Q&A with Gerry Zack, Incoming CEO of SCCE
Today we are pleased to share an interview between CCI’s Founder, CEO and Publisher, Maurice Gilbert and incoming CEO of the Society of Corporate Compliance and Ethics (SCCE). Gerry Zack is a compliance and anti-fraud expert and author, specializing in the prevention, detection and investigation of fraud, noncompliance and corruption.
Maurice Gilbert: What motivated you to take your Global Forensic experiences and apply them to being the CEO of SCCE?
Gerry Zack: The forensic part of my background is what typically gets noticed first, but this position really encompasses experiences from so many stages in my career. Much of my exposure to compliance and ethics programs has stemmed from my investigative work, where I worked closely with compliance professionals from many different industries and on a global scale in connection with complex regulatory, fraud or corruption investigations, or in connection with designing and executing proactive compliance monitoring or auditing activities. But also in my background is experience in managing a global membership organization, service as a compliance officer, and involvement with training and certification programs. And all of these experiences will help me in my role here at SCCE. So it’s really exciting to be able to apply all of these areas that I enjoy in the context of helping a profession that I feel so passionate about.
MG: You are a fraud detection/prevention professional and investigator by background… this profile is prevalent in the consulting. Do you anticipate this role becoming more popular in corporate compliance departments?
GZ: Absolutely. Conducting effective investigations and following up with appropriate remediation are essential elements of a compliance and ethics program. If you look at the seven elements of a compliance program carefully, you realize that nobody enters this profession as an expert in all seven areas. We all bring strengths and weaknesses to the table and we need to continually improve in our weaker areas. There is more pressure than ever for compliance professionals to have a solid foundational understanding of the investigative process, and fraud investigation can be the most challenging. So I think we will continue to see people from more diverse backgrounds entering the compliance profession, including those who bring this expert knowledge of investigation to the table.
MG: What are some of the most significant issues CCOs currently face?
GZ: There are so many! The biggest might simply be the heighted expectation from regulators, not just in the U.S., but globally; for organizations to have a recognized and effective compliance function; and the punitive effect for those who don’t. But compliance professionals also often have an internal battle on their hands – a battle for recognition of their compliance programs and for independence. The concept of a compliance function that is independent from the general counsel’s office and that prevents, finds and fixes compliance issues is still a new concept for many organizations.
Also, for global companies, we are certainly seeing greater cross-border cooperation between enforcement agencies from different countries, adding a significant layer of complexity to compliance investigations. Then we have the dynamic nature of the issues that CCOs face. Some of that change has been gradual and in the works for many years, like the issues associated with privacy and data transfer. But they continue to evolve. Others are more sudden, like the realization that sexual harassment and abuse of minors are major issues that organizations need to proactively address. While neither of these issues is new, and it’s sad that it has taken so long for action to be taken, recent events have really pushed these two matters to the forefront. And CCOs can play a significant role in combatting both.
MG: What do you see as the greatest business risks facing companies today?
GZ: From a broad perspective, I would say it’s the accelerating pace of change. Whether it’s financial risks associated with the global economy or political and regulatory risks, companies are more prone to sudden and extreme fluctuations. On a more narrow level, two things stand out to me: technology and a changing workforce. With technology, as the saying goes, the pace of change has never been this rapid, but will never again be this slow. This presents significant risk, but also opportunity. The same can be said for managing a more generationally and culturally diverse workforce; it has its challenges, but it can also be a significant strength for an organization. Of course, every organization faces many other potentially significant business risks that vary based on industry, geographic location and other factors.
MG: What do you see as the greatest regulatory risks facing companies today?
GZ: I think a few of the most important regulatory risks stem from issues I’ve mentioned earlier, like data, privacy, etc. However, in addition, enforcement by government agencies is not always predictable, and this is caused by a number of understandable factors, like the fact that agencies have limited resources. And enforcement priorities are subject to change, sometimes sudden change, based on societal, political and other factors. So, not only are the laws and regulations changing, which presents its own challenge, but where and how the enforcement efforts will be deployed can change rapidly, increasing a risk area. And while existence of a compliance requirement should be the primary driver of our compliance efforts more so than whether a government agency is going to check on us, enforcement priorities are practical considerations in performing risk assessments.
