The Department of Mysteries (or What is the Compliance Department actually doing?)

Written by Lucie Schweizer on Monday November 27, 2017

It struck me that the compliance department has certain parallels with the Ministry of Magic from J.K. Rowling´s Harry Potter series. Both are often misunderstood, mysterious, ‘secretly’ structured but at the same time necessary and important.

In Slovak we could use the term ‘conformity department’. The compliance department supervises functionality and compliance with regulations of the company, of an operational or ethical nature. Just as the Ministry of Magic controls the observance of witchcraft duties and determines what is right and wrong and important (or not important) from the regulatory, ethical or moral point of view, so compliance does the same, but from a different entrepreneurial and specific sector perspective, in which the business entity operates.

In the Harry Potter books, the Ministry of Magic is described as a secret place underground in central London. The largest Ministry department is the Wizard’s Law Enforcement Division, which is supported by other six sub departments – except for the so called Department of Mysteries. The second largest department is the Department for the Regulation and Control of Magical Creatures. Owls have been used to communicate between departments, but that was rather dirty so they replaced it with a system of inter-department instant messaging (flying paper planes).

You might be wondering how this magical world is anything like a compliance department. Well, a compliance department (whether created with several sections or departments or whether all of its functions are on the shoulders of one compliance manager) is often perceived as a department in the company whose functions are often only formal, or vaguely defined. Where competencies and powers are clearly defined, they usually affect the competencies and powers of other departments - sometimes without clearly stipulating the scope and nature of authority of each department involved. 

In the corporate structure (sophisticated structures of corporations, often crossing the borders of one country) compliance commonly has five sub-departments: internal audit; policy creation group; policy enforcement group, regulatory reporting group (financial or regulatory); and risk management and its subdivisions.

In the Slovak legal environment, we see mainly compliance departments which are more of the nature of the ‘mystery department’. If the compliance department is not formally established (i.e. there is no formally defined function/unit, because these already exist in Slovakia), the scope of its competencies and responsibilities is fragmented and divided between various existing departments. It is often the case that people having in their competencies securing ‘compliance’ either do not know or suspect that they are the compliance officer. In short, they work for the ‘mystery department’: often they do not know about it and their powers and competencies are hidden under the name of another department. Sometimes it makes sense. Mostly however the case is that the respective company has not yet implemented its organisational structure into a modern and effective form of management.

Transforming the mystery department into a more formal and recognised compliance department is not difficult, but requires the time and space to think about the management structure of the company, and that may not be easy.

Further to that, compliance has a number of other ‘softer’ functions. On the one hand, the compliance officer must be an inspector, supervisor or investigator (business compliance by any means). On the other hand, they should give the lead in ethics and morals, enforcing strategies of one team, ethical and moral principles and take the lead by being open, trustworthy, and acting with integrity and courage. Can these two roles be combined? One day you are investigating misconduct, the next day you praise good performance.

The Harry Potter comparison rings true here too. Dolores Umbridge: first undersecretary to the Minister of Magic, whose favourite colour is sweet pink and loves small kittens, at the same time establishes an inquisition team with the power to control and to terminate (temporarily or permanently) the employment of any professor.

Setting up a new organisational structure is not impossible, but must be very well planned and must not be forceful. With an increasing level of sanctions which may be imposed by the public authorities (based on turnover criterion), it is essential that compliance with legal regulation is enforced and that the establishment of a compliance department is more than theoretically justified.

The mystery department may be created by a company knowingly or unknowingly. Provided a company wishes to transform the mystery department into a compliance department it has to consider the following basic questions.

• Has the company adopted a Code of Ethics or a similar document which stipulates the basic principles of the company’s operation and is this Code regularly evaluated and updated via a predetermined process?
• Does the company have a dedicated compliance function directly identified in its organisational chart? If so, does the position in the structure correspond to the position in the structure of responsibilities, competencies and powers which the company associates with the compliance manager position?
• Is there a process within the company which ensures that principal regulatory and legislative requirements are cumulated in one department regardless of their specification, e.g., new GDPR legislation require obligations to be met in HR and IT – is the information from those departments centralised at a central level by some position and if they are, who is responsible for that? And has that person/department at central level the right to establish a process/mechanism, or issue internal directives in order to ensure compliance at all levels?
• Is there a supervision/audit plan to monitor the compliance with internal obligations at central level which is regularly evaluated and amended based on suggestions from individual departments? Are these checks made in reality?
• Is there a plan for regular revisions of processes to reflect results from the audits/controls/supervisions at corporate level?

If your answer is ‘not sure’ to any of the above questions it is very probable that you have a department of mystery (or maybe even the whole Ministry of Magic) in your organisation.

Whether you decide to continue as is or you decide to change the system, it is up to you. However, no management style works as efficiently as it should if it contains unknowns. Just ask Harry Potter.

This piece was written for ICA by Lucie Schweizer, guest contributor

Author bio

Lucie Schweizer is a partner at Ružička Csekes law firm. She deals with compliance on long-term basis, in the beginning under the cover of corporate governance, later on under the form of recognised corporate designs and strategies. ‘I enjoy contributing to business environment cultivation; compliance is one of the ways how to do it.’

Ružička Csekes is one of the largest commercial law firms in Slovakia, offering a wide range of general and specialist legal services and managing the largest projects and transactions. It is also the first law office in Slovakia operating a group of eight specialists dealing with the legal aspect of corporate criminality issues, i.e. criminal offences committed by legal entities. The portfolio of their services includes preventive measures, drafting internal anti-corruption guidelines/policies and compliance programmes, compliance audits, preparation for and support in the course of inspections/investigations pursued by administrative authorities (including Dawn Raids), as well as providing support to legal entities, in particular large companies, in criminal proceedings.

If you would like to take part in the ICA’s Big Compliance Conversation and contribute to a like-minded community, please get in touch at contributions@int-comp.org.