The Pathway to Becoming Chief Compliance Officer

Across industries and companies, the CCO role is one of incredible importance — and incredible diversity. Here, we provide a broad toolkit for emerging directors, AGCs, and senior level compliance professionals to use to chart their own course and build skills to become a CCO.

THE E&C PROGRAM IS AN ECOSYSTEM

CCOs are systems thinkers, looking across a vast landscape of risk, understanding how each element of the program works in harmony, and seeing the “forest” of initiatives that advance ethics and compliance. CCOs are strategic thinkers, often not mired only in day-to-day decision-making, who ruthlessly prioritize their time and attention. CCOs understand people and what drives them to succeed, allowing a unique perspective on building pathways that invite employees to make a responsible decision in the face of performance pressure, time constraints and working beyond capacity.

Ethics & Compliance Culture: Building Employee Capabilities. Developing responsible employee decision-making and positively impacting employee behavior.

• Training and communications
• Policy governance, development and operationalization
• Code of Conduct
• Culture surveys or analysis of employee behavior
• Reporting and guidance channels that foster a psychologically safe environment to ask questions, get early answers and raise concerns knowing there will be follow-through

Creating Infrastructure & Systems to Support Employees. Knowledge of—and leadership for—systems and controls that support employee decision making and manage risk.

• Controls design—regulatory or product/services
• Third party risk management
• Performance incentives

What’s Ahead and What’s Working: Detection and Monitoring. Programs reassuring leadership that compliance culture and systems are operating as expected and find areas for continuous improvement.

• Risk assessments and catalogs
• Investigations and root cause analysis
• Control design and catalogs
• Testing and data analytics
• Remediation

Speaking with Impact: Reporting. Tailoring a message to your audience using qualitative and quantitative data with a compelling narrative to report on program effectiveness and needed improvements.

• Board of Directors
• Executive Teams
• Compliance and Risk Management Community
• Business Leadership
• Employee Population
• External stakeholders (e.g., investors, regulators)

UNDERSTANDING AND LEADING THROUGH RISK

CCOs understand how the business drives risk, and they have a pulse on the company’s risk appetite. They look beyond the risks they know to those they know less. Become conversant in the company’s highest risks and work toward leading others who manage them day to day.

How We Build Things: Research and Product Design Risks. Examples include privacy, University partnerships, theft of trade secrets, insider trading, human rights, biased technologies, accessibility, consumer safety.

How We Make Money: GTM Risks. Examples include channel stuffing, revenue manipulation, roundtrip transactions, fraud, kickbacks.

How We Partner: Third Party Risks. Examples include competition, privacy, side agreements, conflict minerals, modern slavery.

Where We Operate: Geo Risks. Examples include sanctions, trade, export controls, state privacy or healthcare regulations, permitting and licensing, building or plant construction, data localization, social media platform content regulations.

Who Our Customers Are: Public, Private, Non-Profit Risks. Examples include public procurement, government contracting, bribery and corruption, World Bank or similar development bank funding, sanctions.

Our “For Good” in the World: ESG. Examples include materiality assessments, programs supporting human rights, sustainability, and Diversity, Equity, Inclusion, and Belonging (DEIB).

RELATIONSHIP BUILDERS

CCOs cultivate a reputation as a business partner, curious problem-solver and influencer—both within a company and beyond. CCOs spend time building relationships, trust and credibility through active listening, demonstrating thought leadership and expertise, and selflessly working to build others up.

Looking Around and Up: Expanding Relationships with Company Peers and Leaders. Build allyship beyond your core stakeholders while nurturing your E&C and Risk Management relationships; enable a company-wide community. Examples include roundtables, summit sponsorships, offering to partner on pilot projects, loaning your resources toward a shared initiative, job-sharing, being available as a sounding board.

Looking Outside: Expanding Your E&C Network and Developing a “Brand” as a Thought-Leader. CCOs are vision-setters, not just internally but also sought out as experts externally. Build momentum in the E&C and regulatory community through your ideas, learn-it-all attitude, offers for benchmarking, speaking, teaching, and inter-company collaborations.

FROM MANAGEMENT TO LEADERSHIP

Defining the Org: Vision, Mission, Programs, Goals, Projects. People need purpose. CCOs step back and reflect on their team’s collective contribution to the company mission—and articulate this in a clear and compelling way that includes an evergreen purpose and how today’s programs contribute.

