Developing Boundaries between Compliance and Operations

Crew of intelligent male and female having meeting table for discussing business startup ideas share opinions, brainstorming of clever professional employees teamworking at office interior

By Julie Hughes, JD, MS, CHC, CPC

As compliance professionals, we are often put into a position of providing guidance on requirements throughout the entire scope of a program or organization. This can blur the lines between compliance versus operational responsibility. Some things that I keep in mind when trying to create these boundaries:

  • Remember your Role – Compliance professionals should be experts in administering compliance program requirements. Professionals in operations should be experts in the requirements related to their operations. That said, compliance professionals should be able to research and review guidance to understand operational requirements, complete oversight activities, and provide regulatory research and interpretation support.
  • Assess the Need for Support – When questions arise about operational requirements, operational area staff should review the applicable regulatory guidance first and then seek a compliance response if they need additional support. If this initial review step is missing from the operational area, pointing the operational area to the appropriate resource for review is a good way to be responsive, support development of requirements knowledge and establish expectations. Or, if the operational area has not been specific in their request for support, ask them to identify their specific questions. If you assess that the operational area completed its initial review and still needs compliance support, then absolutely step in to help work through the issue.
  • Improve Decision-Making through Training – Establishing and implementing training programs on requirements is important for all staff levels. It is essential to provide staff of the organization the appropriate tools and information to support appropriate and compliant decision-making. As the compliance professional, you are able to identify the appropriate and credible regulatory guidance and provide these resources to operational areas.
  • Refer to Policies and Procedures – Another great decision-making tool are policies and procedures that clearly articulate requirements and provide references for further review if needed. Both compliance and operational leaders should take the time to create and maintain a comprehensive set of policies and procedures that is available to all. Accordingly, compliance professionals can refer operational staff to their own department’s policies and procedures to review requirements and/or support operational decisions. Policies and procedures are also a great way to develop your own or your staff’s knowledge about requirements and how the organization implements those requirements.
  • Business vs. Compliance Decisions – Actively differentiate between operational/business decisions and compliance decisions. Unless you are making operational decisions about the compliance program, refrain from weighing in on operational decisions. Compliance professionals opining on operational decisions can be misconstrued as a requirement instead of a business decision.
  • Identify and Communicate Risk – When dealing with issues of non-compliance, the compliance professional’s role is to clearly articulate the potential risk associated with non-compliance while the business decision is whether the risk will be accepted. Furthermore, when a risk of non-compliance has been accepted, the compliance professional should ensure that that decision is escalated as appropriate to senior management, the compliance committee, or the governing body as appropriate based on the scope and impact of the risk.

Creating the appropriate boundaries between operations and compliance supports a more ubiquitous compliance culture and reinforces the idea that everyone in the organization is responsible for compliance. It also ensures the independence of the compliance staff from operational areas, allowing the compliance department to effectively audit and perform other oversight activities. Furthermore, establishing these expectations and boundaries in your interactions within the organization can help you, and, if you are a manager, your staff manage your time and resources, along with potentially contentious relationships.