For professionals looking forward to joining the compliance world, being prepared and knowing what you are stepping into is important. Asia Quality Focus’ Vicky Yu discusses her experience starting out in compliance and what could have made the transit easier.
In early 2019, I accepted a new position in my current company to move from the client support team to a position involving compliance. The opportunity came up when the company needed to implement a new anti-corruption policy. Looking back, I was not well-prepared for the compliance world and had little idea what it would be like. It has been a challenging journey for the past several months, and I am grateful for people who have been supporting and helping me along the way. In this article, I’d like to share three things I wished I knew before joining the compliance profession.
1. Knowing What Compliance Does (and What it Doesn’t)
The compliance position I took on hadn’t existed in the company before. When I got the offer, I wasn’t very clear about what I was going to do other than implementing the anti-corruption policy. That all went well; the initial anti-corruption training was conducted by an external lawyer, and I conducted the following internal training. There were clear guidelines on what was to be done, and I was good at making things happen.
However, the longer I work in compliance, the more I realize that the profession goes far beyond implementing policies. When my compliance friends asked me about how we do due diligence checks, that was the first time I knew that third-party due diligence was part of compliance.
When the marketing team was talking about the marketing plan under GDPR, I marked in my notebook that our marketing plan needed to meet all the local regulations. When my boss raised concerns to me about compliance issues in collecting payments in a southeast Asian country, my first reaction was that he was addressing the wrong person – it should be the accounting team. I have done a lot of learning on how some topics that seemed to be completely unrelated are connected in compliance.
When I read the Compliance Officer Decision Tree in the book “How to Be a Wildly Effective Compliance Officer” by Kristy Grant-Hart, I found the lighthouse after drifting in the sea. It shows how and when a compliance officer gets involved in the business process. I have also showed it to my colleagues and boss when they were unsure if they should discuss certain topics with me. This book has been life changing for me, and my company’s compliance function has reaped the benefit.
2. Be Very Familiar with the Policies
That is, the employee handbook, the code of conduct, etc. When we join a new company, the first thing we learn in orientation is the organization’s mission or values. HR distributes a lot of documents, like the code of conduct, employee handbooks, office policies, confidential policies, etc., to read in the first one or two days. But nobody pays attention to every line in these policies until something happens.
I have never realized how much I would need to refer to these policies until I became a compliance officer myself, when a staff member called me to ask what to do in a situation involving a meal, when the external legal counsel needed to know the internal policy respective to office staff and field staff, or when my boss sent me an email asking about an internal violation of a policy.
Ideally, every department head should be very familiar with those policies for their team; what makes this difficult, however, is the overlap between policies. For example, we have ethical terms in both code of conduct and anti-corruption policy, confidential terms in both code of conduct and confidential policy and attendance terms in both employee handbooks and internal violation policy. Therefore, most of the staff relies on the compliance officer to know where to find the right policy and to give clear instruction.
In any case, it is always better to refer to every policy related instead of just one of them. On numerous occasions, I have been asked about various policies and had to take the inefficient approach of search each policy while the inquiring employee waited. Now, I am not saying that compliance officer needs to memorize all the polices; this is entirely impractical. But the compliance officer should have a sound grasp on the organization’s various policies to be thoroughly prepared.
Being familiar with policies makes me more comfortable and confident in meetings, as well; I can easily refer to specific terms and clauses – a real boon, considering that the compliance officer is sometimes unsurprisingly considered the “police” of the company and a key partner in responding to emergencies.
3. Be Prepared for Challenges
Every job has its own challenges, and the role of compliance officer is no exception. Though compliance is meant to support business activities, most of the staff members consider compliance as extra work – best to be avoided.
When the new anti-corruption policy was released, companywide training was planned. (Ideally, the first training would be in person to give a good impression and achieve the best effect.)
The finance department had concerns over the training budget for the transportation, accommodations and training venue; HR had concerns over scheduling, as we had staff members all over China; operations had concerns over the impact it would have on daily operations, as the company would not be working normally on training day. All these concerns need to be addressed individually, with discussions between the department head and me, and when people were not actively following up, I needed to “push.” The process was so long that everyone started to wonder whether it was necessary to have training like this: “Why can’t we just send out the policy for everyone to read and respond with questions?”
This is one example of the challenges I have faced on the compliance journey. Others included implementing due diligence processes, employee surveys, etc. In my previous position in business, things were much easier because everything was directly related to revenue and clients. When compliance is a new concept in the company and less directly related to revenue, it is so easy to overlook tasks. When you feel frustrated, it is important to step back and take a “big picture” view of the job: We are here to protect the business from legal damage and uphold the code of conduct.
In summary, professionals new to compliance should be prepared both technically, with knowledge of the profession and the company’s policies, and emotionally, knowing your mission in the organization.
I hope this can be helpful to those who are looking into build a meaningful career in compliance. There are still a lot more challenges and questions I will encounter on my path in the future. I can’t say I am perfectly prepared, but I am excited to find them out and work them out.