Chief Compliance Officers are fallible – I know that is not a controversial statement. To err is human, and CCOs are members of the human species.
With the enormous expectations placed on CCOs’ shoulders, they are bound to make some mistakes. I have seen CCOs who have run into difficulties, and occasionally they have contributed to the problem through their own behaviors.
I thought I would identify some of the common mistakes I have seen. It is hard to generalize, but I have observed some common themes.
So, here is my list:
#1: Buying CEO Happy Talk
The compliance profession regularly runs into a credibility problem. When joining a company or when seeking major changes in the company’s compliance program, the CEO and other managers often make promises or characterize their commitment to compliance, and many CCOs believe it without pressure-testing the claims and promises.
CCOs should be more skeptical when a CEO’s or senior manager’s assertions sound too good to be true. Many CCOs have been “burned” by these promises; they joined the company and then found out the CEO’s representations were indeed false. In the face of these difficulties, CCOs have no other choice but to speak with their feet and leave. Whenever you see such a short stint on a CCO’s CV, you know the CCO faced some serious problems.
CCOs have to bring more skepticism to the table. CEOs and senior managers have become adept at mouthing the words of compliance and making it sound like they are committed. CCOs listen to their claptrap without questioning or demanding more proof before joining the company. I know it can be difficult in the context of a job search to raise these kinds of issues, but CCOs have to apply their due diligence skills.
#2: Ignoring Corporate Culture
Most CCOs love their compliance controls. They like the “certainty” of a policy, demand performance in accordance with the procedures and then wait to measure compliance with some hard and fast numbers that show how “effective” the compliance program is operating. Of course, compliance controls are important, and rules need to be followed. Everyone understands this basic requirement.
CCOs, however, have to embrace and promote the company’s culture. CCOs often ignore this area or devote little time to developing innovative ways to promote and measure a company’s culture. Granted, it is much more amorphous, but the returns can be significant to the overall business performance. We all know that an ethical culture adds to the company’s bottom line, and CCOs have to be willing to educate the board, the CEO and senior management on this important issue. After getting buy-in, CCOs have to design and implement strategies to promote corporate culture, measure it and address culture issues.
#3: Reinforcing Stovepipes
CCOs have a lot of work and often feel overwhelmed because of a lack of resources and technology. At the same time, CCOs tend to spend time with their staff, working on compliance issues but failing to devote adequate attention to building relationships with natural allies: human resources, legal, internal audit, information technology and security.
Like politicians, CCOs have to schmooze and gain support from natural allies. They have to create win-win solutions, not just a list of demands to make the relationship beneficial to both parties. It means getting out in the company, “walking the halls” and using interpersonal skills to advance the program.
#4: Becoming the Sheriff
If a CCO walks into a room and company officials say (or joke), “uh oh, here’s the sheriff,” that is not a good sign. A CCO who embraces the enforcement aspect of his/her job is doomed to fail – no one will communicate, and no one will trust the CCO to help them solve problems. CCOs have to avoid this trap. A CCO has a lot of power over company employees and discipline. But a CCO has to work hard to become a problem solver, not a “Doctor No.” Company employees have to feel comfortable to communicate issues to the CCO, knowing that the CCO will solve problems to make sure business managers and employees can do their jobs while ensuring compliance with the law and the company’s code of conduct.
#5: Avoidance and Failure to Prioritize
CCOs face an overwhelming number of tasks and projects. It is hard to prioritize what needs to be done. Under these circumstances, some CCOs will avoid the tough issues that may require serious discussions with senior management and the board, and instead stick to issues over which they have greater control (meaning they can implement a specific initiative without relying on too many folks outside the compliance department). There is a natural inclination for a CCO to accomplish tasks under his or her control without taking the major effort to build internal support and convince senior leaders to make some changes. These initiatives can be frustrating and may result in little change, but CCOs have to stick to priorities, follow the map from its risk assessment and seek to solve the larger problems. Priorities are important, and care has to be taken when allocating time, attention and resources to specific projects.
His practice focuses on white collar defense, corporate compliance, internal investigations, and regulatory enforcement matters. He is a former federal prosecutor with almost 30 years of experience in a variety of government positions and private practice.
Michael maintains a well-known blog: Corruption Crime & Compliance which is frequently cited by anti-corruption professionals and professionals in the compliance industry.Michael has extensive experience representing clients on matters involving the Foreign Corrupt Practices Act, the UK Bribery Act, money laundering, Office of Foreign Asset Control (OFAC), export controls, sanctions and International Traffic in Arms, False Claims Act, Congressional investigations, online gambling and regulatory enforcement issues.Published by Conselium Executive Search, the global leader in compliance search.