It was a relief to read in a recent post on the FCPA Blog that compliance officers aren’t crazy, but are in a tough job, always caught between flawed human nature and meeting the ideals of effective management and business integrity.
So let’s talk about ways to make the job . . . . better.
But here are some details, as I see it.
Under Compliance 2.0, compliance officers aren’t in-house lawyers. They are not auditors, or human resource people, or project managers, or part of general risk management.
They are the leadership for, and subject matter experts on, all of the elements that make up the company’s compliance program.
Consider a key example. Nothing is more important for heading off illegal or unethical business than tip-offs from internal whistleblowers. Companies often fail to create the right atmosphere so they will come forward. Then they mishandle the report.
Learning from experience, compliance officers are the subject matter experts for handling whistleblower complaints and supervising the follow on investigations. They are the experts for shielding the whistleblower from retaliation and intrusion by bosses and others. They know how to escalate the reports to top management and the board for a hearing and decision.
Compliance officers are also the subject matter experts or SMEs for compliance and ethics training for thousands of managers around the globe. That’s not an human resources function. After the board adopts the company’s code of ethics, it’s up to the compliance officers to be the SMEs for it, explaining and interpreting company ethics to prevent “lawful but awful” projects that violate the board’s directive on company ethics.
Lawyers have never been more important to their companies. Our world today is highly regulated and litigious. Lawyers tell senior executives whether the company has met its requirements under a statute. They protect the company from legal attacks when someone else says the company hasn’t met the requirements. They are always and ultimately preparing the company’s defense that might someday land before a federal judge, or the DOJ or SEC, or a civil jury.
Compliance officers aren’t SMEs for legal questions. Compliance officers take advice from the Legal Department, like they do from Audit or HR.
Compliance officers are executives, designing and operating a management tool known as the compliance program. They are responsible for identifying and deploying the resources needed to keep it running as designed. The Chief Compliance Officer is the executive who runs the compliance program and participates in C-suite management and the board’s informed oversight.
Within the compliance program there are many different roles for subject matter experts, all of which require different (but often related) professional and interpersonal skills.
The Compliance 2.0 structure — with compliance officers as the subject matter experts for each of its elements — identifies and controls two kinds of risks.
First, the risks from illegal actions, including prosecution, fines, and public scandal.
Second, but equally important — and often overlooked — are the risks of disrupting the company’s business by bad management, including lost profits, time wasted fixing the scandal instead of doing business, and loss of the public’s trust. Even if there were no risks of a prosecution for illegal actions, companies must have a compliance program for business reasons.
From past scandals, compliance officers know where risk comes from and what kind of element in the compliance program will stop it. As the company moves into new markets or products, compliance officers provide the ongoing risk assessment and then make recommendations and decisions about deploying resources based on identified risk. Compliance officers are the subject matter experts for educating the C-suite and the board about compliance risks, the compliance program, and real-time briefings about how well it’s functioning.
Finally, we need compliance officers, as well as business professionals and teachers, to describe Compliance 2.0 and the reasons behind it. We need to update our “lessons learned” so we all speak the same language to each other and to the media and the public about the roles of compliance officers.
None of these ideas will eliminate every problem compliance officers face. It’s a tough job and always will be. See, e.g., human nature. But if we keep Compliance 2.0 in mind, the future of the profession looks a lot more inviting.
Michael Scher is a senior editor of the FCPA Blog. He has over three decades of experience as a senior compliance officer and attorney for international transactions. He can be contacted here.