Tuesday, January 26, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

What is Compliance SME?

True Compliance Subject Matter Expertise is Earned in the Field

by Donna Boehme
April 11, 2019
in Compliance
silhouette of five businesspeople against digital display

Donna Boehme, the “Lion of Compliance” shares that true compliance SME is the first and most foundational element of a strong compliance program. An experienced CCO with true compliance SME earned in the field and in the profession understands on many levels the multidisciplinary nature of the work, the optimal way to educate and facilitate collaboration and what can realistically be achieved through each phase or cycle of a strong, effective compliance program that supports and is driven by a culture of ethical leadership.

In 2016, two researchers from the University of Michigan’s Stephen M. Ross School of Business published a report on their study “Why Don’t General Counsels Stop Corporate Crime?” The simple answer: “Because it’s not their job!”

This is precisely why true compliance subject matter expertise, earned in the field and with the profession successfully designing and managing compliance programs (“Compliance SME”), is the first and foundational element of the modern Compliance 2.0 model. The modern 2.0 model recognizes compliance as an independent profession, distinct from Legal, with the subject matter expertise (SME) needed by senior management to lead and advise its approach to the modern and existential issues of compliance, ethics, culture and reputation.

The modern Compliance 2.0 model takes the place of the failed Compliance 1.0 model that was based on a naïve and misinformed assumption by boards and CEOs that compliance should be structured as a captive subset of legal and thus driven solely by the legal mandate and mindset. That flawed model failed to accommodate the stark realities that compliance and ethics was emerging as a completely separate profession and SME from legal, with very different mandates, core competencies, practices and skill sets. At the same time, advocates for the in-house bar were sensing an opportunity to respond to the chaotic legal services market and claim the new role of Chief Compliance Officer for the legal field. Yet, in their zeal to claim the CCO role as nothing more than a “legal lieutenant” and a “process integrator,” these voices resulted in driving compliance into a flawed model destined to fail because it lacked true compliance SME and positioning to drive its distinct independent mandate.

Thus, the first generation of legal-driven compliance programs had in common two fatal threads:

  1. a profound absence of any actual compliance SME and
  2. a compliance program being managed through an often conflicting Legal mandate and mindset.

Some of these failed programs became notorious as examples of Compliance 1.0 “train wrecks,” including the General Motors delayed ignition switch recall, the VW extensive emissions software fraud and the Wells Fargo fake accounts and customer abuse schemes, to name a few.

Here’s a reminder of these three striking case studies that illustrate the need for a dedicated independent compliance mandate and SME:

  • General Motors: The legal-driven compliance program failed to detect the deadly ignition switch defect linked to at least 124 deaths, an oversight that resulted in a long-delayed recall during a period where legal took action to train employees never to use the “69 Naughty Words” — such as “rolling sarcophagus” — and preached a policy of no notetaking in certain meetings — while in house lawyers were “quietly settling cases” with plaintiffs.
  • VW: The labor law partner-turned-CCO designed and managed a compliance program that failed to surface warnings from two employees and a vendor to bring the enormous emissions cheating scandal to senior management for earlier resolution.
  • Wells Fargo: The cross-selling fiasco, where the long-embedded misconduct by managers and employees was obscured by a pattern of retaliation against employees who tried to report the misconduct to an internal “ethics line.”

A review of all the Compliance 1.0 train wrecks to date makes it clear that any board of directors or CEO that entrusts “bet the company” issues such as compliance, ethics, culture and reputation to an executive or manager lacking a demonstrated track record of true compliance SME is committing nothing short of management malpractice!

In fact, once those senior managers have been adequately educated about the substance of compliance and ethics as a new and distinct profession and SME from legal (as noted in the University of Michigan study discussed above), they must then comprehend the peril of appointing an executive with no demonstrated prior experience or SME to perform such a profoundly critical role! Even the average homeowner looking to hire a contractor to remodel their home understands the value of prior experience and results – and this common-sense concept is no different for topics as important and complex as compliance, ethics, culture and reputation.

