Discover more from Compliance Explained
Why do people confuse legal with compliance? And how to explain the difference?
Let's explain the difference between legal and compliance.
Do you also hate it when people think compliance is just part of legal?
Yes? Well, that makes two of us.
Because if you're in compliance, you know there is a HUGE DIFFERENCE.
So let's break things down:
Why are people confusing legal with compliance?
How do you best explain the difference to colleagues and friends?
Why are people confusing legal with compliance?
There are historic reasons, label reasons, and recruiting reasons
Let's go back in time to when compliance got departmentalized. I mean when it started to become a professional role, and a new corporate thing.
At the beginning of the 90s, having a system of how to comply started to matter.
Governments realized that if you don't have a systemized approach, you will sooner or later violate the law. Not because you want to, but simply because a company is just a bunch of humans together. That is, not a very flawless bunch.
So the US Department of Justice issued its Federal Sentencing Guidelines for Organizations.
In a nutshell, these Guidelines:
describe how to implement a such system, a so-called compliance program.
give in return softened punishment if a company, that violated a law, could prove it implemented such a system.
It was a Copernican revolution. Not just avoiding law violations was important. Also how you do that became a thing.
And that's why in the 90s compliance started to diverge from legal.
But who could manage this new compliance thing?
This made sense. Because the incentive came from the Department of Justice, and the incentive as such was to soften a legal punishment after a law violation.
It explains why so many lawyers work in compliance teams and why people could confuse legal work with compliance work.
There was also another reason for the increased attention to compliance. Several court cases in the US articulated the liability of the members of the Board of Directors for failing to monitor the compliance level. Whether or not this could be enforced, or even is valid in other countries, it did plant a seed in the brain of many directors: "better invest in compliance". A good read on this is Todd Haugh's paper Caremark's Behavioral Legacy - see the link in the footnotes.
Now compliance became a thing, a new system, it needed labels to tell people what they are actually doing.
There are two options to label the compliance work:
Outside-in: starting from the regulation
Inside-out: starting from the action
Let me explain.
Outside-in means that you take a regulation that could harm your company and then see how it could harm your company.
Example for naming the thing by the regulation: Anti-Bribery regulation >>> Anti-Bribery compliance
Inside-out means that you take an action that an employee or a team is doing and then see which risks or regulations could be relevant.
Example for naming the thing by the action: Exporting a product >>> Export compliance
The most used way of labeling a compliance topic is by just naming the relevant regulation:
Anti-Corruption (or Bribery or FCPA) compliance
It's the easiest way to label, too!
Because you don't have to do a deep-dive into what your colleagues are actually doing. You just take the next new regulation and name the thing.
It explains why compliance may look very lawyerly.
Hence, the confusion with legal.
So who is going to do the job?
When companies need to recruit, they prefer you have a Law degree. They don't exclude other backgrounds of course. But being a lawyer, is still an advantage.
I challenge you.
Go on Linkedin and try to find a compliance job vacancy and count how many vacancies hint at something like this:
"A relevant degree, preferably in business or law, is required"
"Knowledge of other essential laws and regulations"
"At least 10 years directly related experience in a legal or compliance role"
"A law degree is a plus"
Being a lawyer isn't anymore a hard-core requirement for a compliance role. Which makes totally sense of course. But you can still see that people assume lawyers are fit for the job.
I am a recovering lawyer and I doubt that you should be a lawyer to take a compliance role. In fact, I had to unlawyer myself first to really get good at the compliance job.
The main reasons why people confuse legal with compliance:
People think it's done by lawyers (historically correct).
It's labeled with regulations and laws (sounds lawyerly).
If you are a lawyer, you're in the running for a compliance job (thank you HR).
How to explain the difference between legal and compliance?
It's still difficult to explain the difference to others.
You may create more confusion if you start with "following legal rules" - after all, isn't a legal expert good at legal rules?
Before going forward, check this analogy as explained by Ricardo Pellafone of the Broadcat: compliance is like fire prevention and legal is like fire insurance. He really nailed it!
Here is the basic difference:
The compliance team operates in the real life. The legal team works with the legal reality.
This may read like a dog biting his own tail, but bear with me.
It's like a video game. Take my all-time favorite game MARIO BROS. 🍄
It's a fantasy world with avatars (like Mario and Luigi), with a imaginary setting (like the green pipe and the game rules) and a scenario (the mushroom makes you grow, the Goomba can hurt you).
It's pretty much like the legal reality:
avatars are the legal fictions like corporations, associations, limited partnerships, franchise, joint venture, etc.
a setting like contracts and rules set out by laws and case law.
a scenario like a merger, a contract termination, bankruptcy, etc.
Like Yuval Harari would say, humans have the power of imagination. A corporation isn't different than a Goomba: an invention created by the human brain and accepted by a large group of other humans.
For compliance, there isn't fantasy world, only the real world. This means that a compliance professional looks different to the world:
there are no avatars or fictions, only real humans working in a corporation.
the setting is created by employees' emotions, their motivation, but also the tools they use and the communication lines they have with each other. The setting has in other words unlimited features.
the scenario is created by the actions and intentions of the employees and others who work in and with the corporation.
This analogy to a video game has its relevance.
Many people confuse the legal fantasy world with the raw compliance reality.
For example when you let your customers sign contractual clauses like:
the products will not end up with blacklisted entities (to cover a sanctions regulation).
the products will not be used for a specific use (to avoid certain tax exempt oil products are used for taxable purposes).
So it looks like you are covered, but that's only for the legal reality.
In real life, you still risk selling indirectly to blacklisted entities or that your products will be used for illegal purposes.
You cannot avoid real-life consequences with paper (aka imaginary) solutions.
You have to know which world you're in: real life or fantasy?
Some other interesting observations:
Legal looks at what’s on paper and whether it was followed to the letter of the law; compliance looks at why things were done and what they should have been doing instead of just following a rule blindly.
The main goal of legal is to minimize liability; the main goal of compliance is to protect the interests of the business and its employees.
Legal work is about individual cases, whereas compliance is more about systems.
It's obvious to see why people confuse legal with compliance. But in practice there is a HUGE DIFFERENCE.
But if you are at a cocktail party, don't start with "legal minimizes liability in case things go wrong, compliance avoids that things go wrong in the first place."
That's too boring and still leaves people clueless.
Legal is like playing a video game, Compliance operates in real life.
Then you will sound like a badass Goomba.
The emergence of compliance. The Practice. (2017, April 24). Retrieved September 28, 2022, from https://thepractice.law.harvard.edu/article/the-emergence-of-compliance/
Haugh, Todd, Caremark's Behavioral Legacy (November 1, 2007). 90 Temple Law Review 611 (2018), Kelley School of Business Research Paper No. 18-51, Available at SSRN: https://ssrn.com/abstract=3186879
Pellafone, R. (n.d.). Broadcat named a behavioral compliance best practice! Broadcat Blog. Retrieved September 28, 2022, from https://blog.thebroadcat.com/broadcat-named-a-behavioral-compliance-best-practice