No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

What is Compliance SME?

True Compliance Subject Matter Expertise is Earned in the Field

by Donna Boehme
April 11, 2019
in Compliance
silhouette of five businesspeople against digital display

Donna Boehme, the “Lion of Compliance” shares that true compliance SME is the first and most foundational element of a strong compliance program. An experienced CCO with true compliance SME earned in the field and in the profession understands on many levels the multidisciplinary nature of the work, the optimal way to educate and facilitate collaboration and what can realistically be achieved through each phase or cycle of a strong, effective compliance program that supports and is driven by a culture of ethical leadership.

In 2016, two researchers from the University of Michigan’s Stephen M. Ross School of Business published a report on their study “Why Don’t General Counsels Stop Corporate Crime?” The simple answer: “Because it’s not their job!”

This is precisely why true compliance subject matter expertise, earned in the field and with the profession successfully designing and managing compliance programs (“Compliance SME”), is the first and foundational element of the modern Compliance 2.0 model. The modern 2.0 model recognizes compliance as an independent profession, distinct from Legal, with the subject matter expertise (SME) needed by senior management to lead and advise its approach to the modern and existential issues of compliance, ethics, culture and reputation.

The modern Compliance 2.0 model takes the place of the failed Compliance 1.0 model that was based on a naïve and misinformed assumption by boards and CEOs that compliance should be structured as a captive subset of legal and thus driven solely by the legal mandate and mindset. That flawed model failed to accommodate the stark realities that compliance and ethics was emerging as a completely separate profession and SME from legal, with very different mandates, core competencies, practices and skill sets. At the same time, advocates for the in-house bar were sensing an opportunity to respond to the chaotic legal services market and claim the new role of Chief Compliance Officer for the legal field. Yet, in their zeal to claim the CCO role as nothing more than a “legal lieutenant” and a “process integrator,” these voices resulted in driving compliance into a flawed model destined to fail because it lacked true compliance SME and positioning to drive its distinct independent mandate.

Thus, the first generation of legal-driven compliance programs had in common two fatal threads:

  1. a profound absence of any actual compliance SME and
  2. a compliance program being managed through an often conflicting Legal mandate and mindset.

Some of these failed programs became notorious as examples of Compliance 1.0 “train wrecks,” including the General Motors delayed ignition switch recall, the VW extensive emissions software fraud and the Wells Fargo fake accounts and customer abuse schemes, to name a few.

Here’s a reminder of these three striking case studies that illustrate the need for a dedicated independent compliance mandate and SME:

  • General Motors: The legal-driven compliance program failed to detect the deadly ignition switch defect linked to at least 124 deaths, an oversight that resulted in a long-delayed recall during a period where legal took action to train employees never to use the “69 Naughty Words” — such as “rolling sarcophagus” — and preached a policy of no notetaking in certain meetings — while in house lawyers were “quietly settling cases” with plaintiffs.
  • VW: The labor law partner-turned-CCO designed and managed a compliance program that failed to surface warnings from two employees and a vendor to bring the enormous emissions cheating scandal to senior management for earlier resolution.
  • Wells Fargo: The cross-selling fiasco, where the long-embedded misconduct by managers and employees was obscured by a pattern of retaliation against employees who tried to report the misconduct to an internal “ethics line.”

A review of all the Compliance 1.0 train wrecks to date makes it clear that any board of directors or CEO that entrusts “bet the company” issues such as compliance, ethics, culture and reputation to an executive or manager lacking a demonstrated track record of true compliance SME is committing nothing short of management malpractice!

In fact, once those senior managers have been adequately educated about the substance of compliance and ethics as a new and distinct profession and SME from legal (as noted in the University of Michigan study discussed above), they must then comprehend the peril of appointing an executive with no demonstrated prior experience or SME to perform such a profoundly critical role! Even the average homeowner looking to hire a contractor to remodel their home understands the value of prior experience and results – and this common-sense concept is no different for topics as important and complex as compliance, ethics, culture and reputation.

