You’re the new compliance chief. Now what?
This blog first appeared in The FCPA Blog on March 18, 2016. It is posted here with permission.
By Worth MacMurray
Heads up: The six-month anniversary in your new position will arrive in a flash.
If you were hired as part of your organization’s response to a serious corruption allegation, you may still be in fire-fighting mode at this point, but starting to emerge for air.
If you were hired to design and implement your organization’s first compliance program, and basically to create your own role, you may be starting to encounter some obstacles.
Regardless of the circumstances of your hiring, you’ll arrive at the six-month point having likely accomplished more and laid better groundwork for the future if you ponder the following — both before you assume office and during your first few weeks on the job.
1. Manage your own expectations. The CCO role can be engaging and satisfying, particularly if one enjoys applying a variety of skills to challenging situations and issues. There may even be a honeymoon period of being welcomed with open arms by management colleagues. You should judiciously and promptly leverage this goodwill, while it lasts.
There are also aspects of the role that are highly stressful.
A window into what to expect and managing your own expectations accordingly can reduce this stress. Among the most common challenges faced by CCOs:
First, you’ll have one view of what’s required to do the job, and your CEO and CFO will likely have another, so in all likelihood (unless the company is in compliance crisis mode) you will constantly be scrapping for financial and other resources.
Second, based on recent enforcement actions combined with the issuance of the Yates Memo, there is now the specter of possible personal liability associated with the role. That’s particularly true in the financial services sector but applies to a wider group as well. So always working and planning with due care is paramount
And finally, most colleagues will say the right compliance-related things. But enjoying their support for the requisite actions may require a lot of persuasion, patience, and persistence. Expect more resistance when a change involves a long standing process or if additional time for due diligence, for example, is introduced into completing a major sale.
2. Manage the expectations of management and the board. For the organization’s benefit and your own, make a priority of beginning compliance dialogues with management colleagues and with the board. Also, get their thoughts about areas of possible corruption concern based on the organization’s present or planned operations, the related geographies, and compliance history. At this stage listen, listen, listen.
As you respond to their comments, start with the relative positives, and establish what your role is (risk management and mitigation) and how you can add value. Then take any inaccurate perceptions of the role and address them head-on. At this stage listen, listen, listen.
Start with the relative positives, and establish what your role is (risk management and mitigation) and how you can add value. Then take any inaccurate perceptions of the role and address them head-on.
You aren’t a guarantor. Your presence doesn’t mean that corruption allegations will cease or that corrupt acts directly or indirectly involving the organization will not happen
And it’s not your compliance program. You may be responsible for directing program operations and for certain aspects of the budget, but all employees and board members own the program and should act accordingly.
Additionally, begin the process of educating the board and C-suite about their respective U.S. Sentencing Guidelines program oversight (board) and operations (management) roles. Start instilling the importance of compliance program aspects such as tone at the top and culture. Make these themes part of the ongoing dialogue that you have now begun.
3. Assess and establish the baseline. Know and be able to prove where you started. Be able to establish a credible case for program evolution and progress. Apply what you believe to be the operative legal and other standards (e.g. US Sentencing Guidelines, FCPA and the FCPA Resource Guide, the UK Bribery Act and the guidance thereunder, and ISO 37001 — the draft standard for anti-bribery management systems). Identify possible gaps.
Complete the exercise even if there’s no initial evidence of an effective compliance program.
Consider having an independent third party conduct the assessment of the compliance program. Consultants active in the market can provide general and sector-specific leading practices and benchmarking data.
4. Jump into the deep end. Put on a businessperson hat and downplay the compliance card at every available and appropriate opportunity.
Impress upon your colleagues that you’re there for the same fundamental reason that they are — to advance the organization’s goals. Help them understand, diplomatically, that your role revolves around helping make transactions less risky and more sustainable from an anti-corruption point of view.
As you back up these words with consistent and sales-supporting actions and establish a level of trust, ask to become part of operational meetings with the most potential for increased visibility into possible corruption risk.
You’ll be able to measure progress by how many business meetings you’re invited to — even when you don’t ask.
Worth MacMurray is the U.S. General Counsel and Chief Compliance Officer of GAN Integrity Inc. in McLean, Virginia.