Best Practice - Compliance Department Models

advertisement
COMPLIANCE DEPARTMENT MODELS
Prior to the early 1990’s, most companies had never considered the position of
Compliance Officer or Vice President of Compliance to be needed. Since the lawsuits
and media spotlight of that period, however, most insurers, many agencies and all
broker-dealers have a head of Compliance that oversees risk abatement activities.
For the insurance company in particular, under the very general category of Compliance
are a number of functions and assignments, such as Privacy Officer (e.g. HIPAA and
Gramm-Leach-Bliley), regulatory compliance (e.g. policy creation and filing), ethical
compliance, advertising compliance, compliance with Federal Regulations (e.g, MoneyLaundering), and Special Investigative Units (SIU). Which of these responsibilities the
Manager of Compliance takes on vary from entity to entity, but there seem to be four
structural models for the broad organization of a Compliance Department.
Audit Department Model
A portion of companies have used an existing Audit Department to assimilate the role of
Compliance Department. Sometimes the Head Auditor reports to the Compliance
Officer, sometimes the Compliance Director reports to the Head Auditor, and in most
instances, it seems, the two “hats” are worn by the same person. It is a fine line to walk
and certainly takes a person with strong interpersonal skills to succeed with the duplicate
assignment.
Within the Audit Department, additional responsibilities are often assigned to the existing
Auditors. In some cases, specialists are brought into the department to oversee
particular facets of compliance risk as determined by the manager. Sometimes
Regulatory Compliance and the SIU are under this department and sometimes they
remain independent. Often, monitoring of compliance with Federal regulation has
already been assigned to the Audit Department, and may be expanded to set up the
processes for compliance as new regulations are born.
One difficulty companies seem to face with the Audit Department Model is for employees
and producers to differentiate between the “gotcha” attitude common among Auditors
and the “protection” approach needed for Compliance to win allegiance. If the Audit
Department has a negative reputation in the company, buy-in to the need for compliance
efforts may be hard to win.
On the flip side, Audit functions fit in very well with Compliance functions such as
oversight and monitoring. In some smaller and mid-size companies, the marriage has
worked very well because of the leadership of the department and because of the strong
upper management support.
Best Practice Recommendation: This hierarchy works for some companies, but may
have to be reconsidered with changes of personnel in management. Keep some
flexibility in this organizational structure.
Legal Department Model
Many Compliance Departments are either a sub-department of the Law Department,
have some attorneys in the Law Department specifically assigned to Compliance but
without the title, or are considered the same department.
It appears that larger companies in particular, with Legal Departments that were strong
and well-established by the early ‘90s, are the most inclined to have established this
model.
One issue that may cause conflict within this structure, however, is the attorneys’
passion for protection of the company vs. the needs of the company to establish and
communicate procedures, definitions and guidelines, for compliance with the law and
Best Practices.
For instance, a compliance person may feel strongly that the company needs to
establish Guidelines for Appointing Producers that takes into account the criminal and
credit history of the applicant. As part of that establishment, the Guidelines would be
communicated to those in the Field who recruit producers. An attorney, however, might
be (a) adverse to putting guidelines in writing because of the risk of litigation, and (b)
adverse to communicating those outside the home office and making it more readily
available to the plaintiff’s bar.
The attitudes of Compliance and Legal are not necessarily in conflict, and may be wellaligned in many areas. Often, protection for the company and its producers is a driving
force for both mind-sets in any given decision. However, the protection viewpoint may
delay the company from keeping up with the regulatory environment because of
resistance to change.
Best Practice Recommendation: When the Legal Department model is used, care
should be taken to balance the attorney perspective of protection, with the compliance
manage perspective of improving the company. Political power needs to be balanced
within the company so that the best decision is reached on a case-by-case basis.
Compliance Department Model
Perhaps the most common model is a separate, and usually equal, Compliance
Department established apart from Legal and Audit. Sometimes the Compliance
Director reports to Legal, but more often, they both report to a Vice President or the
President on equal footing.
Often with the independent Compliance Department, the staff works very closely with
assigned members of the Legal staff and the Audit staff so that tasks don’t overlap. This
is particularly true with advertising review (Legal) and monitoring and quality reviews
(Audit).
It is imperative in this model that Compliance input carries equal weight to Legal and
Marketing in decisions that affect the company, risk, and improvement. In some
companies, Compliance does not have its own Officer. This works in smaller
companies, at least, because the Officer over Compliance is compliance-minded and will
give due consideration to Compliance input.
Sometimes in this model, the Compliance Officer or Director is the only member of the
Compliance Department. In that case, however, there are generally “compliance
associates” in other departments that serve to both monitor processes and communicate
Compliance information, in addition to their “title” jobs. In larger companies, the
Compliance Department varies from two employees to 25 or more employees. In great
part, the number in the Department depends on size of the company and the functions
assigned. If Regulatory Compliance is included, for instance, the number of the
Compliance staff greatly swells.
This model is typically a strong one. Not only does it present Compliance as being
important for the benefit of the employees, it also presents Regulators an
acknowledgement of the importance of the company’s compliant and ethical culture.
Best Practice Recommendation: For the Compliance Department Model to
demonstrate effectiveness, it should report directly to the CEO, or have a “dotted line”
link to the CEO.
Marketing Department Model
This model is in place in a few companies in the industry, wherein the Compliance
Officer and the Marketing Head are the same person. Or possibly, the Compliance
Director reports to the Marketing Vice President.
The potential conflict in this arrangement may be obvious, since the focus of Marketing
is typically the sales bottom line and the focus of Compliance tends to be the ethical line.
For instance, if a producer’s background check falls outside the company’s guidelines,
the Marketer may want to give the person a chance because he/she is a good producer,
whereas the Compliance person will be more hesitant.
There is an increasing awareness throughout the insurance industry for the necessity
for, and the agreement with, Compliance as a long-term solution to past ills. Many
Marketers are becoming of the Compliance mind and are solid supporters of ethical
market practices.
And particularly in small companies, where each employee tends to wear multiple hats,
the match of Compliance and Marketing in the same officer does seem to work well.
These companies tend to have a strong culture of compliance and ethics, and will seek
out employees who have strengths in both Marketing and Compliance.
Best Practice Recommendation: As in other models, this one may work well only
because of the personnel involved. Top management will always need to be aware of,
and intercede in, decisions which may conflict the single Marketing and Compliance
Officer.
The Compliance Department concept in some form has taken a strong hold in the
industry, as well it should. While some companies struggle more internally between
Marketing and Compliance, others have come to a good working relationship, no matter
which of the four models is in place. Those who serve specifically in the Compliance
function have usually worked hard to position Compliance as a “Sales Protection”
department rather than “Sales Prevention”. Compliant and ethical market practices
provide a “win-win” for the entire company and its producers and broker-dealers.
Download