Empowerment + Accountability: Moving Away from D2D Work into Strategy. While sometimes comfortable, micromanagement is antithetical to a CCOs role. CCOs lead through conscious empowerment, giving teams freedom to fail or succeed and demonstrating an “I have your back” attitude that shows up in meetings and projects.

Seeing the Future: Shifting Focus to a Longer-Term Horizon. CCOs look far ahead towards success factors that are transformative for the business, not just the compliance program. Spring-boarding off the empowerment given to their teams, CCOs “see the future” alongside their executive team peers and chart a course for how E&C will support and enable company growth.

Know Your People. This involves building team cohesion, identifying high potential employees, succession planning, and managing headcount.

• Build Bridges. Through role clarity, individual and collective public support, and knowledge sharing in standups and team meetings, CCOs foster collaboration in each element of the program, work to resolve misalignment and conflict and be prepared to explain decisions that outwardly may favor one function over another.
• Get on the List. With HR, CCOs identify a short list of successors including the strengths in their team members and consciously chose stretch projects, job rotations, executive engagement opportunities, or other initiatives that build capabilities.
• More Isn’t a Default. Every new headcount is precious. Consider people, processes and tools needed to move work forward. Practice data-driven business justifications as to why people—versus technology or other solutions—are a necessary choice. “More people” is often not the CCO’s initial go-to.

GROWING AND MANAGING A BUSINESS

CCOs model the best corporate behaviors around effective and efficient use of corporate assets. Developing rigor in your own org is a pathway to growing capabilities to appreciate that Compliance is a business unit.

• Where Do You Want to Be in a Year … Five: Developing an Annual Operational Calendar and Goal Setting. CCOs must draw on the risk assessment, company strategy and objectives, and other key inputs to develop a strategic plan that, with each successive year, furthers the compliance mission and vision, supports corporate goals, and enables growth and innovation at scale.
• Defining and Actioning Efficiencies: Consider your digital transformation strategy, how you sunset programs, and whether you have the right people in the right places.
• What can you stop doing? Periodically review what compliance must do, may do, and hopes to do. In tandem, assess what can compliance stop doing. This give and take brings CCO reassurance that the work being done is the most effective use of time and resources based on the regulatory environment, risk profile and tolerance, impact of new technologies and controls, and realities around budget and headcount.
• Leverage Your Team. Review and assess your team members’ strengths and align them with projects where they can have the greatest impact — even if it means moving them outside their core responsibilities or comfort zone.
• Are There Other Ways? It’s not always more; CCOs conduct cost benefit analyses to see if there are technologies that can take over low value, repetitive or highly manual projects, freeing up personnel for more nuanced projects, whether other teams will take on specific work or whether that work can it be outsourced.

Spending Wisely: Budgeting and the Compliance “P&L”: CCOs recognize the need to engage early with leadership and those involved in the budget process to lay the groundwork for resource requests. Be prepared to tie each line in a budget request to a specific risk, a specific company objective or technology that will reduce the need for further headcount. With data at their fingertips, CCOs demonstrate the efficiencies achieved through the adoption of technology and the sunsetting of legacy programs in favor of more impactful initiatives, and the savings achieved from investigations, monitoring and reviews of other programs.

Bringing Others Along: Prioritize change management, business reviews, and informing your team.

• Change is constant. CCOs strengthen the company’s agility and help ensure that change, whether large or small, is affected efficiently, with controls and process for clear communication, lines of responsibility, cross functional coordination, documentation, and a post-hoc evaluation to identify any learnings and ensure it is working.
• Compliance is a Team Sport. Compliance is everybody’s responsibility—and as a result, CCOs access and provide input into company performance metrics and business reviews. A CCO is better equipped to embed this in company culture and better prepared to do their job, through visible engagement in processes that look at how the company is performing against its objectives and what factors are influencing outcomes.
• Your People are Everything. CCOs have many tools in their toolbox, none more valuable than the people on the compliance team. Consistent, effective communication and transparency equip and empower team members to carry out the compliance mission and sets them up for growth and success. Lead your own business reviews, hold org meetings, invest in advancing DEIB initiatives and career growth for your people. They will become you one day.