Front Lines of Compliance: First Line of Defense
Chief Compliance Officers carry a lot of weight on their shoulders. Some days, I am sure, they have trouble getting up and soldiering on to tackle the next challenge.
As I always quip, no one congratulates the CCO on a job well done – instead, when something goes wrong, everyone looks to the CCO and asks, “What happened?”
Like every leader, CCOs are charged with the responsibility of directing, monitoring and preventing actions of others who are not under their immediate control (nor even observation). I know this sounds simplistic. One can easily argue that line managers are responsible for ensuring compliance and they are responsible to the CCO (indirectly at least), but that is too simplistic (and unrealistic) an answer to the question.
CCOs have to target the conduct of employees who are on the frontlines of risk interactions. Too often, CCOs and other practitioners in the ethics and compliance field ignore a basic and important reality – CCOs attempt to influence, persuade and control the actions of its employees during risky interactions with government officials, competitors, vendors/suppliers, and third parties, just to name a few.
The first line of defense for a company is in and around those risky interactions. If a company has a culture of compliance, the hope and theory is that the company employee involved in the risky interaction will avoid improper conduct and “do the right thing.”
In the event that the company’s culture has not permeated to the front line of defense, the company may have to rely on other lines of defense – a supervisor, an internal control, a colleague who may report the employee’s misconduct. These are all referred to as the “second line of defense.”
Going back to the “first line of defense,” companies have to devote more time and effort attending to the first line of defense. How do you do that?
A CCO has to be dogged and come up with as many ways to influence the individual employee in that risky situation. Whatever it takes to persuade that employee to conform, a CCO has to push an employee’s button — whether it is pride in the company and the culture, regular communications and compliance reminders, or more negative messages about company commitment to discipline, punishing wrongdoers, or even the threat of government criminal prosecution.
A CCO should stop at nothing to get the message across – we, as a company, do not bribe, engage in price-fixing, or commit any other legal or Code of Conduct violations, because we, as a company, are an ethical organization committed to doing the right thing.
It is a simple message but one that can be communicated in infinite ways. That is where a CCO needs to be effective – what is the best way to communicate and influence the conduct of company managers and employees.
Training is certainly one important opportunity but there are really so many ways that a company can communicate its expectations and its culture to ensure that it is embedded in the employee’s head. Compliance messaging depends on the combination of avenues and content used to communicate a simple but powerful message – the company is committed to ethical conduct, ethical business decisions, and ultimately ethical behavior.
A company has to make it clear to each employee on the front line – we are trusting you in this important interaction, and we require that you adhere to our values and our ethics when representing the company in the front line.