Are Compliance Officers Being Asked to Accomplish the Impossible?
Compliance officers are a confident bunch. Yes, they can worry like all the rest of us, but in the end, they have faith that they can accomplish their mission.
Forward thinking companies are recognizing the importance of empowering compliance officers and relying on their skills to build proactive compliance tools. Companies are increasingly relying on compliance officers to “fix” the company’s problems – sometimes this mission can be broadly defined and unfairly placed on the compliance officer’s list of responsibilities.
Sometimes problems can be far broader than “just compliance.” In trying to define the mission and establishing realistic expectations, a compliance officer should always look to the company’s governance structure and operations. Good corporate governance practices usually will lead to proper compliance boundaries and responsibilities.
In many industry sectors, compliance officers are now expected to carry out multiple responsibilities, including operational, legal, investigator, policeman/woman, economist, financier and even philosophers. Compliance officers have to be careful to avoid being charged with more than they can handle, and they have to preserve a realistic role and set of expectations for themselves in the company. .
A compliance officer can take his or her cues from the board of directors. If the board is forward thinking and has a compliance committee, the compliance officer will have support for a clear definition of functions; if the compliance program is mired in the workings of an overwhelmed audit committee which is focused on financial issues, the compliance officer is unlikely to get much help from the audit committee. A direct reporting line between the compliance officer and the board has to be included in this mix.
The compliance officer should conduct a continuous self-assessment: will he or she have independence, adequate resources and authority? If the compliance officer has doubts in any of these areas, he or she needs to speak up and remedy the situation as quickly as possible. To the extent needed, compliance officers must ensure they have access to adequate outside counsel and professionals, if appropriate.
Two key functions have to be in place: the compliance officer has to have (1) access to, and an understanding of, the company’s workings and strategy, and (2) a significant role in the review and development of business strategy (including the requirement that the compliance officer attend senior management and board meetings, hopefully as a co-equal senior manager).
The role and responsibilities of a compliance officer have to be carefully explained in advance to the company management. It is important to know what the compliance officer should be doing and what he or she should not be doing.
One critical responsibility which needs to be made clear is that the compliance officer has to establish programs to monitor all relevant corporate activities so that any potential violations are identified as early as possible. Stress tests, or transaction testing, should be an important piece of this function. Auditing of departments that certify to compliance should be a regular part of such monitoring operations.
Unfortunately, a compliance officer devotes more time to being a policeman/woman than a strategic business planner. Hopefully, as more resources are devoted to compliance functions, chief compliance officers can assume a larger role in the strategic business planning process.
Lawyers will continue to play a significant role in the life of the company. Compliance officers have to work hand-in-hand with lawyers. Compliance officers should not hand out legal advice but should implement or obtain legal advice to ensure business operations comply with the law.
In the end, compliance officers should not be the only corporate actors dedicated to ensuring compliance. In fact, each corporate function plays an indispensible role in the compliance function. The challenge is for the compliance officer to recognize his or her responsibilities and boundaries and feed into the compliance functions of other senior management functions such as human resources, operations, legal and financial.
I believe a lot of businesses and government entities have someone they call the Compliance officer and if this person is any good, then he/she realizes real quick that "compliance" is a vapor. Having primarily worked in various state departments in Alabama, I can honestly say that the various government and non-governmental agencies I have dealt with don't have a clue. True, compliance is on paper, but most of us go through the motions and more than anything we just try to stay out of trouble. We generally react to crisis rather than being prepared. Certainly, if management does not fully understand the dynamics of intentionally doing the right thing for the right reason as spelled out in policies, laws and regulatons, then how can they empower a compliance officer to do what he or she knows to do. And with reduced budgets and less training or no training at all, the plot only thickens. Generally, I do believe management does want to do the right thing, but I don't think most of the time they know how. Definitely, the solution to this problem lies at the feet of management and possibly an enlightened Board or CEO. But then I don't believe in fairy tales anymore either. So here I am, faced with an impossible mission, with a management that doesn't have a clue and skills I can't always use.
Just a voice crying in the widerness