Beverage Execs Talk About the Logic of Aligning Legal and Compliance Functions

In this interview, legal leaders from wine and spirits distributor Southern Glazer’s discuss the importance of aligning legal and compliance programs in the highly regulated alcohol industry.

Alan, since your promotion in 2023, what were your top priorities in reshaping or advancing the compliance function, and how did you align those goals with the company’s broader business strategy?

Alan Greenspan: When I was promoted to executive vice president, chief legal and compliance officer on September 1, 2023, I was fortunate to inherit a strong program. The previous chief compliance officer was also a company owner, so the function had long been well-resourced and thoughtfully built. While I had overseen compliance in a prior role at Glazer’s Distributors, before its 2016 merger with Southern Wine and Spirits of America, I served as general counsel after the merger and did not lead compliance directly until this recent transition.

When I stepped into the role, I took time to listen and learn. I spoke with our compliance professionals and interviewed business teams nationwide to understand how they interacted with and relied on compliance. I also engaged a consultant to assess our program independently. While we confirmed that our compliance function was likely the best in our industry, I wanted to elevate it further, to a world-class level that could stand alongside top programs in any sector.

To understand the day-to-day realities, I even served for a few months as a frontline compliance attorney, fielding real-time questions and issues. That experience reinforced my view that while we were in a strong position, we could benefit from an outside perspective. So I was excited when Matthew Carter applied. I’d followed Walmart’s compliance transformation closely, and Matthew’s broad experience, especially in international compliance, was exactly what we needed. With his addition, we built a team that blends internal talent and external insight to push us toward that world-class standard.

Matthew, when you joined the company, how did you approach assessing the compliance program, and what did you discover?

Matthew Carter: Like Alan, I spent my first 30 to 60 days listening and learning. I met with our compliance team and business units to understand the state of the program and opportunities for improvement. What I found was a team full of deeply experienced professionals, people who knew trade practice compliance law inside and out. Given the complexities and variations of laws across states, their knowledge reminded me of sectors like pharmacy and consumer protection, where regulations are highly detailed and state-specific.

The team’s primary focus was on training and awareness. They conducted instructor-led sessions annually across the country, which generated an ongoing stream of questions. They responded diligently, delivering consistent guidance. However, they were operating in a reactive cycle, always preparing for the next session without the time or space to fully develop the broader elements of a modern compliance program. While their work was foundational, we needed to evolve.

We looked to the Department of Justice’s guidance for corporate compliance programs, which outlines 12 essential elements. We adopted that structure as our model, which can be applied across any subject matter, including ethics. Our goal was to move beyond just training and advice and build a comprehensive, proactive compliance framework aligned with DOJ expectations.

What changes did you implement to modernize the training approach and free up resources for broader compliance efforts?

Matthew Carter: Our first step was to reassess our training approach. We needed a method that would scale, free up team capacity, and deepen employee engagement. We partnered with our Enterprise Technology Team and SG Creative, our in-house marketing group, to create a new digital-first training experience. The result was a series of short, animated learning modules, with every word carefully written and designed to be engaging and accessible.

These modules are paired with Compliance Distilled, a new internal platform we built from scratch. It houses all compliance content in one place and is accessible from every company device, including mobile devices. Each module directs employees to the platform, where they receive additional content, including a message from our President and Chief Executive Officer, Wayne E. Chaplin, reinforcing the importance of compliance and ethics. There’s also a lighthearted “Top 10 List” of policies and guidelines, along with links to key resources.

One standout feature is the interactive map. Employees can select their state to view relevant compliance contacts, local brand information, and a tailored infographic that explains state-specific rules and regulations. This makes dense legal content easy to understand and more accessible.

Since launch, engagement has been outstanding. In the last 90 days alone, we had 3,843 new users and 2,916 returning users. We can track content views, time on site, downloads, and more. Nearly half of employees now access the platform via mobile—something we enabled after initial feedback. This initiative, which took approximately nine months to develop, has significantly enhanced how we deliver compliance content while freeing our team to focus on higher-level priorities.

Beyond training, what other major compliance initiatives have you launched since joining?

