The New Role of the CCO: Good News and Bad News

This article was republished with permission from Michael Volkov’s blog, Corruption, Crime & Compliance.

There is no question that the compliance profession is on the rise. My colleague, Donna Boehme and I, frequently advocate on behalf of the compliance profession. See here for our latest – 4 Steps Every Board of Directors Should Take Toward Compliance.

With the rise of the CCO in corporate governance circles, there are adjustments that have to be made in other areas. What do I mean by this?

First, the Board of Directors has to expand its oversight and supervision obligations to effectively monitor the corporate ethics and compliance program. This requires some creativity and learning on the part of the Board members. No longer can they just look to the General Counsel for reassurance on compliance with the law. The ethics and compliance program requires much more robust knowledge and understanding of how compliance programs should operate. In my view, every Board needs a former compliance professional as a Board member.

Second, the General Counsel, Internal Auditor, Procurement and Human Resources all have to integrate with the compliance function. It is an adjustment, but not a very hard one. If egos get in the way, they need to be readjusted and pride relegated to a commitment to the organization’s compliance program. It is not too much to ask for professionals to work together and put aside their respective egos for the greater good. But you would be surprised.

A recent survey conducted by Compliance Week and Deloitte (here) confirmed the good news for the compliance officers: nearly 60 percent now report directly to the CEO and also are part of the executive management team. That is terrific. One way to demonstrate the importance of compliance is to elevate the CCO and empower them to do their jobs. Companies that follow this course have a greater chance of success. Companies that stick to the old model of compliance are less likely to succeed. This is the new reality for compliance programs.

The survey identified a new challenge for the compliance profession: only one-third of the compliance officers are viewed as a business partner within the organization. That is the next number to focus on – it is one that has to change.

CCOs have to become a part of the business team by building effective working relationships with business partners, not by telling everyone what they can or cannot do, but by finding solutions to ensure that business partners are successful.

A leader in the compliance field, Dan Chapman, from Cameron International in Houston, frequently refers to this as looking for “win-wins.” As Dan explains, the CCO has to build credibility by identifying those situations where they can help business partners and further the compliance mission at the same time.

A perfect example of this strategy is in the risk management of third parties. As a company builds a due diligence system, the CCO has to identify its third parties and supply chain vendors/suppliers. On doing so, they inevitably discover third parties that are no longer effective or necessary or that are duplicative of other third parties. The CCO and business partners share a common interest in identifying third parties that are useful to the company and trimming the relationships to only those necessary for the company.

Building a strong relationship with business partners means finding a way to make the business work while mitigating risks. It does not mean saying no, but finding solutions. The easier this process is conducted, the better for the CCO and the company. Risk planning is an important function and should not just be relegated to following the business’ every whim and cleaning up the risk mess left behind. It means planning from the beginning and modifying business plans where necessary with a keen eye towards efficiency so that business opportunities can continue while risks are addressed.