Bringing a Compliance Program to Life: Connecting the Dots
A compliance program is an interdependent function that gains exponentially from coordination and cooperation with key functions. CCOs have to be politicians and they have to develop effective interpersonal skills. Without an ability to connect with other individuals in a company, a compliance program will suffer some real and substantial difficulties.
Compliance officers have to develop a target list of coordinators and cooperators. A CCO should look at the overall compliance program priorities and ask two important questions:
- What is the priority of the proposed project?
- Who else has an important stake or role in this project?
In many cases, CCOs have natural partners that are interested in the project. For example, a CCO who needs to enhance the company’s internal investigation function will usually bring the legal and human resource functions to the table to discuss how to improve the company’s internal investigations. Naturally, there are other stakeholders who will be “interested” in this project but legal and human resources have significant stakes in such a project and, for that reason, may be willing to devote resources to assist in the project.
As another example, a CCO may want to build a strong invoice to payment process for vendors and third parties in order to mitigate potential fraud and corruption risks. I would not expect the CCO to play the lead role in such a project, but I would expect that compliance would work closely with procurement and accounts payable to coordinate the process and develop new strategies for this important function.
One final example – some companies have robust security functions that have access to intelligence and other databases. As a result, a security office may be an important partner for compliance in conducting due diligence reviews of potential third parties, vendors and suppliers. In addition, security officers sometimes have law enforcement contacts that may be valuable in certain circumstances. As a result, I have observed coordination between compliance and security functions to advance due diligence operations.
My overall point is that CCOs have to develop priorities and projects with active outreach and assistance from natural partners. Key stakeholders need to be enlisted to join the effort, contribute time and resources, and ultimately build successful strategies that are win-wins for everyone involved.
This is the true meaning of “operationalizing” a compliance program. A compliance staff can never operationalize a compliance program on its own; its success depends on the “kindness of strangers” and the ability of the CCO and others to work as a team for the common good of the organization.
CCOs have to approach their responsibilities with these key considerations in mind. A CCO who “goes it alone” will never succeed beyond his or her so-called accomplishments. In the end, a CCO is only as good as his or her internal compliance team, and the ability of the compliance function to enlist the support of others from senior leadership to key functions.
One thing is clear that a compliance program will never satisfy any operationalizing standard without the CCO building strategic alliances with interested functions. CCOs have to live by the motto that the sum of a compliance program is more than the sum of individual functions.