MG: How might Chief Compliance Officers prepare to face these risks?
GZ: Through a devotion to continuing professional education and development through attending conferences and other delivery methods, networking with other compliance professionals and reading the latest developments. Compliance professionals need to stay on top of important developments using all of these methods. Even the best compliance professionals can get stale if they fail to continue staying current. By the way, when I mention networking, I don’t mean networking exclusively with professionals in the same industry. Some of the best ideas come from hearing what professionals in completely different industries are doing and adapting it for your own purposes. Risks are changing rapidly, and we have to use every resource to stay on top of things. And then, based on this information that CCOs gather, updating risk assessments on a regular basis to reflect the very dynamic nature of compliance risks.
MG: The SCCE has always been at the forefront in educating and credentialing compliance professionals throughout the world. Do you envision any new initiatives to further the growth of the compliance profession?
GZ: We are always examining how we can better serve our members and the profession as a whole. And the profession is growing both domestically and globally, which is reflected in our membership and programs. I’m still only a few months into my tenure, so I am still in the process of learning the inner workings of our operations and getting out to as many of our conferences and academies as possible to meet our members and see our programs in action. Ultimately this immersion will help me make good decisions aimed at making sure that SCCE and HCCA is the global leader for the compliance profession.
MG: Compliance departments are often asked to accomplish their work with limited resources… do you see this situation changing any time soon?
GZ: I wish I could answer “yes” to that question, but realistically I think compliance will continue to face the same challenge as other functions that don’t directly produce revenue. Generally speaking, we will continue to be asked to do our work with limited resources unless one of two things happen: organizations are forced by regulators to invest more heavily in compliance or compliance professionals demonstrate the value of preventing, detecting and fixing compliance problems. And there’s where we have both a challenge and an opportunity. Let’s face it: we are still a young profession in many respects, and we are by no means over the hump in terms of proving the importance and value of an effective and independent compliance function.
MG: What skills and/or experiences do you think compliance officers need to improve upon for their current jobs?
GZ: I think for this I’ll go back to a comment I made earlier about compliance not being a function that can be carried out in isolation. Compliance needs to be integrated with each and every other function in an organization. We can’t do it alone. Being visible organizational leaders and great communicators and developing strong relationships throughout the organization are all critical to the success of each of the seven elements of a compliance program.
Gerry Zack is the incoming CEO of the Society of Corporate Compliance and Ethics & Health Care Compliance Association, a position he assumed in November 2017 after more than 30 years of experience providing preventive, detective, and investigative services involving fraud, corruption, and diverse compliance matters. He has worked with businesses of all sizes and in many industries, nonprofit organizations, and government agencies globally. Prior to joining SCCE & HCCA, Gerry was in the Global Forensics practice of BDO. He founded his own fraud and compliance risk advisory and forensic accounting firm in 1990 and operated that practice for 20 years. Before that, he was an audit manager with an international accounting firm. Along the way, he served for two years as chief operating and compliance officer for an international scientific organization.
For two years, Mr. Zack was the author of “The ACFE Cookbook,” a column in Fraud Magazine devoted to financial statement fraud cases, and has authored three books on fraud: Financial Statement Fraud: Strategies for Detection and Investigation (2013), Fair Value Accounting Fraud: New Global Risks and Detection Techniques (2009), and Fraud and Abuse in Nonprofit Organizations: A Guide to Prevention and Detection (2003). He is also the principal author of the ACFE course “Uncovering Fraud with Financial and Ratio Analysis,” and he has contributed to several other ACFE course manuals. He is the author of numerous articles on fraud and compliance topics.
Gerry is a Certified Fraud Examiner (CFE), Certified Compliance and Ethics Professional (CCEP), Certified Public Accountant (CPA), Certified Internal Auditor (CIA), and he holds a Certificate in Risk Management Assurance (CRMA). He joined the faculty of the ACFE since 2006, and has conducted training in 17 countries. He is the 2009 recipient of the ACFE’s James Baker Speaker of the Year Award. He served a two-year term on the ACFE’s Board of Regents for 2014–2015, including service as Chair in 2015. Gerry can be contacted by email at gerry.zack@corporatecompliance.org.