Q&A Business Partner–Guardian: Building a Culture of Compliance and Legal Excellence

Tom O’Neil leads BRG’s Governance, Regulatory, and Compliance (GRC) practice. He is a managing director with broad private- and public-sector experience including leadership roles in boardrooms and C-suites of companies in the health sector. He recently spoke with Dan Troy, a BRG managing director and former chief counsel for the US Food and Drug Administration (FDA). Dan is a globally recognized healthcare lawyer and accomplished executive whose distinguished career has included leadership positions in the life sciences, legal, and regulatory sectors, including as general counsel (GC) at GSK.

Tom and Dan sat down to discuss the evolving role of chief compliance officers (CCOs), how Compliance and Legal can collaborate most effectively, and how to strike the right balance between guardian and enabler.

Tom: Given your experience at the FDA, what are practical strategies for embedding compliance and ethics into a company’s DNA, so they are integrated into operations and align with the company’s values?

Dan: I’d like to introduce a concept often discussed in the general counsel space but equally relevant to compliance and ethics: the “business partner–guardian.” To effectively serve the business, compliance officers should strive to be both partners and guardians. While everyone wants a partner who says “yes,” a true guardian helps guide the business toward success within the boundaries of applicable laws and regulations. By providing strategic guidance and ensuring compliance, CCOs can enable the business to compete fiercely and fairly.

Tom: How can compliance officers balance the need to address board and stakeholder concerns with maintaining their independence as the company’s ethical compass, especially in today’s climate of heightened scrutiny?

Dan: The CCO role has evolved. There can be real value in separating the Legal and Compliance functions. This approach brings two independent perspectives to the table. Each is driven to provide honest and accurate assessments to the CEO and board. It’s very important that the compliance officer has a direct relationship with the board and feels empowered to raise concerns. This independence is essential for maintaining the integrity of the Compliance function and fostering a culture of transparency, accountability, and ethical decision-making.

Tom: Given the importance of both the GC and CCO in ensuring a company’s ethical and legal integrity, what does an ideal collaborative relationship look like? And what factors contribute to a more synergistic partnership?

DanN: The CCO and GC should have a close working relationship. The relationship between Compliance and Legal and the audit team is very important. Some organizations have lawyers do monitoring, which isn’t efficient or particularly effective. It’s not a good use of the lawyers’ time or the organization’s money. Compliance is better suited to do this type of work. The way I see it, Compliance includes “owning” three primary things: past, present, and future. The past involves overseeing certain kinds of audits and compliance investigations, although Compliance should know when to call in the Legal team before or after certain investigations so they can be done under privilege. The present involves monitoring, and the future is writing policies, again with close cooperation from Legal (and, of course, the business).

Tom: What are the key roles and responsibilities of a management compliance committee? How can such a committee be effectively empowered and utilized to enhance a company’s ethical and legal posture?

Dan: The most effective board members actively engage with the organization beyond formal board meetings. At GSK, we encouraged board members to participate in leadership team meetings and worked to provide them with a deeper understanding of our operations and decision-making processes. I had a regular one-on-one every other week with the head of GSK’s audit and risk committee. This firsthand exposure enabled committee members to ask more informed questions, offer valuable insights, and ultimately provide stronger oversight.

Tom: That is an excellent point, Dan. The illusion of security provided by episodic oversight can be a dangerous trap. True board effectiveness requires a commitment to ongoing engagement and a deep understanding of the organization’s risks and opportunities.

Tom: From your perspective, what are some hallmarks of a successful compliance officer?

Dan: A good compliance officer is a force multiplier. What I mean is that they understand the balance between being a business partner versus a guardian. A good compliance officer will be aligned and have a good working relationship with their legal counterpart. In my past role, sometimes people would ask me when they should call Legal versus Compliance, and my response was always, “Pick up the phone and call either one. Let’s sort it out.”

Tom: I couldn’t agree more. While each may have different areas of expertise or primary ownership, the collaboration between the two becomes paramount.

Tom: The Loper Bright decision has resulted in a lot of speculation. What do you think may be the near- and longer-term consequences of the elimination of Chevron deference?

Dan: There has been a strong reaction, and some have catastrophized the decision, but I don’t think it is going to make that much of a difference and will matter mostly in marginal cases. First, in cases where the government has already staked out an aggressive position, there may be some vulnerability, and so the decision could change the way they argue their positions. My recommendation would be that the government should argue they have a better reading of the statute. I believe the most salutary benefit of overturning Chevron is that there will be less “ping ponging” between administrations or “revolving door” decisions that change with each new administration that comes into office.

Tom: How would you advise a newly appointed general counsel or compliance and ethics officer at a rapidly growing life sciences company to effectively balance the roles of guardian and strategic enabler we discussed—especially when these roles may conflict?

Dan: When you encounter those tensions or areas of conflict, it’s important to have a candid conversation with the CEO or business head and explain that although “no” might seem unwelcome, ultimately it’s a strategic move to protect the company’s long-term interests.

At GSK, we would look at catastrophic compliance failures at other companies and try to learn from those examples. We’d have conversations, share these failures, and make sure we were all in agreement that we wanted to avoid the same fate. Using real-world examples can help when you need to play that role of guardian. However, this requires the ability to go to a CEO or business head and have candid conversations.

Additionally, as a strategic enabler you need to know where the business is going and be able to scan the environment so you are ready for whatever may come. If you are fixated on where the business has been and not looking forward, you won’t be able to help lead and navigate.