This week I am engaging in a week-long series on how a Chief Compliance Officer (CCO) or compliance practitioner might think about operationalizing a compliance program with other corporate functions and disciplines. I am joined in this exploration by Russ Berland, a well-known compliance commentator and practitioner who recently joined Dematic Inc., a Supply Chain optimization company, as it CCO. Today I want to explore how the Human Resources (HR) department can be used to more fully operationalize compliance beyond simply considering the lifecycle of the employment relationship.

Berland had some interesting thoughts on the role of HR in compliance, stating, “The areas though that I think HR can be really, really good at, that as an opportunity that they wouldn’t view as a compliance opportunity, is they know when there are problem groups. They know where there are people who distrust their leadership, or that leadership is isolating the group from the rest of the company.”

Often HR will attempt to deal with the issues through the mechanism of a HR toolkit approach. They will counsel, they will train or retain, they will keep up an ongoing dialogue through communications. HR may also move to other tools such as a performance review. However it may be that the HR toolkit is really not equipped to deal with certain situations and fact patterns. Berland said, “Often those are tremendous red flags that there are compliance issues that are coming up within that organization. That’s where having that constant communication between compliance and with HR is of real benefit because I’ve gotten phone calls before from a HR person that says “We don’t know what’s going but, man, this group is a mess!” And you know? You start talking to them and asking questions and realize there’s probably some vendor conflict of interest issues that this guy’s trying hide and protect, and it’s just affecting negatively the entire group.”

Such an approach can also be used in the area of conflicts of interest (COI). Such an approach can handle more minor  COI’s, such as the relationships between people in a department or it can expand to larger and potentially more serious COI’s, such as kickbacks from vendors and suppliers. As the corporate function on the front line of dealing with people, HR should be in a role to be able to see at least outcomes from people are acting in certain ways, not with transparency, allowing it to be the first line defense in terms of evaluating and addressing such conflicts of interest.

Where HR can take the lead in many such areas, it would have the effect of further operationalizing your compliance program; as it is  really the co-worker who is probably the closest and who will pick up the phone and talk to someone from HR. While it may take some specialized training from compliance to bring HR up to a compliance standard I would argue that the effective use of such training can extend far beyond the limits of HR and, more importantly, the resources of the compliance department.

For strategic planning around compliance, HR is a key stakeholder as compliance builds out its program for effectiveness and efficiencies. Berland related, “I wouldn’t even consider doing strategic planning for a compliance function without having HR in the room, just like I would expect to have legal in the room and internal audit in the room. They are key stakeholders. They need to have input into what compliance is doing and how it’s doing it. It also gives them visibility to understand where the points of interface are. It has always been more successful having those folks involved, just as a matter of nuts and bolts practice.”

This can also extend to policies and procedures. Every company has a large number of HR policies and procedures so why not bring some of that expertise and resources to the compliance function as well. There is no legal reason why these two functions should not be working together. Indeed, the Depart Of Justice (DOJ) Evaluation of Corporate Compliance Programs (Evaluation) asks following questions in Prong, “Responsibility for Integration Who has been responsible for integrating policies and procedures? With whom have they consulted (e.g., officers, business segments)? How have they been rolled out (e.g., do compliance personnel assess whether employees understand the policies)?”

An area not often considered in the intersection of compliance and HR is remediation. This is not simply termination, as two of the questions posed in the Evaluation are: “Human Resources Process – Who participated in making disciplinary decisions for the type of misconduct at issue?” and Consistent Application – Have the disciplinary actions and incentives been fairly and consistently applied across the organization?” If the solution is something other than termination, what is the remediation solution and who will deliver it and follow up to determine its effectiveness? Once again HR is uniquely suited to deliver what might otherwise be considered a compliance solution. Berland stated, “HR is going to be right there with those people where compliance has probably moved onto something else. They’re going to be able to see that everyone’s taken whatever remedial training they’re supposed to, that whatever changes in the management approaches have been implemented, and they can really keep their finger on that pulse.”

Finally we have the area of whistleblowers, most specifically around retaliation. While there was the recent example at Barclay’s where the chief executive attempted to ascertain the name of an anonymous whistleblower, the usual path is that a whistleblower is figured out by their co-workers or through the allegations under investigation. Once again HR is uniquely suited to recognize retaliation, warn and train against it, protect the whistleblower and then work with compliance throughout the process.

The bottom line is that HR will have a strong network throughout an organization. Compliance can learn about delivery techniques and mechanisms in areas such as training. More importantly, with HR personnel, particularly those positioned around the world who understand how compliance issues impact them, the ways in which they can cooperate, extends the reach of compliance and more fully integrates compliance into an organization. Put another way, operationalizing compliance in this manner by having more people who are aware of the issues that are facing them and are points of contact for them, can only strengthen compliance.

Tomorrow I will consider how the compliance function can use internal audit to further operationalize a compliance program.


This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2017