Tone-at-the-top says it all. Without the support of the CEO, a Chief Compliance Officer is limited in what he or she can accomplish. If there is no commitment from the CEO, a CCO can propose and possibly build great compliance systems, adopt state-of-the-art policies and procedures, and bring about a change in attitude within the compliance department. However, the CCO’s compliance program will be limited and hit a barrier to developing a exemplary compliance program.
A CCO needs the backing of the CEO and the tone to expand the CCO’s influence, to secure additional resources, to establish important alliances with key members of the C-Suite, and to elevate the performance and perception of the compliance function in the company.
The CEO’s commitment to compliance can be easily determined by asking the following twenty questions:
What are the values of your company?
How do your values related to your C&E program?
How are your values communicated through the company?
How is the Compliance and Ethics function structured and integrated into the company?
Does the CCO report to you and have the ability to directly report to the Board, in appropriate circumstances?
How often do you meet with and communicate with the CCO?
Is your CCO a member of the most senior C-Suite committee?
What role do you and other C-Suite executives play in the company’s compliance program?
What are the top 5 risks your company faces and how is each addressed?
Do you believe that the C&E function contributes to the overall bottom line of the company?
What steps do you take to establish a tone-at-the-top relating to the C&E function?
What steps do you take to measure how effective you and others are at establishing an effective tone-at-the-top?
What specific steps do you take to make sure the C&E program is being followed?
What specific resources, if any, do you intend to allocate to the C&E function in the next year?
What new initiatives do you see as important to the C&E function in the next five years?
What positive incentives does the company maintain to encourage and reward compliance and reporting of potential violations?
Is your company’s compliance program effective?
How often does your company conduct a risk assessment for significant threats to company?
What are the three biggest problems with the company’s C&E function?
How do you and the company plan to address these deficiencies?