Embedding compliance in the BAU has led to many organizations introducing the role of Chief Compliance Officer (CCO), a Board-level appointment. This role’s purpose is to advise their Board peers on strategic implications of compliance, as well as lead, direct and influence the compliance effort in the business.

Financial service organizations have taken the lead in creating CCO roles, to address diverse compliance regimes including Basel III, Solvency II, MiFID II, CECL, IFRS 9, IFRS 17, SMCR, and many others. U.S. publicly listed companies, and those planning to list, have done the same to help abide by Sarbanes-Oxley (SOX) legislation. Other companies have to observe regulations related to Anti-Money Laundering (AML), Know Your Customer (KYC), and terrorist financing.

Industry-specific ISO standards are also key for many businesses. While there may not be the business justification for a dedicated CCO head in many of the businesses affected, the role and responsibilities of a CCO are being vested in a board member and their staff, typically in finance, risk, or operations.

There are several implications stemming from the introduction of the CCO role. Firstly, it moves the perception of compliance away from ‘no we can’t’, and much more towards ‘how can we?’. It also aligns compliance within an organization’s risk management framework, rather than as a separate administrative function. It places compliance firmly in an organization’s BAU, alongside other functions.

Secondly, it changes how organizations manage their compliance. A CCO needs an enterprise-wide perspective of compliance against multiple frameworks to assure compliance, but s/he also provides advice and direction to the business. Ad-hoc or departmental systems will need to be enhanced or replaced to provide effective policy and compliance management.

This approach will underpin the need for “compliance as BAU.”  It also provides scope for scale and efficiency savings, which help reduce the overhead of managing multiple compliance regimes.