Henry Moniz is the global head of legal/regulatory compliance, internal audit, and strategic business practices for Viacom. Moniz recently sat down with David B. Wilkins, faculty director of the Center on the Legal Profession, for a one-on-one conversation on the evolution of compliance.
David B. Wilkins: One of the things we are interested in is the relationship between law and compliance. When you give advice to your CEO or CFO or to your board of directors, do you consider yourself giving legal advice? Business advice? Something else?
Henry Moniz: When I’m giving advice, it’s typically because the issue lies at the intersection of commerce, law, government relations, and potentially a host of other complicated issues. It’s usually a multifaceted problem. If something were strictly legal or a simple compliance matter, it would likely get dealt with at a lower level. When I’m advising, it’s usually because there are competing interests; where there’s a really strong business case for something and the law on its face seems to present a conflict, and we’re trying to figure out if there’s a way to resolve the conflict. So, they tend to be blended issues for the most part.
When I’m giving advice, it’s typically because the issue lies at the intersection of commerce, law, government relations, and potentially a host of other complicated issues.
Wilkins: Since many of these issues cut across departmental lines, when you’re hiring for your compliance team, what sort of skills are you looking at and looking for?
Moniz: There is a huge diversity across my teams because the issues are so multifaceted and cross-cutting; we tend to hire people who come from a host of disciplines. Some are really good at analyzing/interpreting and applying the law to complex fact patterns; others are very good at training employees on compliance-related issues. I actually have a couple of people on my team who have master’s degrees in training and organizational behavior. We also have had on staff MBAs to help advise on problems that are more operational than strictly compliance. And, as one might expect, we also have people who have operational experience and technical IT backgrounds who can help implement systems, pull and analyze data, as well as help manage issues related to data privacy and security. There is even diversity among lawyers. For instance, we have had people who have experience as investigators and with employment law. There is a huge variety of backgrounds—and that’s what makes it so interesting!
Wilkins: The compliance function seems to tend to be much more professionally diverse than, say, an in-house team. How do you ensure that these people work well together and that you create a culture of collaboration (see “Teamwork and Collaboration“)?
Moniz: That was a challenge at first. When I started in this function, it was part of the legal department, so everyone who did compliance was a lawyer. As the function evolved, we took on different people with different skill sets. One of the key things I look for is whether somebody is creative and curious and whether the person is interested in learning about things outside of his or her channel. For me, that is a great indicator of whether somebody will be collaborative—and it’s something I hire for. Part of this is probably informed by the fact that we’re a real knowledge-based company. We’re not, for instance, a manufacturing company, where you’re dealing primarily with issues around child labor, bribery to get government contracts, and other clearly defined, “letter of the law” type matters. In a knowledge-based company, you’re dealing with a broad range of issues, many of which involve unsettled legal areas where there are real conflicts around rights, privacy, and things like that. You need collaboration across a whole host of areas to deal with these sorts of issues, including the business operators.
There is a huge diversity across my teams because the issues are so multifaceted and cross-cutting—and that’s what makes it so interesting!
Wilkins: One of the things we are particularly interested in is the relationship between compliance and law (see “The Chief Compliance Officer: Should there be a new “C” in the C-Suite?“). Notwithstanding what you just mentioned—which makes great sense—you nonetheless are a lawyer. How do you think that affects the way in which you do the compliance role?
Moniz: When I came to Viacom, and during my first few years here, the compliance function was part of legal. I was the associate general counsel (GC) for compliance. As such, I tended to look at matters through the lens of “being a lawyer.” Overtime, however, we saw the need for a separate compliance function. While there remains considerable overlap, one can easily imagine that, for example, litigators on the GC’s staff might be loathe to develop facts during an internal investigation that were ultimately going to implicate the company that they or their colleagues would then have to turn around and defend in a litigation!
In this instance, one is left with a Hobson’s choice: either create some independence internally or rely heavily on outside counsel (an option that, in part, defeats one of the purposes of building the in-house function). We obviously decided to create some independence and formed a separate compliance function with staffers who were dedicated to compliance.
As the function evolved, we stopped looking only at “Is this right or is this wrong” type issues (as important as they are) and evolved into a broader risk-management function that aids the businesses in managing their risks and exploiting opportunities. And to do that, I brought in people with different skill sets. For instance, I hired MBAs with backgrounds in management consulting to help evolve our much more operationally focused group. We changed the paradigm from “You can do this but can’t do that” to “How can we do this? How can we solve the problem?” In my experience, there are very few to no legitimate business problems for which there is no solution.
And now we are in the process of evolving even further. We are going beyond just solving problems—we are using our knowledge of risk to find opportunities. To give you an example, a few of our competitors took certain positions relative to certain markets that they viewed as not being open for business. The tools and strategies that our risk and compliance functions developed informed us they were open via alternative structuring (and this was subsequently ratified by regulators), thereby providing us with a competitive advantage.
We are going beyond just solving problems—we are using our knowledge of risk to find opportunities.
