The Future of Compliance – The New Proactive CCO (Part III of III)
The path of the compliance profession has been remarkable. Recently, I have seen a number of tweets and postings from compliance thought leaders touting the accomplishments of compliance and the transformation of the profession (e.g. Donna Boehme and Roy Snell). In particular, compliance thought leaders cite the increase of CCOs who report directly to the CEO and no longer report to the chief legal officer. This is an incredible accomplishment and reflects greater understanding of an independent and empowered CCO.
Given the new and empowered CCO, the next challenge for CCOs is to refocus their respective missions and begin to educate corporate leaders on the need to build compliance programs that are proactive rather than reactive. This is a critical change needed in the compliance profession.
The need for proactive compliance reflects the convergence of several important trends. In particular, I am referencing the focus of compliance on automation and data analytics. These important tools provide CCOs with a new and powerful capability to monitor a compliance program in real time. As new technology develops, CCOs are gaining a greater understanding of their compliance programs in real time – a compliance officer does not have to wait for retrospective audits and reviews to develop historical information from which they infer how their compliance program is operating.
With real-time monitoring of compliance functions, a CCO has to develop practices to identify potential risks and issues, and design intervention and remediation strategies in response to specific risks as they occur. This is an incredible challenge and one that appears overwhelming at first glance.
One important lesson I have learned through the years when it comes to compliance – change can never be rushed. A CCO that seeks to implement change quickly without giving adequate time for an organization to adapt and embrace is doomed to fail. I have seen too many CCOs that attempt to change a compliance program too quickly. To remediate a compliance program, CCOs usually have to develop 3 to 5-year plans.
With technology and data analytics, CCOs have a new responsibility. Even assuming they sit in the C-Suite, that they have adequate resources and are fully empowered, the CCO’s mission – to detect and prevent – potential violations is transforming into a time-sensitive and preventative mission. On this framework, CCOs have to develop a new focus on identifying red flags within their own system – indicators of potential problems before they occur.
As an example, assuming that a CCO has implemented a real-time ability to assess and monitor a company’s culture, through measurement of ongoing statistics and frequent, targeted surveys, a CCO may define certain thresholds that trigger specific remedial steps and interventions.
The re-focus of a CCO is the natural outgrowth of the profession’s accomplishments. With the advent of new technologies, CCOs have to embrace change, and transform their subject-matter-expertise to incorporate specific skills and mindsets needed to bring about more effective performance.
The two key drivers of compliance success continue to be – first, senior management buy-in and support and second, automation and new technologies. Compliance has never been a profession that stands still – it is evolving as the capabilities of corporations change. It would be foolish to cling to old ways of doing things in the face of new and cost-effective technologies.