Compliance: more than observing statutory requirements | KPMG | CH
Share with your friends

«Compliance is more than just observing statutory requirements»

Compliance: more than observing statutory requirements

Jörg Kilchmann and Felix Schraner interview Peter Kurer, attorney-at-law and partner at the private equity firm BLR & Partners AG.


Related content

Peter Kurer, attorney-at-law and partner at the private equity firm BLR & Partners AG

Peter Kurer, attorney-at-law and partner at the private equity firm BLR & Partners AG

Managers are working harder than ever to ensure legal and regulatory compliance. Despite this, non-compliance issues remain high on the agenda and seem to continue growing. Why is this the case?

Peter Kurer: The rise of corporate legal and compliance risks arises from a number of economic and sociological developments. Most obvious is the incredible degree of globalization we have experienced over the past 25 years or so. Global companies operate in many countries; say 60, 70 or even 110. They meet the various legal rules there but also many diverse moral and ethical concepts under which their activities are seen and judged. In many of these countries, there is no rule of law or stable institutions that we are used to in the West.  We have also become a risk-averse society: we enjoy a lifestyle in which we incur new risks such as those associated with mass transportation, high energy consumption and artificially processed food. If these risks materialize, we however quickly cry “foul and shame” and want to take revenge against the culprit - who often is big global business. NGOs, politicians, prosecutors, regulators and the media ride on these waves of indignation against business. They demand new laws and begin prosecutions. They are aided by an ever more transparent business environment where scandals and crises travel around the globe within an hour thanks to social media and the blogosphere.

It is only a few years since legal departments were solely responsible for managing a company’s legal risks. Today, many in either regulated or non-regulated markets have built up compliance departments to help in this task. What drove the establishment of a separate department?

Peter Kurer: Lawyers advise on the content of legal rules; they draft contracts and other legal documents; they represent a client; and they manage legal projects such as litigation or M&A transactions. If this is done well, it goes a long way to shield a company from legal and compliance risks. Given the ever increasing risk level, and the sheer size of the modern corporation, more is needed. You need now to govern employees’ behavior by writing specific policies, and educating and training them. You have to monitor certain sensitive transactions, make specific investigations, and mine data. All this requires a different skill set than the one mastered by traditional lawyers. Hence the creation of compliance departments, first in regulated industries such as pharmaceuticals and banking, and increasingly now also in non-regulated industries.

Compliance officers tend to interpret their role in a more and more pronounced way. How can General Counsels and Management Boards profit from this?

Peter Kurer: I don’t think you can talk about it in terms of “profiting”. It goes far beyond this. In view of the high risk level, you can no longer run a serious company without a well-established compliance process including, in most cases, a compliance department. In creating and implementing opportunities for the company to make profits, senior and line managers must do so within legal requirements. In this sense, they bear primary responsibility for legal risks. Lawyers review and advise on the legal requirements and any limits to the opportunities. Compliance managers do a third and a different thing: they check that operations and staff conduct stay within the limits of legal, regulatory and ethical rules. Therefeore, ownership of legal risk by management, advice by lawyers, and the control activities of compliance are all integral parts of legal risk management. We must sit on a three-legged stool; two legs are not enough.

What in your view are the requirements for an adequate legal and compliance framework, and what opportunities does such a framework offer?

Peter Kurer: State-of-the-art legal and compliance risk management requires an integrated process. This starts at the top of the company and flows down through operations to the shop or trading floor. The board must understand the issues and set a strategy. It must then hammer out a legal and compliance risk framework. This framework defines the issues, allocates responsibilities to management, control functions and experts; it regulates reporting lines, provides for coordination and convergence activities, talks about the role of risk identification, audits and special situations such as whistle-blowing, self-reporting or investigations. If it is done well and implemented appropriately, the framework establishes a clear governance and effective organization for legal risk management.

It can be a fine balance between managing legal risks and seizing business opportunities. What would you recommend focusing on in the short and long-terms?

Peter Kurer: Talking about risk versus opportunities is a slippery slope in the legal space. In many ways, compliance and legal risks are a zero tolerance area. Boards and management should be very serious about them and establish a solid legal risk management. Risk management in this area should be taken as seriously as business operations, marketing, human resources, quality production and all other key management processes. The rewards will come indirectly - in terms of lower legal costs, less litigation, an improved reputation. If successful, it might become a differentiator that sets apart the company from its competitors.

Legal functions have grown in size and importance within global groups. What does this mean for the training of in-house lawyers? Should the head of the legal department be a manager with a legal background or a lawyer with a management background?

Peter Kurer: A good general counsel and a good head of legal should be both a trained lawyer and a solid manager. It is tough but you need both skill sets. If you are not a good lawyer you will not command the respect of your staff, because lawyers like to be managed on the basis of superior professional knowledge. If on the other hand you are a poor manager, you create a mess and lose credibility. Ideally, a typical in-house lawyer’s primary training should be as a lawyer, including substantial time with a law firm to learn the practical skills of the job, beyond the academic aspects taught at university. Management skills will be learnt on the job and through specific training which might include an MBA, EMBA, or at least an executive education in legal management.

What is the most important advice you would give to universities when educating corporate lawyers?

Peter Kurer: They should teach them good analytical thinking beyond pure knowledge of technical rules. In other words, they should give students the basics to be intellectually robust lawyers who can express themselves in clear and succinct language. If they achieve this they have done a lot. The more practical part of the education should be done by the law firms, the companies and the executive management schools.

What do you think about outsourcing certain compliance units or legal departments, and how should such a process be governed?

Peter Kurer: I would be sceptical about outsourcing in these areas. I would rather in-source support teams for compliance and legal activities, while outsourcing and off-shoring certain activities to law firms or alternative providers like the legal process outsourcing providers. This framework is important for the key task of establishing responsibility key. If I insource, I retain direct responsibility. If I outsource, I delegate responsibility on the basis of a clear service-level agreement which is subject to checking.  The main governance principle should always be: how am I most efficient without losing impact.

Until recently, compliance meant being compliant with legal rules. Nowadays, compliance includes ethics and social responsibility, integrity and more. What is your opinion on that?

Peter Kurer: Compliance is a broader concept than merely complying with legal rules. The view is now well-established that compliance activities should extend to ethical and cultural issues and sometimes even to such aspects as consumer protection or certain contractual terms. I only see a few authors - mainly in Germany - who adhere to the old view that compliance is about only the law.

In your book, you talk in depth about growing legal risks. What is the key message you would like readers to take away?

Peter Kurer: Legal risks are a growing uncertainty for global companies. As a matter of fact, legal risks are for many companies the most serious threat to smooth operations. Boards and senior management therefore have every incentive to take this area seriously and to manage risks strategically - from the top and in an integrated manner. The challenge goes beyond just having a good legal department or appointing the best outside counsel. It is the in-house lawyers and compliance officers, rather than law firms, who have become the main operators in this space. They need an attitude and a skill set that goes far beyond a pure professional’s traditional expertise.

What does that mean for outside advisers in this area?

Peter Kurer: With this change of paradigm, new advisors become important in the area of legal risk. These include accounting firms, forensic analysts, specialized consultants and legal process outsourcing providers. Each – including law firms – must adopt its own business model.  Technology, combined with knowledge of how people behave and how we can influence their behavior, become increasingly important. In other words, legal risk management goes much beyond traditional lawyering. It involves more than just good handling of legal cases and instead moves in the direction of informing and supporting a change of mindset throughout an organization.

© 2018 KPMG Holding AG is a member of the KPMG network of independent firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss legal entity. All rights reserved.

Connect with us


Request for proposal