Like any corporate leader, newly appointed chief compliance officers (CCOs) have a limited opportunity to set the tone and agenda for their tenure. Becoming the CCO is unlike taking the helm of other critical corporate functions—unique challenges loom on the very first day.
The CCO position has been exponentially magnified in importance in recent years because of corporate scandals and the concomitant erosion of public confidence in business. Modern programs must have teeth and be tailored to corporate risk profiles. The CCO role varies by company, and no one template exists to guide CCOs through the critical first tasks. Certain tactical best practices that CCOs may want to consider upon assuming the role include:
1. Identify corporate process owners
All new leaders must learn the business; the CCO should go one step further. CCOs need to determine who owns each function touching a compliance issue. The CCO must quickly identify and build partnerships with the process owners in order to leverage these relationships when needed.
2. Assess risk impact
Every CCO inherits some risk simply because risk is endemic to business. CCOs should help manage corporate risk by quickly identifying and measuring risks and assigning ratings. A successful risk assessment educates senior management on existing risks, opens a dialogue on corporate risk appetite and proposes solutions to mitigate the risks.
3. Measure existing controls
A CCO should review existing core compliance functions and determine established internal controls. Although part of this analysis takes place in the risk assessment, there are areas that may require a deeper dive. Existing controls should be benchmarked against leading practices and identified gaps addressed.
4. Identify red flags
New CCOs must be active listeners who identify red flags that arise during the course of conversations and reviews. That means asking questions early on and watching for triggers that may indicate a larger issue.
5. Communicate regularly
Employees must understand that the company's compliance program is more than a disclaimer on a label; it is integral to the way the company does business. A CCO's immediate task is to define the mechanisms by which that message will be routinely delivered and its content.
6. Set the tone
CCOs need to find ways to imbue business operatives with the sense that corporate leaders are devoted to the ethical principles they espouse. To achieve compliance program credibility, CCOs should help executives and managers demonstrate their commitment.
7. Formalize the training program
Compliance-related training should be institutionalized. The CCO should evaluate whether the company's training program is part of the corporate fabric, and if not, must make it so.
8. Ensure whistleblower reporting avenues exist
The CCO's immediate obligation is to ensure that the company has a credible whistleblower program, and if not, then to establish one.
9. Profit-centering compliance
CCOs need to incentivize employees and management by demonstrating the value-add of compliance. It's never too early to dangle the carrot along with wielding the proverbial stick.
10. Promote your commitment and accomplishments
In addition to championing compliance internally, the CCO should be the corporate compliance cheerleader in the marketplace. Show the world that the company has gone the extra mile to establish a leading corporate governance program. It is not enough just to do the right thing; others must be informed of your accomplishments.
No CCO can complete all of these recommended steps during the initial weeks on the job; however, these steps are important enough that CCOs should begin planning to take them the instant they’re offered the job.
Similar to the Herculean efforts required to clean the Augean stables, much is needed of CCOs to keep corporations compliant.