Matthew Carter: Our second major initiative was building a robust third-party management program. Regulatory enforcement in our industry often focuses on third parties involved in marketing, promotions, travel, and events—areas where compliance risks escalate. History shows that these vendors sometimes violate trade practice laws, often outside the direct oversight of the companies that hire them.

We started by updating our anti-bribery and anti-corruption policies to flag high-risk third-party categories. Then we issued a company-wide checkpoint, an acknowledgment form accompanied by a message from Alan Greenspan, to around 2,000 employees with gatekeeping responsibilities. This was followed by instructor-led training for the same group, ensuring awareness and alignment.

The results were dramatic. We reduced our vendor base in these categories from over 1,300 to just 390 entities that are now known, vetted, and under contract. Nearly all of them have agreed to our compliance and audit standards, and we are on track to formalize contracts with the remainder.

This program reflects our broader compliance philosophy: we aim to apply DOJ principles rigorously across all areas, not just policy and training but also risk management, monitoring, remediation, and third-party oversight. Together, the training modernization and third-party initiative have been our key “moonshots” to date, and they’ve positioned us to scale a world-class compliance program that is efficient, responsive, and business-aligned.

How have you approached aligning legal and compliance to ensure strategic cohesion and operational efficiency, particularly during rapid program development?

Alan Greenspan: Every company has to decide what works best for them. For us, aligning legal and compliance under one umbrella has been the right model for several reasons. Both functions often compete for limited resources. By unifying them, we’ve expanded the pool of available talent and support.

Our compliance team, now 13 strong, benefits from access to the broader legal department, which includes 15 attorneys, investigators, and labor and employee relations professionals. In total, about 65 people support the combined function. (We also support and work very closely with our Environmental Health & Safety Compliance Team, which is embedded in our Operations/Supply Chain business.) This structure enables us to deeply embed compliance into the company’s fabric, which is essential for its success. It can’t be imposed top-down. While tone at the top is critical, ownership must be shared throughout the organization.

As I was drafting the job description for Matthew’s role as senior vice president of compliance and ethics, an outside consultant reminded me that no one person is responsible for compliance. Everyone is. That’s why we’ve embedded compliance attorneys within our regional leadership teams and built a Compliance Champion network. These champions aren’t attorneys; they’re individuals in other roles who have shown a passion for compliance. We’ve given them training, support, and formal recognition as an extension of the compliance team.

What metrics or benchmarks do you use to measure the success of your compliance efforts?

Matthew Carter: We track many of the expected metrics. Training completion is foundational. We initially set a 90% goal, which was standard in my past roles. However, one region quickly exceeded that, setting a new bar at 100%. We’re now consistently achieving near-100% completion rates across all regions. In most cases, the only reason we’re not at a full 100% is the inclusion of new hires who haven’t yet completed their onboarding training.

This level of participation reflects the company’s strong leadership at the top, and, I’d add, healthy internal competition to be the best. As Alan mentioned, once we started publishing training metrics by region, teams began racing to reach 100% first. Even our corporate team joined in, achieving near-perfect results. Our CEO himself completed the training, which sent a clear message across the organization.

Beyond training, we monitor digital engagement through our Compliance Distilled platform. We track unique and returning visits, time spent on pages, content downloads, and which materials are most accessed. This enables us to tailor content and continually improve the experience.

This data helps us measure effectiveness and inform future content development. It’s been encouraging to see how strongly employees engage, and we’re using that insight to shape future campaigns.

Can you share more about how you monitor compliance risks, especially in third-party oversight and employee behavior?

Matthew Carter: Our third-party program has been a major focus, especially in light of long-standing risks in our industry, such as improper marketing or promotional activities. These often involve third parties rather than direct employees, which makes oversight more complex. To address this, we updated our anti-bribery and anti-corruption policies to flag high-risk third-party categories. We followed that with a mandatory companywide acknowledgment and training program that reached about 2,000 employees.

Since launching in April, we’ve reduced the number of vendors in this space from 13,400 to just 370. Those remaining are fully vetted, under contract, and subject to our compliance and audit standards. We monitor key metrics, including vendor approvals, contract completions, and audit outcomes, to ensure ongoing accountability.

