Chief Compliance Officers are basically optimists. In the face of a mountain of worst case scenarios (typically referred to as “risks”), CCOs keep smiling and work incredibly hard. They are “religious” zealots in business clothing. CCOs indoctrinate their staff to fight the same cause and they spread the word on the importance of ethics and compliance.
The perception of CCOs is far different. Management and employees often view CCOs and their staff as “law” enforcers or “sheriffs.” If that is the perception, the CCOs have an important task – to change this perception and turn into important business partners.
CCOs are often challenged to make the business case for compliance. It should be an easy argument – an integrated approach to risk and compliance directly translates into bottom-line increases in profits. In this context, it is a mistake to argue that legal and regulatory requirements dictate that a compliance program follow certain policies and procedures, or else the company will suffer big fines and reputational damage. A singular focus on negative consequences is a limited (albeit partially effective) message.
There are significant operational advantages to integrating governance, risk and compliance issue – namely that effective compliance is good for business. What do I mean by this? A CCO has unique visibility of an entire organization. CCOs have to become familiar with all of the business operations. They have a view of the company that few others in the C-Suite have. And they can provide important insights into the governance, risk and compliance mix.
CCOs often report to the Board on common metrics of compliance program effectiveness – number of complaints, risk assessments, audit reviews and disciplinary actions taken. There are other important operations that CCOs can identify, including a lack of oversight, organizational silos, wasted resources and information, lack of data integrity. CCOs can then assist in identifying effective oversight programs, integrated risk and control policies, quality data and information, resource and personnel improvements, and streamlined business processes.
CCOs can bring about a good marriage of compliance and operational goals. With a fundamental understanding of the business operations, CCOs can make valuable contributions to key business decisions relating to organizing people, process and technology, and projecting future benefits and costs from key business decisions. CCOs can make the case that strong risk and compliance processes can increase revenues, reputation and brand protection, customer attraction and retention, improve workforce performance and asset protection.
To transform CCOs into effective business partners requires one significant change – CCOs have to be elevated to the C-Suite. This is occurring more frequently but companies still have a long way to go. Assuming they have a seat at the table, CCOs can advance the importance of the compliance function by communicating ways in which governance, risk and compliance management can improve the bottom line for everyone.