Wilkins: It sounds like you developed almost a different way of measuring the effectiveness of a compliance program. And that’s one of the questions we hear all the time: How do you tell whether a compliance program is working? How do you measure things that don’t happen, things that could happen, or things that have happened but you don’t know about?
Moniz: On the one hand, we have not found the Holy Grail for how to measure overall program effectiveness meaningfully; we’re just getting to a point where we can track the short-, medium-, and long-term outcomes of what we do and don’t do and, in particular, what the outcomes are. To give an example, most compliance programs have some sort of reporting mechanism for violations, or potential violations, of policies. Traditionally, a couple of measurements are how many calls you are getting and how long it takes to get from an initial complaint to a resolution. In terms of the resolution, you survey the victims or the people who made the complaint or the people who are involved and get a sense, at least qualitatively, of how they viewed the process and outcome.
On the other hand, we have found ways to be a bit more objective—for instance, tracking whether a resolved matter reemerged, whether our remedial work impacted the overall recidivism rate in a particular area. We ultimately risk-rank our operations by likelihood of occurrence or failure and the potential magnitude or impact of failure, all of which is critical to proper resource allocations.
Wilkins: You’ve presided over all these changes to the compliance function as Viacom itself has gotten more and more global (see “From the Journals“). How has that affected the evolution of the role and of the department?
As the CCO, there is no set of stakeholders you have not worked with, and often over high stakes and under severe time crunches.
Moniz: The first reaction was to match scale with scale. For instance, we initially focused on having dedicated people in some overseas locations so that they’d be closer to the business, be accessible in the same time zone, and be able to understand culturally where some of the fault lines might be. But over time we ended up centralizing some operations and decision making here in the United States, yielding somewhat more control and uniformity.
Even more important than that, however, is that our core strength is our diversity; we have people from different disciplines working on difficult problems. When you have someone overseas, it tends to be just one person per office and, to be honest, that person is typically a lawyer. As such, he or she doesn’t have the benefit of having people from different backgrounds and with different skill sets and mind-sets working to solve a problem. Some of our best insights and solutions have sprung from collaborations, typically involving businesspeople as well. Obviously, the CCO must be not only a good manager but also a real leader to bring everyone together.
Wilkins: Given all that, how much does your own background, coming from not just corporate law practice but also from a US attorney’s background, help you in the compliance function?
Moniz: It helps a great deal. At the end of the day, so much of what we do is investigative, which is obviously something you learn extensively at the Department of Justice. And by that I mean not just a whodunit about a fraud; I am referring to excavating and unearthing the true issues by asking the right questions, in the right manner, of the right people. That is something you’re well trained to do. For instance, you learn the importance of asking open-ended questions—perhaps, at times to a fault—until you truly understand the issues. And then, you dig even deeper.
Wilkins: I wonder if you think it also helps going now in the other direction. You were in the government, you were in private practice, then you started out in a GC position that evolved into this very sophisticated compliance role. One of the things we’re now seeing is people moving from the compliance role into the GC seat. What have you learned from being in compliance that you could bring with you if you decided to move into the GC role?
I see compliance potentially becoming an even broader discipline and encompassing things such as corporate social responsibility, government relations, and other ethics-based initiatives; in some companies, it is already happening.
Moniz: As a compliance person, you understand how to be able to work with a number of parties: you understand how to deal with the board of directors, business operators, government regulators; you are managing outside counsel, forensic firms, accountants, and so forth. There is no set of stakeholders you have not worked with, and often over high stakes and under severe time crunches. That is a lot like the GC role in some respects. The GCs who are the most successful are the ones who are very broad and can manage a lot of different issues, and play in a lot of different keys.
Wilkins: What do you think the future of compliance entails?
Moniz: It’s funny because a few years ago I would have said, “Wow. I’m not sure what the future of compliance is.” Now, it’s clear: compliance is here to stay—and will only grow. In terms of the function itself, when you look at the risk management measures and standards that were in place around 2008 and obviously failed the market, that led to a huge growth in compliance. Today, the definitions of and numbers of stakeholders have expanded considerably, and the ethical responsibilities are broadening as well. Corporations are being pushed to become more socially responsible. It’s not OK “just to turn a profit.” You’re expected not to pollute, contribute to global warming, exploit conflict minerals, and so forth. The CEOs of big companies are expected to be thought leaders. I mention all this because over time, the compliance function will broaden and begin to incorporate responses to these types of issues. I see compliance potentially becoming an even broader discipline and encompassing things such as corporate social responsibility, government relations, and other ethics-based initiatives; in some companies, it is already happening.
Henry Moniz is the global head of legal/regulatory compliance, internal audit, and strategic business practices for Viacom. Moniz is a member of the Advisory Board of the Center on the Legal Profession at Harvard Law School.
David B. Wilkins is the Lester Kissel Professor of Law, vice dean for Global Initiatives on the Legal Profession, and faculty director of the Center on the Legal Profession at Harvard Law School.