How to Ensure Compliance When the CEO Will Not Listen
Life as a Chief Compliance Officer is not so easy. The job, as defined, means living with day-to-day risks, any one of which is significant enough to damage or even destroy the company for whom you work. CCOs learn to live with risk.
When a CCO has the backing of the board and the CEO, their job is relatively easier. That does not mean it is an easy job. To the contrary, every CCO has their challenges in their company to secure adequate resources, to gain the cooperation of other business components, and to persuade senior managers and employees that ethics and compliance is important to the company bottom line.
The inherent difficulty for the CCO is to demonstrate his or her importance to an organization by proving a negative – we have not had any serious law violations because of the existence of the company’s ethics and compliance program. That is a hard argument to make, but luckily it is intuitive and it naturally appeals to intelligent senior managers and a CEO.
My heart goes out to those CCOs who face a CEO who does not believe in a vibrant ethics and compliance program, does not want to slow down business operations by requiring compliance with critical internal controls, and who fundamentally sees compliance as a check-the-box type of program – something you must have but only with a wink and a nod.
Believe it or not, there are companies where the CEO is not entirely on board with elevating the compliance function. Despite all of the enforcement actions in the last five years, all the literature and advice to CEOs describing the importance of ethics and compliance, there are still are some CEOs who are unwilling to embrace ethics and compliance.
Do not get me wrong – these resistant CEOs know what they are doing but merely reflect a devotion to outmoded practices from the past. They embrace the ethics and compliance practices of companies thirty years ago and are unwilling to reshape their companies to move into the current world of ethics and compliance.
If you are the CCO in such a company, what should you do? It is too easy to say, look for another job. The question really boils down to whether or not the CCO can educate the company and bring the CEO along. Sure, if the government shows up and launches an investigation against the company, the CEO will get the message then. The real challenge is to bring the CEO and senior management along without waiting for the government to launch an enforcement action against the company.
The educational process may take a few years during which the CCO may have many sleepless nights. It is a multi-step process and begins, like many other educational tasks, by building alliances with compliance supporters. For example, it is likely that there are natural allies in the company within the internal audit, human resources, financial controller, legal, quality compliance, and other functions. It is always important to bring together these allies to develop a strong message of commitment to compliance.
Once you have your allies identified, it is critical to create a structural means to educate senior managers and the CEO by creating a compliance committee, which is chaired by the CCO but includes your allies as members and key business managers in the company. A compliance committee can play an important function – it creates a single, credible voice in favor of compliance initiatives, and it will be seen by the board as a potential resource and important management voice to discharge their oversight and monitoring obligations.
The compliance committee is stacked in the CCOs favor and the membership should be dominated by compliance believers who can persuade key business members of the committee of the importance of an ethics and compliance program. The business members should be carefully selected and should be individuals who have standing in the company and who are willing to provide candid advice to the CEO.
The compliance committee is a CCOs best friend in this situation because the CCOs message is transformed from cries by a lone wolf into candid advice from a committee of senior managers and professionals who speak with one voice. The CEO’s ability to ignore such advice is very difficult, especially when it comes from a committee with senior membership and credibility.
Excellent blog on the importance of building coalitions in creating a culture of compliance.