for the broad organization of a Compliance Department. Audit Department Model A portion of companies have used an existing Audit Department to assimilate the role of Compliance Department. Sometimes the Head Auditor reports to the Compliance Officer, sometimes the Compliance Director reports to the Head Auditor, and in most instances, it seems, the two “hats” are worn by the same person. It is a fine line to walk and certainly takes a person with strong interpersonal skills to succeed with the duplicate assignment. Within the Audit Department, additional responsibilities are often assigned to the existing Auditors. In some cases, specialists are brought into the department to oversee particular facets of compliance risk as determined by the manager. Sometimes Regulatory Compliance and the SIU are under this department and sometimes they remain independent. Often, monitoring of compliance with Federal regulation has already been assigned to the Audit Department, and may be expanded to set up the processes for compliance as new regulations are born. One difficulty companies seem to face with the Audit Department Model is for employees and producers to differentiate between the “gotcha” attitude common among Auditors and the “protection” approach needed for Compliance to win allegiance. If the Audit Department has a negative reputation in the company, buy-in to the need for compliance efforts may be hard to win. On the flip side, Audit functions fit in very well with Compliance functions such as oversight and monitoring. In some smaller and mid-size companies, the marriage has worked very well because of the leadership of the department and because of the strong upper management support. Best Practice Recommendation: This hierarchy works for some companies, but may have to be reconsidered with changes of personnel in management. Keep some flexibility in this organizational structure. Legal Department Model Many Compliance Departments are either a sub-department of the Law Department, have some attorneys in the Law Department specifically assigned to Compliance but without the title, or are considered the same department. It appears that larger companies in particular, with Legal Departments that were strong and well-established by the early ‘90s, are the most inclined to have established this model. One issue that may cause conflict within this structure, however, is the attorneys’ passion for protection of the company vs. the needs of the company to establish and communicate procedures, definitions and guidelines, for compliance with the law and Best Practices. For instance, a compliance person may feel strongly that the company needs to establish Guidelines for Appointing Producers that takes into account the criminal and credit history of the applicant. As part of that establishment, the Guidelines would be communicated to those in the Field who recruit producers. An attorney, however, might be (a) adverse to putting guidelines in writing because of the risk of litigation, and (b) adverse to communicating those outside the home office and making it more readily available to the plaintiff’s bar. The attitudes of Compliance and Legal are not necessarily in conflict, and may be wellaligned in many areas. Often, protection for the company and its producers is a driving force for both mind-sets in any given decision. However, the protection viewpoint may delay the company from keeping up with the regulatory environment because of resistance to change. Best Practice Recommendation: When the Legal Department model is used, care should be taken to balance the attorney perspective of protection, with the compliance manage perspective of improving the company. Political power needs to be balanced within the company so that the best decision is reached on a case-by-case basis. Compliance Department Model Perhaps the most common model is a separate, and usually equal, Compliance Department established apart from Legal and Audit. Sometimes the Compliance Director reports to Legal, but more often, they both report to a Vice President or the President on equal footing. Often with the independent Compliance Department, the staff works very closely with assigned members of the Legal staff and the Audit staff so that tasks don’t overlap. This is particularly true with advertising review (Legal) and monitoring and quality reviews (Audit). It is imperative in this model that Compliance input carries equal weight to Legal and Marketing in decisions that affect the company, risk, and improvement. In some companies, Compliance does not have its own Officer. This works in smaller companies, at least, because the Officer over Compliance is compliance-minded and will give due consideration to Compliance input. Sometimes in this model, the Compliance Officer or Director is the only member of the Compliance Department. In that case, however, there are generally “compliance associates” in other departments that serve to both monitor processes and communicate Compliance information, in addition to their “title” jobs. In larger companies, the Compliance Department varies from two employees to 25 or more employees. In great part, the number in the Department depends on size of the company and the functions assigned. If Regulatory Compliance is included, for instance, the number of the Compliance staff greatly swells. This model is typically a strong one. Not only does it present Compliance as being important for the benefit of the employees, it also presents Regulators an acknowledgement of the importance of the company’s compliant and ethical culture. Best Practice Recommendation: For the Compliance Department Model to demonstrate effectiveness, it should report directly to the CEO, or have a “dotted line” link to the CEO. Marketing Department Model This model is in place in a few companies in the industry, wherein the Compliance Officer and the Marketing Head are the same person. Or possibly, the Compliance Director reports to the Marketing Vice President. The potential conflict in this arrangement may be obvious, since the focus of Marketing is typically the sales bottom line and the focus of Compliance tends to be the ethical line. For instance, if a producer’s background check falls outside the company’s guidelines, the Marketer may want to give the person a chance because he/she is a good producer, whereas the Compliance person will be more hesitant. There is an increasing awareness throughout the insurance industry for the necessity for, and the agreement with, Compliance as a long-term solution to past ills. Many Marketers are becoming of the Compliance mind and are solid supporters of ethical market practices. And particularly in small companies, where each employee tends to wear multiple hats, the match of Compliance and Marketing in the same officer does seem to work well. These companies tend to have a strong culture of compliance and ethics, and will seek out employees who have strengths in both Marketing and Compliance. Best Practice Recommendation: As in other models, this one may work well only because of the personnel involved. Top management will always need to be aware of, and intercede in, decisions which may conflict the single Marketing and Compliance Officer. The Compliance Department concept in some form has taken a strong hold in the industry, as well it should. While some companies struggle more internally between Marketing and Compliance, others have come to a good working relationship, no matter which of the four models is in place. Those who serve specifically in the Compliance function have usually worked hard to position Compliance as a “Sales Protection” department rather than “Sales Prevention”. Compliant and ethical market practices provide a “win-win” for the entire company and its producers and broker-dealers.