1. Pushback from the general counsel.
A very entrenched general counsel is likely to have built up a strong reputation within their company as someone who is close with and sympathetic to the sales team. The nature of the compliance officer’s job means that from time to time they will need to conduct audits, reviews and investigations of conduct across the company, often focusing on the sales or procurement functions as they are where fraud and corrupt practices typically occur. General counsels may sometimes attempt to stop the compliance officer conducting these audits, reviews and investigations to avoid upsetting the sales and procurement teams. This situation becomes even more complicated when the compliance officer reports to the general counsel; if issues arise when the general counsel and compliance officer work together the working relationship that the general counsel has with the business can be compromised. Best practice is to have the compliance officer reporting to the audit committee, both under the CEO.
Many a compliance officer – or entire compliance department – has been derailed because they have not employed a team that is focused exclusively on investigations. Compliance investigations are complex and involve a unique set of skills. More importantly, investigations will involve the compliance officer’s business partners and the people that they work with every day. For the compliance department to be effective these relationships with business partners and colleagues must be protected. Investigations need to be done carefully and often by an independent team that is either part of the compliance function or external from the organisation.
3. Audit committee reporting.
One of the reasons why compliance officers fail is because companies do not put in place the correct lines for the officer to report to the vice president of finance or general counsel. This means the chief compliance officer lacks the seniority to raise issues in an impartial manner to the governance department of the company (i.e. the audit committee). Good practice has the chief compliance officer reporting to the audit committee without fear of retribution. In many companies, reporting to a committee is simply not possible from a human-resources perspective and systems perspective. In these situations it is recommended that the chief compliance officer report to the CEO as a reporting line structure; however, the compliance officer’s strategic initiatives should be reviewed by the audit committee so reporting to the CEO is for administrative purposes only.
4. Lack of seniority.
The chief compliance officer, although often an individual contributor or leading a very small team, should be regarded as a senior executive or an officer of the organisation. This would mean the chief compliance officer would hold a title of executive vice president or perhaps senior vice president. They should be of the same level in the organisation as the chief financial officer and the general counsel. Many companies appoint a chief compliance officer just to tick the box that they have one, but do not invest in the necessary tools to make the role effective. The position is regarded as too junior; the compliance officer is not considered by the business as an effective equal business partner and is not given the amount of decision-making authority that they need to affect a change across the organisation. The role of chief compliance officer must be senior enough to warrant people responding appropriately or affecting any changes that the officer requests.
5. Leadership pipeline.
It is uncommon for a compliance department to be as large as the finance or legal functions – the chief compliance officer is often an individual contributor, or, at the very best, leads a small team. Because compliance is such a small department it is often under-resourced and under-budgeted. The chief compliance officer is likely to be a level-one or level-two leader, as defined by Ram Charan in his book, The Leadership Pipeline (see page XX for more about the leadership pipeline). Being a level-one or -two leader but working on a management team with level-four leaders generally means that the compliance officer will be the only person on that management team that deals with people two or three levels below them in the chain. The fact that they are an individual contributor (or are leading a very small team) sometimes works against them because level-four leaders find it difficult to respect anyone who is from level one or level two. This in itself does not mean that the chief compliance officer will fail, but it does make things more difficult. Earning the respect of peer business leaders through doing other roles in the company before moving into the chief compliance officer function may be a good idea. Good practice might be to action an internal transfer from a sales, finance or marketing role to ensure that they have already built the respect before they move into the role of chief compliance officer.
6. Lack of business knowledge.
Chief compliance officer is a difficult role as it requires working in the upper layers of management and leadership of the company. As a result, a chief compliance officer is expected to have a vast array of skills in their functional expertise of law, finance, accounting, investigations and compliance. They are also expected to possess a heightened business acumen that is necessary to manage a company and effect and implement a compliance programme, sometimes in over 200 countries. It is rare than anyone will have such a comprehensive skillset and many people in executive management will look at compliance officers as lower-quality managers simply because they don’t have the business experience or acumen that is expected at a senior level of an organisation. This is often very difficult for a chief compliance officer to obtain because they usually come from the legal or finance functions of the company and have not been involved in managing a team at a sales or functional, non-functional level before. It is always beneficial for the chief compliance officer to have come from business teams where they’ve earned a level of respect and can understand the objectives of business and how to operate a business successfully. Combined with compliance, legal and finance skills, a greater and more effective compliance function can be realised. The key to being a successful chief compliance officer and not failing in that role is grasping the need to have that business acumen and providing value back to the business, not just in compliance, but in their business generally. After all, compliance goals need to be aligned with the strategic goals of the company if there is to be any chance of success.
7. Institutional awareness.
The bigger a company gets and the more it expands, the more likely it is that politics within the business will increase, and this may ultimately determine the success or failure of certain people. The alignment of people to a senior manager or CEO and their background, experiences, language or culture can play a significant part in whether they succeed in a role. Compliance officers – who are experts in core compliance skills – can sometimes miss the political alliances that exist in a business. The chief compliance officer needs to be aware of the politics surrounding them. Many fail because they are oblivious to the politics and get sidelined; essentially a form of “reverse bullying” from the business teams, particularly those that work outside in the emerging markets.
8. The CEO culture.
The culture of the CEO generally sets the culture for the organisation as a whole. If the CEO is someone of high integrity there is a greater chance that the chief compliance officer will be successful in their role. If a CEO is more aggressive in sales tactics, pushing the boundaries of compliance and integrity, then the chief compliance officer will find it very difficult to change an organisation. Of course, any CEO of a large company will never admit to anyone that they are lacking integrity or pushing the boundaries of compliance; however, a good review of a CEO’s background, experience and history may reveal weaknesses around integrity and ethics that might need to be considered before a role of compliance officer is accepted.
9. Lack of budget.
Many compliance officers are a team of one whose position has been created after an investigation or other form of regulatory review has highlighted that it is necessary for the company to have a compliance function. Too many compliance officers start at companies without reviewing the budgets or even asking if a compliance budget exists. Compliance should be like any other part of the company where there is a budget for operational expenses such as head count, bonuses and travel, but also a budget for engaging outside consultants, conducting reviews, and bringing in people to support the function. Just like human resources, finance, legal, tax, regulatory and other areas of the company, compliance will need to engage third parties, will need to have monitoring software, and will need to have the tools available to build a successful compliance function in the organisation. A company’s compliance budget tells a lot about the company and its stance of compliance. Before starting a new role in compliance a prospective candidate should check the compliance budget first – if there is no budget, if there is no proper documentation of the budget, or if the budget includes staff but no other costs then this role may not be the one for them.
10. Lack of clarity of role.
The word “compliance” can mean different things to different people. Compliance could mean tax compliance, Sarbanes Oxley compliance, anti-corruption compliance, anti-trust compliance, or may include corporate governance and company secretarial-type compliance. Many compliance officers fail because their role has not been properly defined. It is important for a chief compliance officer to understand precisely what is expected of them in their role by speaking to other people in similar positions or seeking professional advice.