Until now, compliance officers have stayed mostly under the government radar. They aren’t regulated or licensed, tested or monitored. Will that change? And if so, what might the next stage of life look like for the compliance profession?
I’m going to talk mainly from a U.S. perspective because right now, that’s where I’m sitting. That doesn’t mean I think the United States is the only country that’s important to the discussion, or that another country won’t take the lead in regulating compliance officers. The next big change might come from the UK, or somewhere in Europe, Latin America, Africa, or Asia. That’s part of the excitement.
What is a regulated profession? I like the EU definition: A profession is said to be regulated when access and exercise is subject to the possession of a specific professional qualification.
With that in mind, let’s look at reasons why “compliance officer” might become a regulated profession.
An expansive view of regulatory authority. In nearly every U.S. state today, an architect who also cuts hair at a local barbershop and moonlights as a milk sampler (for real) is a regulated professional three times over. More than 50 job categories in the United States are subject to some direct government oversight, and about 25 percent of all jobs in the country require some form of licensing.
How do local governments and federal agencies determine which jobs to regulate? One way is by how much damage can result if the job is botched. As FCPA Blog readers know, the destruction can radiate out from the company to the stakeholders and far beyond when compliance goes wrong.
Regulators notice what’s important. The rise of the compliance officer isn’t just hype. There’s hard evidence for it. Here are three examples.
First, annual reports filed with the SEC during the past year included nearly 1,000 mentions of “compliance officer” and about 650 mentions of “chief compliance officer.” That’s not too far behind “general counsel” with around 2,800 mentions, and “internal audit,” with just over 1,900 mentions. “Compliance program,” incidentally, appeared about 1,650 times in the annual reports.
Second, the average base pay for chief compliance officers has reached nearly $150,000, according to Glassdoor. Many CCOs are now making between $250,000 and $500,000 in base pay, and up to $450,000 in additional compensation.
Third, corporate risk is expanding. A spreading web of anti-corruption laws, AML rules, and complex trade regulations have spurred aggressive enforcement, expanded director and officer liabilities, a flood of shareholder suits, more bet-the-company civil litigation. . . . Quick, call the compliance department.
Enforcement first, then regulation? I said at the outset that compliance officers have stayed mostly under the government radar. Why mostly? Because compliance officers have already been targeted by the DOJ and SEC, the New York Department of Financial Services, FinCEN (part of the U.S. Treasury Department), and the UK’s Financial Conduct Authority, among others. Is enforcement pressure a forerunner of oversight and regulation? Probably. A regulated profession is easier to . . . regulate. Court action isn’t necessary and jurisdiction isn’t an issue. The regulator simply prohibits “access and exercise,” as the EU puts it.
Lessons from history. American lawyers, for historical reasons dating to colonial times, are licensed at the state level. They’re required to be members of their state bars and are subject to discipline by those organizations, up to permanent disbarment. Some federal agencies also ban lawyers from practicing before them because of misconduct.
What about accountants? Exams for CPAs started in New York state in 1896, and by 1917 all the states had their own versions. Standardization came during the 1950s, with one exam for membership in the national organization that became AICPA (the American Institute of Certified Public Accountants). Today the SEC and other regulators also regularly prohibit accountants from practicing before them because of negligence or wrongdoing.
The future? Compliance officers generally have a smaller impact at the state level and more at the federal level. So state regulation seems unlikely, except perhaps in New York, because of the financial industry. But like AICPA for accountants, could a national membership group for compliance officers become a regulator? Could a voluntary group morph into a mandatory body that certifies and polices members? That also sounds similar to FINRA (the Financial Industry Regulatory Authority). It’s a private corporation, independent but overseen by the SEC, that regulates and disciplines Wall Street brokers and dealers.
Nobody has a crystal ball. But we should probably be asking not if “compliance officer” will become a regulated profession, but when.
7 Comments
Richard, I am based in the UK and The FCA does not require that Compliance Officers are “regulated” but they have to be approved by the FCA to what is called a “Senior Management Function” (SMF). To become an SMF 16 (Compliance Officer) a lengthy application has to be made demonstrating that person has the knowledge, skill and experience to fulfil that role. It would be unusual for that person to not have at least a recognised degree (law, finance, economics, accounting etc.) and have held senior managerial positions in their field previously so definitely a professional in the field of compliance.
Richard, Compliance Officers in Mexico are now regulated for the financial industy. In order to get certified it is mandatory to approve an exam imposed by the National Banking and securities Commission.
In the near future it is expected that DNFBPs in Mexico will need to have a certified compliance officer but the certification will be extended by the Mexican Tax Authority.
US regulated broker dealers are ahead of the curve on this. FINRA (and before FINRA there was NYSE and NASD) has long mandated that compliance supervisors be licensed/certified. Other financial services can look to broker dealers for an idea of what the future holds, just as what happened with KYC mandates.
Greetings from the other side of the pond. These days the epicentre of financial compliance issues.
There are some things done really well in compliance within the financial sector. In Europé, EBA (European Banking Authority) recommendations are translated into law by EU Member States under a “do or explain” responsibility on the member states. Looking at EBA Guideline 44 you will find that the control functions; risk management, compliance management and internal audit, along with management and board’s has their responsibilities well defined. Upon implementation of this guideline in EU member states then also regulated. For financial institutions subject to oversight, this means that these control functions are not just regulated but also subject to supervision and auditing and reporting to supervisory authorities. This can include that hiring heads of these functions needs to be registered, or even approved, by the regulator and they cannot be fired without notification to the regulator.
I’ve been in the compliance field both outside and inside the financial industry and if i could do one thing differently from my pre-financial days, it would have been to pay more attention to the governance around compliance in the financial industry. The compliance issues in the financial sector are complex and and regulation has a good stake in it. The governance and compliance management found in GL 44, and its local implementations, is not part of this problem. It’s the result of tested and tried best practices and thinking along the same lines as here. A model that, in my view, should be applied outside the financial sector along with a better understanding of the three lines of defence.
https://eba.europa.eu/sites/default/documents/files/documents/10180/103861/e03ae4b3-1059-4d2a-a5ff-35a287f8c850/EBA-BS-2011-116-final-EBA-Guidelines-on-Internal-Governance-%282%29_1.pdf?retry=1
Most compliance professionals probably don’t go “let’s hear how to do compliance from the financial sector!” these days. If it were old me though, I’d loved if someone had given me this and some time over a coffee ten years ago.
Interesting – any thoughts as to what we might expect to see with regards to educational prerequisites -like for a CPA? What is precedent when a role like this becomes a licensed professional? Would existing professionals have an opportunity to be licensed if they are short of certain prerequisites yet have certain experience logged? Would we expect just one person at the company need licensing, or anyone performing certain types of tasks? What would this mean for the already narrow talent field in compliance?
Importan article. The key is following the best standard and be clear in all review that we do. Thanks
Being a lawyer, compliance officer since 2005 in different companies, industries and countries, and a CFE, I think it is a very good idea to have some kind of oversight on the profession. As a CFE I must earn 25 credits every year to keep my certification active. Since all of us are mostly learning on the job, a mandatory exam (or other way of earning credits) would be a great opportunity to refresh our knowledge and learn new things.
Comments are closed for this article!