Corporate Compliance Insights’ Founder and CEO, Maurice Gilbert, had the opportunity recently to chat with Chris Caldwell, President and CEO of LockPath, a company that’s fast becoming a leader in the GRC and information security markets. Chris offers his perspective on the challenges compliance professionals face currently, as well as some of the greatest risks threatening today’s businesses.
Maurice Gilbert: What are some of the significant issues facing CCOs, Risk Managers, etc.?
Chris Caldwell: There are many issues facing risk and compliance professionals today, but there are three that come to mind:
- The regulatory landscape is shifting. More and more regulations are being introduced and what were historically seen as best practices are now requirements.
- Cyber attacks are becoming more prevalent, with attack techniques evolving at a rapid pace, and organizations struggling to maintain pace. As a result, risk management and compliance are becoming a higher priority within organizations, and the responsible teams are often tasked with doing more with minimal resources.
- Regulatory enforcement fines are becoming harsher, so being recognized as non-compliant and/or having a major data breach has the potential to be detrimental to the business.
MG: How do you see the CCO role evolving within the next three years?
CC: The CCO will become more recognized and respected across businesses. Today, only select industries see it as key to business success. As more industries view compliance as a business priority, the CCO must become more strategic in his or her approach. The CCO will also be forced to ensure those processes and controls that are designed to meet regulatory requirements are transparent. That will allow the organization to comply with the guidelines while remaining focused on achieving strategic goals and initiatives.
MG: What do you see as the greatest business risks facing companies today?
CC: One of the greatest risks is market volatility. Given this is an election year, the current list of candidates is driving concern for the future. How will the new administration impact the economy and international relations?
Another is business disruption. Given the weather issues we’ve experienced over the past few years (in terms of major disasters) and the cybersecurity issues – will either result in significant interruptions?
MG: What do you see as the greatest regulatory risks facing companies today?
CC: There are a variety of overlapping guidelines a company is forced to comply with. Companies need to create a comprehensive program to assess the various requirements and make decisions on how best to meet them in an efficient and effective manner.
Another risk is not being proactive in compliance efforts. Companies have become complacent with compliance by doing the minimum required to meet the spirit of the law. This is what we call “check-box compliance” — they meet the requirements, but do not really understand the broader scope of the rules. Compliance programs do not mature and, over time, this poses a significant amount of risk to the organization.
MG: How might Chief Compliance Officers, Chief Audit Officers and Chief Risk Officers prepare to face these risks?
CC: They need to work together to create that comprehensive program mentioned above. Regulatory compliance is no longer a one-department concern – it is an organization-wide effort. Looking at compliance from a risk and audit perspective will help to move away from a siloed approach to a more proactive, and ultimately more effective, program.
MG: How does your company help its clients mitigate risk?
CC: We provide our customers with the tools to assess risks up front and identify trends across their organization. This allows them to take a deeper look into their risk posture and understand how each risk affects the business as a whole. In turn, they can better prioritize their risks, make more informed business decisions and have the data readily available to support those decisions. We also help them create efficiencies within their risk management and compliance program, find ways to streamline processes and interconnect their risk and compliance data to calculate the full impact of a risk or a noncompliance activity. These efficiencies, coupled with the increased visibility into their risk posture, help to increase the effectiveness of their programs.
Software industry veteran Chris Caldwell serves as the President and CEO of LockPath and leads the corporate direction and product vision. He leverages his experience serving as the Vice President of Products and Marketing for GRC provider Archer Technologies, which was acquired by RSA, the security division of EMC, in 2010. Caldwell was also the President and COO of PPM Information Solutions, where he transformed the health care software company into a market-leading provider of practice management products and services. As a partner for the interactive firm, VML, Inc., he developed innovative software products and services, such as Seer™, which positioned the organization to be acquired by media conglomerate WPP in 2001.