Hiring a Chief Compliance Officer for the first time? Some of the most important decisions you’ll make occur before you ever bring in that first candidate for an interview.
These decisions set the groundwork for what the position will entail, to whom the person will report and how you’ll measure success. They ultimately determine what type of candidates you’ll attract and whether he or she will succeed in the position.
I’ve placed compliance officers at companies in a variety of industries, and surprisingly, not all of the companies have worked out these details before interviewing candidates. It’s easy to overlook them when you’re so focused on the need to bring someone on board as soon as possible.
Here are three steps your company needs to take before hiring a compliance officer.
1. Evaluate Your Company’s Risks
Risk management expert Andrea Bonime-Blanc, CEO of GEC Risk Advisory and author of The Reputation Risk Handbook helps companies of all sizes evaluate their compliance, governance and risk management needs. She said while you can benefit from the lessons other companies have learned the hard way, you need to consider your company’s unique needs above all else.
Consider the most prevalent issues within your industry, Bonime-Blanc said. If you’ve recently expanded overseas or are working with a number of third-party vendors, be on high alert for corruption. If you’re a financial or healthcare company, cyber-security and data privacy/protection is probably your most pressing concern. Take time to evaluate any compliance procedures currently in place and what specific expertise is needed to have a more robust protection program. Also factor in your company’s life cycle stage. Are you a start-up? On the verge of an IPO? Well-established? Each stage presents unique compliance risks.
2. Determine Your Risk Tolerance
Obviously no company can shield itself from every risk, but investing in compliance is a lot like investing in insurance: there’s always a trade-off in terms of cost. You can have basic coverage at a relatively low cost, or you can pay a premium price for premium protection. Most companies fall somewhere in the middle of this spectrum.
Bonime-Blanc recommends taking time to assess your risk tolerance. Factor in the implications to business, employees and all stakeholders should an infraction occur. To what extent are you able to withstand fines or sanctions? Reputational damage? Potential litigation? This discussion with the executive team, in advance of hiring, will help determine how much to invest in compliance and the level of the compliance professional that best fits your needs and culture.
3. Define Key Competencies
Compliance can have many different meanings depending on the company and the industry. Consider what specific functions you need your chief compliance officer to perform and how they will work with the existing roles at your company, Bonime-Blanc said. What competencies are most important? Compliance also has many different functions: policy creation, training, monitoring and testing, regulatory relations to name a few. Some of these functions may already exist in your organization. Know upfront if the organizational structure will need changes, or if you want a more matrixed approach, as this will affect what competencies the compliance officer needs. Your executive leadership team needs to agree on this before you move forward with crafting a job description.
It takes time to define these elements, and it may even lead to some disagreements among your leadership team. Still, it’s critical to recruit the right Chief Compliance Officer, especially if it’s your first one. He or she will have the opportunity to add tremendous value to your company. A year from now, you want to see the compliance role was positioned for success and you hired the right professional who capitalized on the opportunity.
For more tips from compliance expert Andrea Bonime-Blanc and BarkerGilmore, download our guide, “Hiring Your First Chief Compliance Officer: Navigating Unknowns.”