When asked to demonstrate prior compliance experience or SME to an uneducated board or CEO, a law firm partner may offer work defending a matter in a particular risk area (i.e., FCPA) or working with government officials for a client, as would most law firm partners or ex-prosecutors. But such matters are miles away from actual experience in the trenches, designing and managing compliance and culture issues within an organization. Boards and CEOs should not  permit their important oversight duties to be superficially satisfied by a candidate intent on “name-dropping” specific laws on which they are the acclaimed authority or specific legal matters and government agencies with whom they have worked. None of those areas can replace true compliance SME earned in the field!

Instead, to more responsibly understand the breadth and depth of the candidate’s true compliance SME, the board or CEO might initiate a discussion on a few sample topics:

  • What are the various roles and responsibilities of managers from legal, HR, audit and the business units themselves (vis-à-vis compliance personnel) in supporting and facilitating a strong effective compliance program and ethical leadership culture?
  • What is the best plan for ensuring that internal investigations on potential misconduct will succeed in finding and remediating or preventing that misconduct before it is discovered by third parties (independent investigators, prosecutors, government agencies, the media or whistleblowers) and then be resolved on terms demanded by those third parties (i.e., large fines and civil penalties, criminal prosecutions, court-appointed monitor, etc.)?
  • How is the legal mandate different from that of compliance?

I have often advised new CCOs to remember that they are the compliance SME for the organization and that no compliance knowledge comes into their respective companies unless brought and diligently applied by them. Seasoned CCOs know that any compliance and ethics program is only as good as the individual managers who must own or manage parts of the program through their specific roles and responsibilities. This is the reason so many of the first generation of compliance programs failed to meet their goals, with spectacularly damaging results. The experienced CCO is not a lone ranger, cop or “legal lieutenant.” She is the seasoned compliance SME who understands on many levels the multidisciplinary nature of the work, the optimal way to educate and facilitate collaboration by the different managers supporting the program and what can realistically be achieved through each carefully managed phase or cycle of a strong, effective compliance program. This is the reason true compliance SME is the first and most foundational element of a strong compliance program that works to achieve management’s goals.

Boards of directors, CEOs and other corporate gatekeepers must do better!


Previous Post

Better Cyber Posture Requires IT Audits, but Depends on Data Monitoring

Next Post

The Bard and Compliance: Shakespeare’s Problem Plays

Donna Boehme

  Donna Boehme is an internationally recognized authority in the field of compliance and ethics, designing and managing compliance and ethics solutions for a wide spectrum of organizations. Founder and Principal of Compliance Strategists, a N.J.-based consulting firm, Boehme is the former chief compliance and ethics officer for two leading multinationals. She is a frequent speaker to business and professional groups, including as keynote speaker to Compliance Week Europe (Brussels), Ethics Practitioners Association of Canada (Ottawa), Society of Corporate Compliance and Ethics, International Financial Executives Leadership Forum (Montreal) and Network for Good Business Ethics and Non-Financial Reporting (Copenhagen).She has been invited to speak twice on international corporate compliance and ethics topics at the U.K. House of Lords. Boehme is also co-chair and co-founder of the RAND Compliance and Ethics Symposia series, an important vehicle of thought leadership for the profession.

Related Posts

illustration of mafia man in silhouette with red tie

The Mafia’s Jackpot: How Criminal Organizations are Profiting from COVID-19

January 22, 2021
illustration of videoconference, screen and speech bubbles

New Risks as COVID-19 Forces Rapid Technology Adoption

January 21, 2021
hand showing three fingers on gray background

A Culture of Compliance: The 3 R’s

January 19, 2021
2021 with light bulb in place of zero on orange background

Why 2021 is a Fresh Start for Compliance Training

January 18, 2021
Next Post
The Bard and Compliance: Shakespeare’s Problem Plays

The Bard and Compliance: Shakespeare's Problem Plays

Access realtime data
Dynamic Risk Assessments with Workiva

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security internal audit KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights