Beruflich Dokumente
Kultur Dokumente
STRATEGIC
Compliance
Officer
Workbook
LEARN THE SECRETS OF STRATEGY AND PLANNING TO
BECOME AN IN-DEMAND BUSINESS ASSET
Kristy Grant-Hart
with Donna Boehme
No part of this book may be used or reproduced in any manner whatsoever without written permission
except in the case of brief quotations embodied in critical articles and reviews. For information and
permission please contact:
Brentham House Publishing Company
71-75 Shelton Street
Covent Garden
London, WC2H 9JQ
Brentham House Publishing Company books may be purchased for educational, business or sales
promotional use. For information, please email the Special Markets Department at
Info@BrenthamHouse.com.
FIRST EDITION
A CIP Record of this book is available from the British Library.
ISBN: 978-0-9934788-3-3 (soft cover edition)
ISBN: 978-0-9934788-4-0 (electronic edition)
Praise for the Wildly STRATEGIC Compliance Officer Workbook:
“I’ve worked with hundreds of compliance professionals, at companies all
over the world. The true standouts are the ones who can plan, articulate, and
consistently deliver on strategic compliance goals. Wondering how you can
extricate yourself from the day-to-day firefighting and have real impact – on
your company, in your career, and even within the compliance industry?
Kristy’s highly engaging and very useful workbook will walk you through
how to start making the right strategic decisions so you, too, can be wildly
effective in your role.”
- Kirsten Liston
Founder, Rethink Compliance
"Kristy Grant-Hart has once again provided the compliance profession with
an easy-to-use reference guide which allows you to think through large,
eponymous and difficult risk management issues. Her workbook provides
both real world examples and key forms, which document the decision-
making calculus which you can use to worth risk issues. The universality of
the forms makes this Workbook a key resource for every compliance
practitioner, risk management professional or business leader struggling to
understand risk and its management for a more efficient and profitable
business."
- Tom Fox
The Compliance Evangelist
“This is not another theoretical, high level book that speaks ‘AT’ you. This
one walks the path beside you, guiding steering and advising. Meaningful and
relevant throughout, full of great examples and advice. I love the simplicity,
broken into bite-sized chunks that we can all relate to. If nothing else, this
should be your first stop on the Compliance & Ethics reading platform as
your foundation for your program."
- Susan Du Becker
Cisco Systems, Global Compliance
Contents
Introduction: A Tale of Two Compliance Officers
The Difference
Why Every Decision Is a Strategic One
Our Compliance Journeys
What This Book Will Do for You
My Notes and Ideas for Implementation
Chapter 1: Knowing Who and Where You Are
What’s Your Type, Baby?
Knowing Your Type
Riding the Compliance Wave
My Notes and Ideas for Implementation
Chapter 2: Choosing Risk: Do You Really Want to Eat the Whole Elephant?
The Elephant in the Room
Defining the Risks
Here’s Your Chance
A (Wo)Man with a Plan
My Notes and Ideas for Implementation
Chapter 3: Come Join Me in My Vision
Creating Your Three-Year Vision
Where Do I Start?
O ncompliance
the same day three years ago, Jaleel and Rashanda began work as
officers. Each was newly in charge of the compliance
program for a regional chain of fast food restaurants. Both fast food
chains had recently gotten into trouble for ethical failures, so both were in
crisis. Jaleel and Rashanda were both excited by the opportunity to make
their company better, and each was entirely committed to doing the best job
possible. But what happened next changed everything.
Jaleel’s Experience
Jaleel came in on day one not knowing what to expect. He’d researched the
company and spent his first few days meeting the management and learning
about their priorities. He carefully constructed a three-year plan, and at his
first board meeting, he presented his vision for each area of the compliance
program. He told the Board members what to expect, and showed them his
goals and milestones. The Board agreed with most of it, but questioned some
of the spending on the third-party due diligence program and online training
costs. Jaleel amended the three-year plan and sent a re-focused budget based
on the Board’s changes. The Board approved the budget and year-one goals,
and Jaleel went straight to work.
Over the rest of the year, Jaleel felt battered by the barrage of bad press the
restaurant chain received. He responded to these crises, but once each fire
was out, he’d diligently work on the projects he had highlighted as his
intended year-one accomplishments. At the end of year one, Jaleel went to
his Board meeting proud to highlight the third-party due diligence platform
and process he’d implemented. The Board asked why the Code of Conduct
hadn’t been updated, and Jaleel reminded them that he’d designated the Code
rewrite as a year-two priority, and that he’d begin working on it immediately.
The Board was happy.
Jaleel rolled out the new Code of Conduct in year two, and at the end of year
three he was able to compare his past three-year plan with his
accomplishments. The Board was thoroughly impressed. As Jaleel presented
his subsequent three-year plan, he asked for a bigger budget. He wanted a
dedicated training team member who could go to the various locations to
provide in-person training. The Board approved his new plan and his
expanded budget. Jaleel felt appreciated and knew he was trusted. He was
happy to continue at his job.
Rashanda’s Experience
The Difference
What was the difference between Jaleel’s and Rashanda’s experiences? Both
were equally well-qualified and enthusiastic about their job. Both were
similarly skilled and had similar backgrounds. But Jaleel took a strategic
approach to the position, while Rashanda simply put out fires and responded
to whatever was immediately in front of her.
Jaleel started by creating a plan to present to the Board. The Board liked most
of the plan, but provided feedback on where Jaleel should change it. In this
way, when Jaleel presented the amended plan and budget to the Board, he got
sign-off and buy-in on his vision. He ensured that from the beginning he had
clear goals and deliverables. The Board expected him to meet the goals and
deadlines he’d presented. They did not have their own private expectations of
what he was to accomplish, as Jaleel had set the stage for his success.
Because Jaleel had specific goals, his focus was not splintered into working
on many separate projects. While he had to deal with each crisis when it
came up, when he had down time, he went back to accomplishing the things
he’d highlighted as each year’s priority. Therefore, by the end of each year,
Jaleel accomplished what he’d promised, which gave the Board more faith in
him. His energies were focused on success, and at the end of the three years,
the Board knew if they gave Jaleel the resources he requested, he would use
them to accomplish the next set of objectives he set out.
Rashanda’s experience mirrors that of so many compliance professionals.
She went into the job excited and ready to make a difference. When a crisis
came up, she responded to it, but when it died down, her energies and
concentration were splintered on multiple projects, so no single project was
completed quickly. Because she hadn’t created a vision for the Board to buy
into, each Board member came up with their own unspoken expectations of
what Rashanda should be able to accomplish. When Rashanda didn’t deliver
on their unvoiced expectations, they lost faith in her.
At the end of the three years, when Rashanda asked for additional resources,
the Board said no because they felt she had misspent resources they had
already given her. She wasn’t able to point to many achievements, so the
Board declined to support her new requests.
Understandably, Rashanda felt bitter and unappreciated. She had worked just
as hard as Jaleel, but her work wasn’t highly valued, and her contributions
weren’t as visible. The difference between Jaleel’s and Rashanda’s
experiences came down to planning, setting expectations, and strategically
delivering results. Hard work by itself won’t make you successful as a
compliance professional. Your work must be directed, focused, and strategic
in order to bring forth results that get you appreciation and promotion.
There are many definitions of strategy. One source defines it as, “a high level
plan to achieve one or more goals under conditions of uncertainty.” Another
calls it, “The art and science of planning and marshalling resources for their
most efficient and effective use.”
As two experienced compliance officers who have spent a combined total of
over 30 years in the trenches, we believe that being wildly strategic in all
things is an essential attribute of a successful compliance officer for several
reasons.
Without a doubt, the mission of a compliance officer is complex and
extremely difficult. The strategic compliance officer must have the skills and
know-how to marshal and leverage organizational resources (including
engaged individuals), and to design, establish and manage a multi-
disciplinary compliance program that works to find, fix and prevent
misconduct or other serious organizational problems.
With so many moving parts and individuals involved at every stage of an
effective compliance program, the successful compliance officer and her
team are called upon to make hundreds of decisions and judgments every
week, both large and small, and prioritize multiple activities and projects.
Doing this effectively and powerfully is at the heart of being a wildly
strategic compliance officer.
The process of establishing a compliance and ethics program creates a “new
order of things” on many levels, and this may impact existing sources of
power in the organization in ways that may be perceived as threatening. The
wildly strategic compliance officer must be prepared to respond to challenges
and attacks on all things compliance in a careful and strategic manner in
order to ensure that the Compliance team and program are successful.
We couldn’t be more excited to share with you our strategies for developing
and maintaining a world-class compliance and ethics program tailored to the
needs of your business.
Kristy’s Compliance Story
I’ve been involved in some of the largest and most interesting compliance
investigations and monitorships in the world, but I didn’t start there. I began
my career wanting to be an actress and producer in Hollywood. At 18, I left
the cold confines of upstate New York to head to Hollywood to attend
UCLA’s School of Theater, Film, and Television.
After graduating, I got a job at Paramount Pictures, working as an
administrative assistant to the executives turning screenplays into movies. It
was fascinating, but I was looking for a more dynamic environment than an
office could provide. I left Paramount and moved to television production,
working on programs for Fox FX Television and Sony TV. After a couple of
years in film and TV, my goals changed, and I decided to go to law school. I
toiled my way through Loyola Law School in Los Angeles, working full time
during the day as a legal secretary and attending classes at night. After
graduation, I joined the international law firm of Gibson, Dunn & Crutcher,
working in their Los Angeles office and specializing in anti-bribery
investigations and litigation.
Early in my legal career, I worked on the monitorship of the Siemens
Corporation, which had been stung with the largest bribery fine in history, as
well as the monitorship of a major pharmaceutical company.
In 2011, Gibson Dunn sent me to London to work on an internal investigation
of one of the banks caught up in the LIBOR rate-fixing scandal. I was
supposed to stay only two years, but I fell in love, married a wonderful
British man, and decided to stay in London. After nearly six years at Gibson
Dunn, I left to become the Director of Compliance for Europe, the Middle
East, and Africa for the world’s largest business travel company, Carlson
Wagonlit Travel. There I was in charge of compliance in nearly 100
countries.
Ultimately, the siren song of entertainment called me back. I became the
Chief Compliance Officer for United International Pictures, the joint
international distribution company of Paramount Pictures and Universal
Pictures. As the first full-time compliance professional at United International
Pictures, it was my job to build a compliance program. I ran compliance for
more than sixty countries on four continents. As I travelled the world to
perform training, I was inspired by the commitment of the people in the
company to compliance and ethics.
In 2016, I created Spark Compliance Consulting, an international consulting
firm specializing in designing, implementing, and optimizing compliance
programs for multi-national companies. Spark focuses on pragmatic,
proportionate, pro-business compliance and ethics solutions, and on ISO
37001 anti-bribery management systems certification.
In addition to my job at Spark Compliance, I am an Adjunct Professor at
Widener University Delaware School of Law, teaching Global Compliance
and Ethics to their Masters of Jurisprudence students.
Along the way, I’ve been nominated for awards, including a nomination as
part of Gibson Dunn for Best Regulatory Law Firm of the Year from
Thomson Reuters in London, and Chief Compliance Officer of the Year at
the Women in Compliance Awards. I’ve been featured in the Wall Street
Journal, Compliance Week, FCPA Blog, Risk Universe Magazine, Corporate
Financier, Ethikos, and on the cover of Compliance and Ethics Professional
Magazine. I’m a current Board Member of the Society of Corporate
Compliance and Ethics, on the Editorial Board of the Compliance and Ethics
Blog, and on the Advisory Board of Convercent.
I have delivered keynotes and corporate training in more than thirty-five
countries on five continents, performed countless international internal
investigations, and researched the laws in more countries than I can name. I
have implemented compliance programs in places where none existed, and
strengthened compliance programs where a complete breakdown had created
chaos and public punishment of the company.
I met Donna Boehme at the beginning of my compliance career. She was
presenting at the first European Conference of the Society of Corporate
Compliance and Ethics, and I was mesmerized by her command of the room.
She clearly knew her stuff. Six months later, I was in Washington. D.C. in the
Hilton Hotel’s lounge during the SCCE International Conference. Donna was
sitting with her husband, and summoned all of my courage up to go talk to
her. I told her how much I’d enjoyed her presentation in London, and she
invited me to join her for a drink. I talked to her and her husband for what felt
like hours. We were fast friends immediately. I feel lucky to have met her,
and even luckier to collaborate on this book with her.
All of us enjoy working in a way that suits our personality and proclivities,
but is your natural way of working helping you to be a Wildly Strategic
Compliance Officer? Perhaps you love to collaborate with other functions, or
perhaps you’re the type who likes to run everything yourself. Identifying
your type can help you to see your own strengths and weaknesses, which in
turn will allow you to strategically identify how you work with the business.
Self-knowledge is a critical first-step to becoming a Wildly Strategic
Compliance Officer. If you know how you are likely respond to a situation,
you can evaluate whether your natural response is the best response. To find
out your compliance officer type, take the following quiz.
Add Them Up
Add up the number of A, B, C and D answers you gave. Then read below to
discover your Compliance Leadership Personality.
A Answers ___
B Answers ___
C Answers ___
D Answers ___
You know exactly what you’re doing. You love being in charge, and you
know that no one can do anything better than you can. You’re skilled, you’re
smart, and you hate it when other people interfere with your ability to get the
job done right. You’re the Authority, and you like it that way.
Strengths: Authorities are great planners. They love to be in charge and to
make and execute the plans they have created. They can be counted on and
boards and C-suites love their proactive approach to their job.
Weaknesses: Compliance is an inherently complex job requiring the input
and buy-in of many different areas of the business. Authorities can pigeon-
hole themselves, making it much harder to get things done. Their initiatives
may be blocked if they appear arrogant, which will fail to get the buy-in
required from other members of the business.
Advice: If you’re an Authority, be on alert to where other people and
departments can help you out. Be proactive in searching out others to whom
you can assign various parts of your tasks. Working together helps others to
understand the compliance function, and this can make you much more
effective.
If the business had just done things your way, they wouldn’t be in this mess.
You know what you’re doing, but they just don’t listen to you. Sometimes
people and businesses get what they deserve. Hopefully next time they’ll
listen to you so that you can properly do your job. In the meantime, your
expression and demeanor clearly says, “I told you so!”
Strengths: Blamers are excellent at unwinding what happened and performing
a post-mortem review. Blamers can see what went wrong, which can be
helpful in refining the compliance program, or helping the business to avoid
the problem in the future.
Weaknesses: Blamers are often stuck in the past, looking at what happened
instead of pro-actively working to make the program better and to improve
the situation. Additionally, most people don’t like to be publicly shamed or to
have their failures pointed out, so blamers can easily become unpopular
within a team.
Advice: Separate the recognition of what happened from the personal
responsibility of others. If you’re able to opine or give advice about what to
do next time without rubbing it in or shaming others, you’ll be much more
effective.
Your motto is, “Let’s all get together to get this project done! If we all work
together, we’ll be better off.” You love to work with others and to get
everyone’s input and buy-in. You naturally want to involve the other stake-
holders because you know that will help each project both in terms of buy-in
and in terms of utilization of talent and subject matter expertise.
Strengths: Your ability to work well with the other functions allows
compliance to pull in the best of others. You ensure that projects are
completed efficiently, because there is no need to duplicate a skill set or
assignment in compliance if it is already being completed by another
function. You are a team player and are likely quite popular with the
business.