When asked to demonstrate prior compliance experience or SME to an uneducated board or CEO, a law firm partner may offer work defending a matter in a particular risk area (i.e., FCPA) or working with government officials for a client, as would most law firm partners or ex-prosecutors. But such matters are miles away from actual experience in the trenches, designing and managing compliance and culture issues within an organization. Boards and CEOs should not  permit their important oversight duties to be superficially satisfied by a candidate intent on “name-dropping” specific laws on which they are the acclaimed authority or specific legal matters and government agencies with whom they have worked. None of those areas can replace true compliance SME earned in the field!

Instead, to more responsibly understand the breadth and depth of the candidate’s true compliance SME, the board or CEO might initiate a discussion on a few sample topics:

  • What are the various roles and responsibilities of managers from legal, HR, audit and the business units themselves (vis-à-vis compliance personnel) in supporting and facilitating a strong effective compliance program and ethical leadership culture?
  • What is the best plan for ensuring that internal investigations on potential misconduct will succeed in finding and remediating or preventing that misconduct before it is discovered by third parties (independent investigators, prosecutors, government agencies, the media or whistleblowers) and then be resolved on terms demanded by those third parties (i.e., large fines and civil penalties, criminal prosecutions, court-appointed monitor, etc.)?
  • How is the legal mandate different from that of compliance?

I have often advised new CCOs to remember that they are the compliance SME for the organization and that no compliance knowledge comes into their respective companies unless brought and diligently applied by them. Seasoned CCOs know that any compliance and ethics program is only as good as the individual managers who must own or manage parts of the program through their specific roles and responsibilities. This is the reason so many of the first generation of compliance programs failed to meet their goals, with spectacularly damaging results. The experienced CCO is not a lone ranger, cop or “legal lieutenant.” She is the seasoned compliance SME who understands on many levels the multidisciplinary nature of the work, the optimal way to educate and facilitate collaboration by the different managers supporting the program and what can realistically be achieved through each carefully managed phase or cycle of a strong, effective compliance program. This is the reason true compliance SME is the first and most foundational element of a strong compliance program that works to achieve management’s goals.

Boards of directors, CEOs and other corporate gatekeepers must do better!


Previous Post

Better Cyber Posture Requires IT Audits, but Depends on Data Monitoring

Next Post

The Bard and Compliance: Shakespeare’s Problem Plays

Donna Boehme

Donna Boehme

  Donna Boehme is an internationally recognized authority in the field of compliance and ethics, designing and managing compliance and ethics solutions for a wide spectrum of organizations. Founder and Principal of Compliance Strategists, a N.J.-based consulting firm, Boehme is the former chief compliance and ethics officer for two leading multinationals. She is a frequent speaker to business and professional groups, including as keynote speaker to Compliance Week Europe (Brussels), Ethics Practitioners Association of Canada (Ottawa), Society of Corporate Compliance and Ethics, International Financial Executives Leadership Forum (Montreal) and Network for Good Business Ethics and Non-Financial Reporting (Copenhagen).She has been invited to speak twice on international corporate compliance and ethics topics at the U.K. House of Lords. Boehme is also co-chair and co-founder of the RAND Compliance and Ethics Symposia series, an important vehicle of thought leadership for the profession.

Related Posts

parliament

Coming Soon to the UK: Sweeping Corporate Criminal Liability Reforms?

by Peters and Peters
March 28, 2023

UK legislators have proposed major amendments to the Economic Crime and Corporate Transparency Bill currently passing through Parliament. If adopted,...

wind turbines

What Companies Around the Globe Need to Know About EU Sustainability Reporting

by John Peiserich
March 28, 2023

By the beginning of next year, large companies in the EU or that do a substantive amount of business in...

amsterdam

At a Gathering of Compliance Practitioners, No Shortage of Food for Thought

by Mary Shirley
March 28, 2023

Last week, about 300 ethics and compliance professionals descended upon Amsterdam’s Hotel Okura to participate in SCCE’s European Compliance &...

documents

Meeting Accounting Standards in an Uncertain Economy

by Tom Zauli
March 28, 2023

After a Covid-related grace period, new contract accounting standards — ASC 606 — are in effect for both public and...

Next Post
The Bard and Compliance: Shakespeare’s Problem Plays

The Bard and Compliance: Shakespeare's Problem Plays

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT