Congratulations on being a Compliance Officer!
Whether you’re an industry veteran or just starting out in your role, let’s face it, you’re a hero. It may not be easy for you to see yourself in this light, but it’s true. You make the world a better place. You are on the frontlines of combatting corruption and ensuring the safety of people both within and outside of your company. Although not always visible or direct, your role is making a real difference in the lives of countless people. Every day you carry the moral and ethical torch to guide a sprawling and ambitious business towards integrity. Your role is not easy and often underappreciated. Your influence touches nearly every aspect of the business, and you’re drawn into a wide diversity of complex issues and stakeholders. Yet, you manage it all, ensuring ethical business is continuously upheld. Taking on this challenge is something to be proud of. It is a badge of honor.
I have spent nearly 15 years in the compliance and governance industry, building compliance programs for major multinational organizations from all over the world. I specialize in creating bespoke compliance structures from the ground-up, often in organizations that never previously had the department. I’ve also worked in organizations that have gone through the worst-case scenario—a bribery & corruption scandal, prosecution and subsequent dpa (deferred prosecution agreements)/external monitor. This experience has provided me rich experience to draw from and share some key insight and tips to help make you a truly effective compliance officer.
But perhaps before we dive in, it’s important to define what being “truly effective” means. The dictionary definition of “effective” is to be “successful in producing a desired or intended result.” I would add that it’s not just being successful at obtaining the right results (which is ultimately a compliant solution), but also galvanizing the organization that wins the hearts and minds of those within it. Ultimately, being “compliant” is about the willingness of individuals to adhere to established norms and This easy 5 Step Guide will reveal some obvious and perhaps not so obvious insights into becoming a truly effective compliance officer. Without winning the hearts and minds of those you work with, compliance becomes, at worst, a simple “check in the box” exercise.
I hope this easy 5 step guide will reveal some obvious and perhaps maybe not so obvious insights to becoming a truly effective compliance officer.
These tips and tricks can be applied whether you are building an organization from scratch or an industry veteran within a mature organization.
1) Conduct an Interview-Based Compliance Risk Assessment: If you’ve been in the compliance industry, you’re aware that compliance risk assessments are the bedrock to ensure attention and resources are allocated where the company needs it most. According to the 2020, U.S. Department of Justice, “Evaluations of Corporate Compliance Programs,” the risk assessment is at the top of the priority. The guide states, “The starting point for a prosecutor’s evaluation of whether a company has a well-designed compliance program is to understand the company’s business from a commercial perspective, how the company has identified, assessed, and defined its risk profile, and the degree to which the program devotes appropriate scrutiny and resources to the spectrum of risks.” Over the years, I’ve seen many kinds of compliance risk assessments, but none are better than conducting individual one-on- one interviews with the executive committee, their direct reports, and other key stakeholders across the business and markets.
Coming up with a set of 10 or more questions to target and ask these stakeholders will give you more information than any formal methodology. It will also give you a base-line and the opportunity to personalize your message as well as form bonds that you will routinely rely on. One-on-one interviews allow you to dive deeper into issues that often don’t show up in a regimented survey. Creating that interpersonal dynamic with key stakeholders is key to getting your risk assessment right.
2) Accept that you’re in the People Business: Compliance comes in many flavors. You have traditional anti-corruption and anti-bribery, anti-money laundering and counter terrorism financing, third party/kyc due diligence, regulatory, and operational compliance issues, the list goes on. While each area requires its own specialized approach, tools, and resources to tackle, fundamentally, compliance is a people business. The sooner you understand and accept this, the easier it will be to do your job. Compliance is a unique function where you are judged not entirely on your own performance and actions, but mostly and relevantly by the actions of others. The more effective you are at doing your jobs, the more the actions of others will be in compliance. The less effective you are, the more non-compliances will show. Thus, once you understand that inter-personal relationships is the primary vehicle to ensuring compliance, then life becomes easier.
This then must be followed by the ability to galvanize, communicate and relay the appropriate instructions through those relationships, in order to be truly effective.
3) Know the Internal Power Centers and Create Alliances: Let’s face it, if you’ve been in compliance long enough, you know the ups and downs that can come with managing a complex, sprawling and highly ambitious business. Once you’ve accepted that compliance is fundamentally a people business, then it’s time to get into strategies to help you navigate your role. Every organization has highly influential stakeholders within them. Perhaps it’s the traditional C-suite. Perhaps it is a series of entrenched and well-connected individuals or high performers. There are many manifestations of internal power and political dynamics that you simply cannot afford to ignore. To be an effective compliance officer, you have to first identify and understand the internal power centers and create strong alliances with those individuals. These alliances will play dividends in ways you can never truly anticipate. It’s one thing to be the voice of ethics and have everyone listen to you. It’s another to have non-compliance professionals be the voice of ethics and support you.
The business respects and values the input of other businesspeople. Creating those alliances is a sure bet to ensuring you’re a truly effective compliance officer.
4) Hire the Best Talent on your Team: A poorly kept secret in compliance is that we are constantly budget constrained and fighting for financial support. Unfortunately, businesses often look at compliance as a cost center. It’s very difficult, although not impossible, for compliance professionals to robustly reflect the “return on investment” since much of what we do centers on enforcement avoidance—which is often an event that hasn’t actually happened. Whatever the financial resources of your department, talent, as with any department, is absolutely critical. I’ve been in departments with robust budgets, only to experience draconian cuts during an economic downturn. This cycle is all too familiar. That’s why it’s critical to build a core team that you can rely on 100%. Establishing strong deputies is critical. My personal rule of thumb is that if you can’t envision your direct reports someday doing your job (or perhaps even doing better than you,) then you have the wrong direct reports!
Being an effective compliance officer means having the courage, self-confidence and leadership to hire the best talent, even when that talent may be better than you in some areas.
5) Keenly Understand & “Divest” Your Liability: This is quite a taboo, if not, a very tricky subject to deal with. Compliance is ultimately a legal matter. Although many compliance professionals are not lawyers or law degree holders (like myself), without understanding legal liability, it will be very difficult for you to be truly effective. Non- lawyers must keenly understand what actions/decisions constitute a liability within the context of your respective regulatory frameworks for yourself (and your department), the executive committee and the business. Without understanding this, you cannot successfully ensure the company is on the right side of the law, apart from putting in place broad governance and perhaps some internal controls. Liability is often a tricky thing to discern and even lawyers muse extensively over this. It’s one reason why arbitration cases can be so arduous. However, once you understand liability, it’s important to “divest” this liability by sharing the information.
There is nothing worse than a compliance officer who does not understand liability, and subsequently compartmentalizes this information within the compliance department. It may seem like a simple and straightforward exercise, but I’ve seen this mishap countless times. Avoiding the compartmentalization of information that creates liability is one of the reasons why companies often couch compliance under the legal department despite the fact best practices establish this is not the most beneficial governance construct. Being a truly effective compliance officer means ensuring critical information that creates liability is “divested” by communicating it to the appropriate stakeholders and channels, and then subsequently creating the appropriated be-spoke mitigation strategies to contain or altogether avoid the liability.