Weaknesses: Working with others can create a leadership void, where no one
has responsibility for getting a project or investigation completed. You may
struggle to complete your initiatives because you are relying on, and waiting
for others to do their part.
Advice: Be clear when you delegate parts of your projects so that everyone
has the same expectation as to deliverables and timing. Make sure that you’re
on the same page with everyone on your team and in the different functions
when you share responsibilities and that everyone holds themselves
accountable to deadlines.
You think everything is going fine. It’s going so well that it really doesn’t
need input from you anymore, right? You’re happy with the way things are,
and you don’t want to rock the boat. It’s not that you’re lazy, it’s just that if
you start changing things, people may react badly. The status quo is just fine
with you.
Strengths: You are good at maintaining continuity. People know what to
expect from you and generally get what they expect. You feel safe and
comfortable, so for many, you are easy to work with.
Weaknesses: If you aren’t proactively looking after your program, it is likely
to fall behind and fail to respond properly to new risks. Your company runs
the risk of believing that the compliance function is handling problems, when
in fact it is simply ticking over day-to-day without a plan for fixing problems
in the future.
Advice: Balance your desire to maintain the status quo with a forward-
looking risk assessment and annual goals. You need to shake up your
program once in a while. Be proactive to give the business confidence that
you can handle the job.
Once you know your type, you can look out for your strengths and
weaknesses as you create and refine your compliance program. Every type
has strengths and weaknesses, and the more you are able to compensate for
your weaknesses and highlight your strengths, the more effective you will be
at your job.
As you work through the rest of the book, think about how your type affects
your decision-making. Perhaps you need to work to add more of another type
into your behavior? The more you are able to evaluate what the best response
will be, the more effective you can become.
Every type has strengths and weaknesses, and the more you are able to
compensate for your weaknesses and highlight your strengths, the more
effective you will be at your job.
When you’ve been in compliance for a few years, you begin to notice a trend.
Investment in compliance and ethics programs comes in waves, and it can be
incredibly helpful to your sanity if you recognize that like many things,
investment and interest in a compliance program is usually cyclic. When you
understand the cycle, you can understand where your organization is and
anticipate what is to come. The cycle has four stages:
Stage One: Low Investment
A company that has never had a compliance program or has entirely stopped
investing in it begins here. Usually there is no understanding that compliance
is needed, or it is presented as an after-thought, frequently with the legal
department handling compliance in its spare time.
Now that you’ve read about the four stages, where is your program?
________________________________________________________________________
Knowing that you’re in Stage ____, what actions can you take to mitigate
harm to yourself and your program?
________________________________________________________________________
Knowing that you’re in Stage ___, what actions can you take in order to gain
advantage for yourself and your program?
________________________________________________________________________
________________________________________________________________________
Once Stage Four’s forgetting begins, Stage One reappears, with low
investment in compliance and ethics. Inevitably, a problem occurs, which
reignites Stage Two, and the re-investment in compliance and ethics.
If we know this is the traditional cycle, why aren’t corporations better at
managing it? Why isn’t investment in compliance and ethics a consistent,
year-in-and-out priority which protects the company and saves money by
investing in a compliant and ethical values-based culture? The answer is
easy: people forget, and short-term thinking rules the day.
The good news is this: when you understand the cycle, you can see where
you are within it and know that it will inevitably run its course again. Don’t
be discouraged if you’re in Stage One or Four, and don’t be too overwhelmed
in Stage Two. Likewise, if you find yourself in Stage Three, understand that
Stage Four will come – but likewise, so will reinvestment and the
remembering of why compliance and ethics are critical for every business.
Riding the compliance wave can be difficult, but it can also be the ride of
your life.
The good news is that when you understand the cycle, you can see where
you are within it and know that it will inevitably run its course again.
Now that we know who we are and where we are, let’s continue with an
unexpected question: Do you really want to eat the whole elephant?
