We all have heard the scenario involving a compliance professional. A new CCO joins a company with promises from the board, the CEO and senior executives of cooperation, compensation and support for a robust independent compliance function. The new CCO arrives with an idealistic spirit only to discover that he or she has been misled. Sure, the CCO has a title, and a nice salary, but has little else.
The CCO first realizes a problem when he or she is shown to his or her new office – in the basement, far away from the C-Suite. When the CCO asks the CEO about this, the CCO is reassured – “Oh, we will get you moved once we get into our new building, two years from now. Don’t worry, and welcome aboard!!!”
Next the CCO, sets up the first meeting with the CEO to go over the CCO’s ambitious plan to design and implement a robust and independent compliance function in the company. The first meeting is canceled several times and finally occurs eight weeks after joining the company. The meeting goes well; the CEO offers support and commends the CCO for a job well done. When it comes to implementation, the CEO quickly brushes this aside and offers support for bringing the program together over the next FIVE years. Uh oh!
The CCO knows that he or she is in trouble. This is not the right job nor is this going to be a good experience. The CCO takes the elevator to his or her basement office. What does the CCO do? Like any good professional, the CCO gets to work, building relationships with key colleagues in HR, IT, Legal, Finance, Security, Internal Audit, and with key business leaders. The CCO establishes a compliance committee within the company, consisting of representatives from all of these functions to get the job done and implement a real compliance program.
As the CCO builds the infrastructure needed for a robust compliance program, the CCO runs into a brick wall – the CCO does not have the resources needed. The CCO has asked everyone to pitch in with support, and most are doing so. The CCO cannot go back to the well and ask HR, IT, Finance, Legal, Security and Internal Audit for more help. That is not a realistic alternative.
So, here we are one year later, and the CCO has to go back to the CEO and explain to the CEO why the CCO needs resources, and needs them now. A significant budget increase is the only way to move this ball forward. How does the meeting go? What do you think happened?
As you are reading this, you may wonder – what happened to the board of directors? The CCO has only been allocated a yearly meeting face-to-face with the board. Each quarter the CCO submitted to the Audit Committee a written report on the CCO’s efforts. These reports did not raise any alarms but were merely a report on what the CCO was doing over the last quarter and where the overall effort stands. The board really has little idea, nor desire to learn, about the compliance function.
I have heard this scenario all too often. But there has been improvement. These scenarios are less frequent than they used to be, although they are striking when I hear them again. Large global companies based in the US have learned and are getting the message, so this scenario is not too common here in the US. Large global companies outside of the US, but with significant US presence or traded on a US stock exchange, sometimes fall into this scenario. Hopefully, that will change in time.
The CCO facing a CEO who gives lip service but no support to the compliance function has a lot of work to do. The scenario is made more difficult by the fact that the CCO has made no effort or has no ability to cultivate a relationship with the board. And maybe that is the real gist of this hypothetical.
A CCO without active and meaningful board support is like a kayaker in the rapids without a paddle – how is that for an analogy?
In the absence of board support, a CCO can live or die based on the CEO, and there is no guarantee that the CEO will survive in today’s difficult world. Nor is there any guarantee that a CEO will continue to support a CCO within the organization. Alliances can shift and compliance can sink or swim with the tide.
Over the next five years I expect that I will not hear from CCOs about these types of problems. Instead, I am optimistic that the message will get through – everyone succeeds with a robust and independent compliance function.