Compliance officers are experts at spotting red flags. They can discern potential FCPA violations from the other side of the world. But what about red flags closer to home — those that might impact a compliance professional’s career? What are the tell-tale signs that saying no to a job might be the smart move?
I’ve picked some red flags for job-hunting compliance professionals, or those being head-hunted. One or more red flags may not sway a decision. On the other hand, an eyes-open approach is always best.
Here’s my list (for today):
Red Flag #1: Part of management. Compliance isn’t a business line or even another staff group. It’s separate. The DOJ made that clear in its “Evaluation of Corporate Compliance Programs.” It expects those responsible for compliance to have “sufficient autonomy from management, such as direct access to the board of directors or the board’s audit committee.” Anything else falls short.
Red Flag #2: Working alone. During presentations or training sessions, do compliance officers appear with others from management and the business lines? That shoulder-to-shoulder image says: “Compliance is part of this company.” Conversely, compliance officers always working alone look like corporate orphans. Even now (especially now), with new WFH patterns and constant virtual meetings and events, compliance officers should be “sharing the screen” with managers and others.
Red Flag #3: Revolving compliance door. Are jobs vacant because incumbents made unscheduled and hasty departures? When companies abruptly lose key compliance personnel, something could be wrong. Not always, but it’s a red flag nonetheless and should trigger some enhanced due diligence.
Red Flag #4: Pulling the purse strings. Does the compliance group have a budget of its own, approved at least a year in advance? Or, does compliance have to ask (or beg) someone outside the department to approve routine expenditures? To find out, ask a compliance officer: “So if you need forensic help or want to spend some training money, how does that work?” You’ll likely get an honest answer.
Red Flag #5: Diluted by organizational structure. It sounds smart when executives say they’re pushing compliance out to the field, where it can be closer to potential problems. They say a diffused compliance function means more labor, less management, and therefore greater efficiencies. Well, not always. Unless managed carefully, scattering compliance officers can dilute the group’s identity, blur reporting lines, and weaken individual loyalties.
Red Flag #6: The pay is too low. There are times when we need a paycheck, any paycheck. Even then, however, joining an underpaid compliance group may be unwise. In a corporate setting, low pay can equate to low esteem within the group and across the rest of the organization. Corporate law departments have been learning that lesson for decades. When in-house lawyers are chronically underpaid and feel unappreciated, they sometimes grumble about the company getting what it pays for, and having the law department it deserves. Those aren’t healthy sentiments coming from in-house lawyers or compliance officers.
Red Flag #7: The pay is too high. As corporate gatekeepers, compliance officers need autonomy (see Red Flag #1 above). So when they’re offered compensation way above the going rate (it happens more often than you think), that’s a red flag. Overpaid compliance officers are likely to be asked to do things they don’t want to do, or not do things they’re supposed to do. And going along may seem like the only option.
6 Comments
So right, Richard. May I add another? Board support. I was once contacted by a headhunter about a CCO role for a “new” company. I knew it was a Russian company that had moved its HQ and changed its name. I asked if the board was truly supportive of having a CCO and was told that convincing the board would be my first task. No, thank you.
Great insight Sally. I will make sure to ask that question in future!
I would add another point: Look at the JD and make up of the team whether the company really gets compliance or whether they see this as a purely defensive legal/ litigation role. I was asked at a relative new company whether I had direct experience of FCPA investigations. They were not under investigation at the time, but it said a lot about what they thought the priority of compliance was.
I would add this thought to point 3 – look at how long compliance team members have stayed in the team historically. Is compliance a short staging post for other roles in the organisation? Have a succession of staff left in less than 2-3 years (roughly the time it takes beyond which you own any compliance failings)?
Another screaming red flag? When management “promotes” you to a more senior level compliance job without you asking for it.
Excellent insights!
I cross over several related areas of oversight in my role Some of these same concerns apply to Quality & Risk Management, as well as Accreditation & Licensing. Very few employers want to give direct access to the Board or allow much autonomy in these healthcare arenas. Unfortunately, this results in the current state of affairs at many hospitals and ambulatory settings. It seems more about ‘gaming’ the oversight system, than being ethical and honest. I am a ‘team player,’ but not in the typical sense of overlooking what needs corrective action or fudging reported statistics.
Totally agree Richard. Another “tell tale” sign is when you are part of the Management Team, yet excluded from business critical strategy meetings. Or even worse, when your boss plays “politics” and pushes all the hard decisions / investigative actions down to you to “attend to” so that they can pretend to be divorced from the issue and / or terribly busy.
Comments are closed for this article!