Southern Co. Beefs Up Compliance Through Collaboration, Leveraging Partners

Bloomberg BNA’s Corporate Law & Accountability Report is available on the Corporate Law Resource Center. This news service keeps corporate practitioners informed of legal developments of...

By Yin Wilczek

June 1 — The leveraging of internal and external partners has allowed Southern Co.'s compliance program to be more effective, the electric producer's ethics and compliance director said June 1.

With 26,000 employees, Southern Co. serves some 4.4 million customers in four states through subsidiaries that include Alabama Power, Georgia Power, Gulf Power, Mississippi Power and Southern Power.

Compliance is “one of the most collaborative areas I've ever worked in,” said Robert Frisbee, speaking at a Practising Law Institute compliance conference panel that used Southern Co. as a case study.

Most compliance departments don't have enormous staffs or huge budgets, Frisbee said. “Your biggest success is going to be how well you can leverage other people” and departments within your company to make the “compliance department competitive and effective.”

Working Together 

Frisbee noted that Southern Co.'s compliance structure “calls naturally for people to work together.”

The company's core ethics and compliance team consists of the chief compliance officer, the ethics and compliance director, the concerns manager, the compliance assurance manager and the personnel risk assessment manager, Frisbee said. The team's responsibilities include the design and implementation of the corporate compliance structure, the identification of applicable laws and regulations, data privacy and protection, and the administration of the company's hotlines and internal investigations.

As ethics and compliance director, Frisbee reports to the chief compliance officer, who currently also is the company's general counsel. Southern Co. is in the process of reorganizing its compliance structure and is considering the hiring of a full-time compliance officer who will report to the GC, Frisbee said.

Each Southern Co. subsidiary has its own compliance manager, compliance officer and compliance risk teams, Frisbee said. The compliance managers meet physically at least every other month to discuss issues and potential problems. He added that they also meet regularly to discuss specific topics in their programs such as environmental concerns.

Internal Partners 

Meanwhile, the compliance program's key internal partners include the auditing, human resources, corporate security and information technology departments, Frisbee said.

For example, while the compliance program investigates employee misconduct, the actual discipline is handled by human resources, Frisbee said. He also noted that corporate security provides ingress and egress records and handles relationships with local law enforcement authorities.

The compliance program's internal partners also include compliance “subject matter experts” (SMEs)—risk teams knowledgeable in areas such as the supply chain, finance, workplace safety, environmental, marketing and government relations, Frisbee continued. Among other assistance, the SMEs assist compliance by providing input to the company's ethics code, conducting risk assessments, and keeping abreast of laws and changing regulatory requirements, Frisbee said.

Using Liaison Networks 

Conference moderator Rebecca Walker, a partner at Kaplan & Walker LLP in Santa Monica, Calif., noted that many organizations use SMEs, compliance and ethics liaison networks, and other similar systems where the staff is drawn from other business departments and not charged with full-time responsibility for compliance. While such networks may make sense for a company, it also bring some challenges, she warned.

It is important that compliance and ethics liaisons are given enough time and resources to perform their compliance responsibilities, Walker said. In addition, personnel in these networks must be trained, including on how to investigate employee misconduct and how to answer compliance questions, she said.

“Very importantly, you want to make sure they have an appropriate level of independence and authority to implement their compliance and ethics responsibilities,” Walker stressed. “That might mean they have some kind of dotted-line reporting into the compliance and ethics function.”

External Partners 

The compliance program's key external partners include outside counsel, vendors, and business and professional associations, Frisbee said. “Local groups in your area can be invaluable,” he added. He cited, among other examples, the Atlanta Compliance and Ethics Roundtable, a group that focuses on compliance best practices whose members include Home Depot and United Parcel Service.

The key baseline compliance items that are reported to Southern Co.'s audit committee include investigation results and metrics, audit program assessment results, and the company's compliance risk profile and risk mitigation strategy, Frisbee continued.

“We chart out what we're going to communicate” to the audit committee every quarter, he noted. “We want to make sure” board members are knowledgeable about the company's compliance program.

Compliance Best Practices 

In other comments, Frisbee suggested some best practices employed by his company. One is that a few years back, Southern Co. issued an internal document—its “Ethics & Compliance Corporate Framework”—that summarizes every aspect of its compliance program. “I would highly recommend that” because the manual serves as a quick reference for new compliance officers, board members and every time there is a regulatory issue, he said.

Frisbee also noted that large companies with multiple subsidiaries should develop some kind of board reporting and disclosure process.

At Southern Co., compliance managers from the different subsidiaries have to sign confirmation letters every quarter that their programs are working effectively, Frisbee said. In addition, a compliance questionnaire goes out every quarter to more than 200 employees across the company, and their answers are assimilated and compiled in a compliance disclosure report, he said.

The questionnaire “helps us demonstrate that our program is reaching down to the lowest level,” Frisbee said. Being able to show that is a major challenge that all larger companies share, he added.

To contact the reporter on this story: Yin Wilczek in Washington at

To contact the editor responsible for this story: Ryan Tuck at