What Companies Need Now
More than a decade of regulations, from the Patriot Act to Sarbanes-Oxley to Dodd-Frank, have helped to position the Chief Compliance Officer (CCO) squarely in the spotlight as an official and crucial member of the senior team. Compliance has always been a robust function in regulated industries, such as healthcare and financial services, but recently it has assumed far greater importance in less-regulated industries, such as professional services and manufacturing. In fact, smart companies in all sectors are now recognizing that the expanded role of the CCO can provide real strategic value, far beyond the boundaries of the traditionally circumscribed compliance function.
Risk awareness and prevention planning are now integral to each part of the business, what is referred to as an enterprise-wide approach. This stands in stark contrast to the discrete compliance function of the past, where there was likely a compliance officer for each individual business, each disconnected from the other. The more innovative approach, according to an enterprise risk strategy, is to have a Chief Compliance Officer who is capable of seeing beyond silo walls and understands what each business needs in terms of proactively managing risk. This is executed in an integrated fashion, not merely reacting to and complying with regulations. If you are thinking that this elevated, broader senior management CCO role calls for someone very different from the individual compliance officer of the past who may rarely have had to set foot outside of his or her office, you are right. And if you are hiring a chief compliance officer, this article provides a profile of the sort of person you should be looking for.
The new breed of CCO builds on and greatly enhances the duties and responsibilities of the traditional compliance officer, so he or she must comprise all the traditional skills and experience required to execute and supervise the compliance function. That will likely include those with both legal and audit backgrounds who have experience dealing with regulators. While the CCO may be alawyer, that is not a hard and fast rule; in fact, many highly capable CCOs come up the business route, not the legal route.
In addition to the functional requirements, to handle this more expansive role, the CCO must possess far broader capabilities that will enable him or her to be an effective member of the senior team. The CCO must be able to operate as both a colleague and a specialist in risk management & compliance in whom other C-suite members have complete trust and confidence.
The insider viewTo gather personal insights into what it takes to be a strong and effective CCO in the current… and likely permanent… environment where risk management is center stage, we spoke with several executives currently in the role.
All agreed that, in addition to the required financial and legal skills and experience, any successful CCO must first and foremost be viewed by other C-suite executives as a business partner. That means that he or she must understand each business inside and out and also possess the social skills and stature required to be accepted as a peer by other leaders. But it also entails a solid working relationship with business heads as well as a detailed understanding of the business strategy of each and how compliance can facilitate delineated goals.
If a new CCO is to be poised for success, established CCOs told us, the new executive must educate himself or herself by talking with audit and legal teams for each business before talking tothose in the business. Not only will this help to establish the CCO’s credibility from the outset, itwill help in parsing fact from fiction when talking with various managers in the businesses.
What was formerly a policing function has morphed into more of an advisory role, that requires not just saying “no” to initiatives that appear risky but consulting with those in the business and helping them to achieve their business objectives in ways that conform with compliance standards. As one CCO told us, “The compliance role today is about profit retention, not sales prevention.”
“There was a mentality around CCOs being cops,” said Janice Innis-Thompson, CCO of TIAA-CREF,“ and my staff tells me, ‘they’re still the police, they’re just the neighborhood police.’” Thompson says that a strategic thinker in the role can actually leverage existing and emerging rules and regulations to enhance, rather than inhibit, business objectives. And while some things are black and white in the view of compliance and require a direct yes or no answer, other issues are more complex. In fact there may be several solutions to getting to the right place in a business context, and a CCO who is also a sophisticated and knowledgeable business person can be an excellent guide. That requires another skill, which may often be underrated: the ability to listen initially, as a business partner, rather than immediately coming in and telling people what rules they are violating.
Those we interviewed told us a strong CCO must be a good team player and a good communicator, able to inform and persuade. “The very top leadership… the CEO and the board… send the message that compliance is of the utmost importance,” said Scott Mansolillo, CCO of W. R. Berkley, “but the CCO needs to go directly to the businesses and provide more of the detail.” He added: “It makes a big difference if I go to them; it’s a small gesture that makes a really big difference with relationship building.” Cordial but not too cozy might be the watchwords for relationships the CCO develops within the company, particularly with businesses where the CCO will be asking for changes to be made.
What a strong CCO looks likeWhile it is relatively easy to assess some of the criteria required to be an effective CCO, those characteristics that cannot be gleaned from a resume may be the most essential to success. That includes what might be considered the “softer,” more qualitative attributes. Following are some of the key characteristics to look for when hiring a Chief Compliance Officer:
Leader on a team of leadersThe CCO must be perceived as both a leader, in his or her functional area, as well as a peer and collaborator by others in the C-suite. The CCO must get out of the office and work closely with business leaders to understand their strategy and goals and gain their confidence so they will share both good and bad news. Stature and gravitas are essential traits if the CCO is to effectively interact with the board, the audit committee, management, and regulators.
Strategic thinker and creative problem solverWith a thorough understanding of the business strategy and objectives, on the one hand, and the regulatory environment, on the other, the CCO can be an effective partner and advisor to business leaders. He or she must be a creative problem solver, helping businesses to formulate solutions to risk-related issues, rather than just saying “no.”
Ability to connect with range of constituentsBecause the CCO must work effectively with such a wide range of constituents… the board, finance, communications, human resources, internal audit, regulators, etc… he or she must have the ability to communicate clearly and also to understand the “language” and priorities of each group.
International perspective is a plusWith so many companies now looking to expand globally, an international perspective, if not international experience, is highly desirable in a CCO candidate.
Unassailable reputation and credibilityThe individual leading the risk and compliance function, who represents the company before regulators and other key groups, must have a personal reputation that is beyond reproach.
Building a culture of complianceEven a CCO who possesses in abundance all of these key characteristics still needs an operating environment that is conducive to success to ensure effective compliance. CCOs we interviewed all referenced a “culture of compliance,” in which the CCO is a crucial actor but not the only one. This culture is built from the top down, where the leadership of the company and the board send strong, unequivocal messages about risk tolerance and the importance of proper compliance. The CCO should work with the leadership team to create this environment and then work to get buy-in from leaders and employees at every level of the organization.
We see a growing demand for this new breed of CCO, and given the times in which we live, it is not surprising. Companies at the head of this hiring curve view the CCO as a critical member of the senior team, and with the growing emphasis on risk management, these individuals are likely to be only more coveted in the future.
While this trend may have begun with corporate disasters like Enron and been ratcheted up by the 2008 financial meltdown, the prevailing corporate view of risk and compliance has evolved significantly in recent years and there is no going back. With directors increasingly focused on risk, including their own potential liability, and risk management making its way into proxies and credit ratings, the individual at whom the risk “buck” stops will continue to be a crucial member of the leadership team. The right person in the role, who can be both a consultant and partner to those in the business and with a broad overview of the entire risk and compliance landscape, will be able to add value well beyond the traditional compliance role.
Working with a compliance recruitment firm can help you more easily identify CCO candidates who fit the bill. For more tips on hiring your next chief compliance officer and what questions to ask, download this guide.
John Gilmore founded BarkerGilmore in 1988 and has been serving clients around the world ever since—more than 3,000 successful placements to date. He has helped match outstanding candidates to companies of all sizes, from key executives to the entire organization around them.