Our most recent post in this series considered compliance programs in the holding company context. In this sixth installment of eight posts on “parental controls,” we turn to more actively managed subsidiaries.
The extent to which the parent may wish to assist with the subsidiary’s compliance program –- and the specifics of such help — will often turn on the following issues:
- Does the subsidiary have sufficient staff/budget for a standalone compliance and ethics (C&E) office/program?
- To what degree does the sub operate independently as a general (i.e., not C&E-specific) matter?
- Is agency liability a reasonable possibility? (This will be discussed more in the final post in this series.)
- Are the C&E-related risks of the parent (and any other subsidiaries) materially different than they are for this subsidiary?
- What is the size of the parent’s investment, and possible strategic and reputational harm from a compliance failure, in the subsidiary?
Where possible, it is often useful to have dedicated C&E officers for subsidiaries, because they are likely to be known in the business, and thus, might be easier for employees to approach than someone from the parent company.
Also, they will generally have a better sense of the subsidiaries’ risks than will a compliance officer from the parent.
But the analysis can be different with respect to risk-area subject matter experts (SMEs), where it may make sense in a large corporation for each subsidiary to contribute a few SMEs to a compliance network established by the parent.
This can serve as a central function providing expertise on all major risk areas to all subsidiaries. Further, companies might consider: a) establishing specific C&E program standards required of each subsidiary; b) reporting on satisfaction of program standards to the parent management; and c) rolling up the results of the above to the parent board.
Codes of conduct are one of the primary elements of a C&E program, and organizations often extend their codes throughout the entire organization, including to the employees of subsidiary companies.
Subsidiaries may also modify the parent-company code of conduct somewhat, though. For example, they might do so to utilize the name of the subsidiary rather than the parent or to emphasize a particular risk area or areas that are of greater importance to the subsidiary.
C&E policies are also often shared throughout an enterprise. Although, just as with codes, they may be modified somewhat to consider the particular risks of the subsidiaries.