Another area we closely track is corporate card use. The “card swipe” issue, a known risk in alcohol industry trade practices, is something we proactively address. With over 6,000 corporate cardholders, we’ve implemented a robust audit program with monitoring to catch irregularities. Every cardholder has been trained and has acknowledged their responsibilities.

Later this year, we will also launch our first company-wide engagement survey, focusing on ethics and compliance. It will help us gauge employee sentiment around integrity, trust, and speaking up. We consider it our “integrity index.” Beyond response rates, we’ll be analyzing answers to questions like: Do I observe ethical behavior from my supervisors? Do I feel safe raising concerns? This will offer a valuable view into the “tone in the middle,” which is a critical complement to tone at the top.

What challenges did you encounter while implementing your new compliance programs, and how did you address resistance or operational hurdles?

Alan Greenspan: Fortunately, the Department of Justice has provided clear guidance on what constitutes an effective compliance program. There’s no guesswork. The framework is practical and thoughtfully designed, and we’ve followed it closely at Southern Glazer’s. The DOJ’s model—moving from training to auditing, investigation, remediation, and back to training—works like a flywheel. Once in motion, it builds momentum.

Our industry has unique trade practice rules dating back to the repeal of Prohibition, and those remain a top priority. But as a large, global company, we can’t stop there. Under Matthew’s leadership, we’ve broadened our approach to cover the full spectrum of compliance risks, from OSHA to environmental and beyond. A recent risk assessment confirmed our industry-specific obligations remain central, but also helped surface enterprise-wide risks that demand attention. Expanding the program required a structured approach, a clear strategy, and buy-in from across the business.

What’s been the most significant operational challenge in executing these programs, and how did you gain cross-functional support?

Matthew Carter: The biggest challenge has been complexity. Even with a strong compliance team, you can’t execute major programs alone. Success depends on deep collaboration across the business.

Take our third-party program, for example. Initially, billing and invoicing were handled through manual processes, including email chains and informal approvals. We needed the Enterprise Technology Partners and Finance Transformation teams to help implement a proper system. We worked with Procurement to distribute due diligence questionnaires, with HR to deploy checkpoints and define training audiences, and with regional leaders to ensure field adoption.

None of this would have worked without strong leadership alignment. Compliance Distilled, our comprehensive training program, and our third-party efforts would’ve remained ideas on paper without partners across departments. When compliance teams are stretched, the only way to meet complex challenges is through executive support that helps mobilize resources and break down silos.

Looking ahead, how are you preparing your compliance and ethics team for future risks and regulatory developments?

Alan Greenspan: We’re constantly scanning the horizon. If you’re always reactive, you’re always behind. While our industry is facing economic headwinds, we’re keeping a close eye on behavior. In challenging times, people may be tempted to cut corners, so we’re staying vigilant.

One emerging risk we’re actively addressing is artificial intelligence. It’s evolving rapidly, becoming more powerful, more accessible, and, frankly, more tempting to misuse. Some companies tried banning AI altogether, but we found that employees simply found workarounds. Our approach has been to embrace the technology cautiously. We encourage its use, but with clear guardrails and ongoing guidance from our compliance team. That’s how we can enable innovation while staying ethical and compliant.

Stay up-to-date. Sign up for the Today's General Counsel Daily Updates newsletter.

What are your next priorities for strengthening compliance across the enterprise?

Matthew Carter: As Alan said, risk assessment is our next frontier. In our first 18 months, we focused on addressing known issues. Now, we have the opportunity to conduct a truly comprehensive risk assessment consistent with DOJ guidance, not just our traditional compliance areas.

This process isn’t a one-time effort. It will be refreshed annually, with input from a broad range of stakeholders to avoid an internal echo chamber. We’ll bring in fresh perspectives—legal, business, and external experts—to ensure we don’t miss emerging risks.

For instance, privacy is top of mind. While we currently serve business customers and don’t collect much consumer data, that could change. I’ve worked in environments where consumer privacy was a central concern, and I know how quickly risk profiles can evolve. That’s why we’re embedding ourselves closely with the business, to anticipate where it’s headed and ensure compliance keeps pace. Risk isn’t static, and our program can’t be either