Moving compliance from the margins to the centre: an in-house perspective

Thiago Bueno Vaz, Regional Compliance Officer Americas at MANN+HUMMEL Filtration Technology, explores how regulatory expectations around “effectiveness” translate into practical influence inside organisations.

When the U.S. Department of Justice evaluates a corporate compliance program, it does not focus on the mere existence of policies or reporting channels. Its Evaluation of Corporate Compliance Programs makes clear that prosecutors are instructed to examine three fundamental dimensions: whether the program is appropriately designed, whether it is genuinely implemented with sufficient resources and authority, and whether it actually works in practice. The emphasis is not on formality, but on effectiveness.

Going further south, Brazilian regulation adopts a similar logic. Decree No. 11.129/2022 regulates Law No. 12.846/2013, aka the Brazilian Anti-Corruption Law, sets out objective parameters for evaluating integrity programs. It requires demonstrable commitment from senior management, periodic risk assessment, effective reporting channels, disciplinary measures and continuous monitoring. In other words, the assessment goes beyond formal structure and examines whether the program is genuinely structured, applied and updated in light of the company’s specific risk profile.

Across jurisdictions, the regulatory lens has sharpened. Although effectiveness has always been the stated objective, contemporary enforcement places far greater weight on demonstrable functionality rather than formal architecture.

A compliance program, however sophisticated, does not decide whether to walk away from a risky deal or escalate a concern. Policies do not pause transactions. Control matrices do not exercise judgment. People do, and they do so within webs of influence, expectation, and accountability. When those relational dynamics lack credibility or alignment, the program risks becoming ornamental.

Anyone who has worked in-house recognises the pattern. The call comes late. The due diligence is seen as delay. The cultural issue surfaces only once it escalates. Compliance is invited to the party only after the cake has already been served. Most of the time, these dynamics are not the result of bad faith or open resistance. They reflect structural patterns common to complex organisations.

Then, the real question becomes: what actually changes the pattern? The answer rarely lies in more policies. It lies elsewhere. And if your compliance department is to move from the margins to the centre of decision-making, three topics deserve attention.

The first one is distance. Compliance must be independent. That is non-negotiable. Yet independence can easily become isolation. When compliance is perceived internally as a late-stage reviewer, a procedural obstacle, or an investigative authority, engagement becomes defensive. Sales reaches out at the last minute. Procurement views due diligence as friction. Executives involve compliance only once exposure is already visible and almost not fixable.

“Executives involve compliance only once exposure is already visible and almost not fixable.”

Distance is rarely about reporting lines. It is more about operational understanding. A compliance function that does not know the business – the margins, the industry dynamics, the supply chain realities, the pressures faced by plants and commercial teams – will struggle to influence decisions in real time.

Proximity, in this sense, is strategic. When compliance understands how the business actually functions, it becomes capable of structuring risk without paralysing activity. Early involvement reduces tension. Context builds credibility. Credibility builds influence.

The second topic is incentive alignment. Law & Economics has long recognised that individuals respond predictably to incentives. Policies articulate standards, but incentive structures often determine how decisions are made when pressure builds.

Modern enforcement frameworks incorporate incentive structures. Under U.S. federal sentencing guidelines and DOJ policy, the effectiveness of a compliance program may influence charging decisions and the calculation of penalties. Brazilian regulation follows a comparable approach: Decree No. 11.129/2022 provides that an integrity program may be considered in the determination of administrative sanctions. In practical terms, the regulatory architecture creates a tangible incentive for organisations to invest in effective compliance.

Inside the organisation, the dynamic could be challenging. If growth is rewarded no matter how it is achieved, people will focus exclusively on growth. If cost savings matter much more than supplier checks, shortcuts become tempting. If managers are judged only on short-term results and not on how they lead their teams, process integrity will gradually give way. Thus, organisations always signal what matters. People pay attention to those signals.

Alignment requires more than avoiding negative consequences. It may require positive reinforcement. Recognising teams that raise concerns early. Valuing participation in training beyond mere attendance. Incorporating ethical leadership and process integrity into performance evaluations. In some contexts, even linking elements of compliance engagement to variable compensation can signal that integrity is not peripheral to success, but part of how success is defined.

An effective program is not sustained by fear alone. It is sustained when the signals sent by the organisation are coherent, both externally and internally.

The third element is trust. Regulatory frameworks require organisations to implement reporting channels. Yet the existence of a channel does not guarantee trust in it. A silent hotline can signal two very different realities: the absence of misconduct – or something far more troubling – the absence of belief.

Employees raise concerns when they believe reports will be handled fairly, confidentially, and consistently. They can remain silent when they suspect selective enforcement, especially if those perceived as indispensable or untouchable appear to receive different treatment.

If disciplinary measures vary according to hierarchy or influence, the credibility of the entire integrity program begins to erode. Regulators pay attention to consistency in enforcement, but internal stakeholders are often the first to notice when standards are applied unevenly.

Rebuilding trust is rarely about adding new procedures. It is about visible consistency. That consistency, however, does not necessarily mean publicising every disciplinary decision. In many compliance roles, confidentiality is not optional. Investigations involve privacy concerns, legal exposure, and reputational risk. Details cannot always be shared.

Yet silence should not translate into opacity. Even when specific cases remain confidential, organisations can communicate principles. They can reaffirm that standards apply across levels, that non-retaliation commitments are enforced, and that misconduct carries consequences irrespective of hierarchy or performance metrics. Some formalise this through transparent disciplinary frameworks that define how violations are assessed, even if outcomes remain private, signaling that standards apply uniformly, regardless of position or sales performance.

Trust is not built through disclosure of details. It is built through repeated, predictable signals that accountability is real.

Ultimately, regulatory frameworks may define effectiveness. But effectiveness is lived, not declared. It is shaped by how people interpret signals, respond to incentives, and trust the system around them.

When expectations, incentives, and consequences align, effectiveness may cease to function merely as a regulatory requirement and instead become part of how the organisation operates. That alignment is deliberate. It requires consistency. And it is worth pursuing.

Related Publications