My Notes and Ideas for
Implementation
________________________________________________________________________
CHAPTER 2
One of my consulting clients works for a large national company that used to
be a governmental agency. Several years ago the country de-regulated the
industry and sold the group as a private company, completely changing the
risk profile. What used to be a protected government entity was now subject
to the laws facing every other business.
The compliance department at the new entity had to be completely revamped.
To the dismay of my client, the Board of Directors assumed the answer to
“Compliance with what?” was “every possible law.” This assumption was
never clearly stated, and so my client, the CCO, was constantly hauled into
board meetings when anything went wrong and asked, “Why aren’t you
managing this risk?” or “Why haven’t you addressed this?” The answer was,
of course, that she hadn’t been given the resources or authority to handle all
of the risks. And because she hadn’t been given the resources or authority,
but was assigned the blame if anything went wrong, she was in a lose/lose
situation.
Bribery
Competition/Antitrust
Data Privacy
Cyber risk/Identity theft
Trade sanctions/Import/Export
Health and safety
Culture and ethics
Modern Slavery/Trafficking
Bullying
Labor and employment
Government/Permits
Travel/Kidnapping
Terrorism
Money laundering
Products liability
Supply chain management
________________________
________________________
________________________
________________________
________________________
________________________
________________________
________________________
________________________
________________________
________________________
________________________
________________________
________________________
If you work in financial services, you may have listed a number of banking-
specific laws you need to manage. By contrast, if you work in
pharmaceuticals, you may have listed various gift-and-hospitality laws, as
well as enhanced privacy laws and labeling laws. Perhaps you work in
agriculture, so you probably have listed water-rights and animal welfare laws.
Whatever they are, make sure you have captured the major risk areas.
Now that you’ve outlined the major areas in which your company or
organization has risk, fill in the first two blocks of the Wildly Strategic
Compliance Officer Risk Ownership Chart to determine which of these risks
you own completely, which you jointly own, and which are not yours. You
can download a copy of this chart from www.ComplianceKristy.com.
Competition/
Antitrust
Data Privacy
Trade Sanctions/
Import/Export
Modern Slavery/
Trafficking
Bullying
Labor and
Employment
Government/Permits
Travel / Kidnapping
Terrorism
Money Laundering
Products Liability
Supply Chain
Management
To give you a sense of how this works in practice, I’ve filled in the first
several lines of this form as it exists for one of my media clients.
In our example worksheet, you can see some of these areas, such as cyber
risk, have not yet been adequately addressed by anyone. It may be that people
in the business are aware that cyber risk exists, but no concrete plan has been
made to address the risk. It may also be that people pass the risk profile back
and forth without taking ownership of the risk. This may be done out of fear
of taking responsibility, or because there are not resources available to
properly tackle the risk.
Once you’ve identified the risk buckets, your next task is to determine
whether each of the areas of risk is explicitly assigned to each owner. Write
down which functions or departments explicitly own each risk. In this
context, “explicit” means either (1) the risk is assigned to the department or
individual in a written-down policy, meeting minutes or procedures
document, or (2) everyone agrees the risk is handled by the assigned
department. Where no one explicitly owns the risk, note which functions
implicitly own the risk. A department or function may implicitly own a risk if
(1) the function is the de facto owner or responder to the risk, or (2) others
believe that the function is the owner, even though no one has ever said that
in an official document, policy, or explicit conversation.
This is how the form exists for the same media client.
Before you fill in the last column, think back to Chapter 1. Which compliance
officer type are you? You should consider your strengths, weaknesses, and
predilections before deciding how you want to fill in the last column. If
you’re an Authority, do you really want to take on all the risk managing the
data privacy program? If you’re a Collaborator, what responsibilities should
you give to Human Resources so that you are sure you can complete the
necessary tasks to keep the employees safe in all areas of your business? Be
sure to look at your own biases and natural ways of working to determine
whether they are the best, most efficient and most strategic for the situation in
which you find yourself and your program.
Now that you’ve carefully thought it through, fill in the last column of the
Wildly Strategic Compliance Officer Risk Ownership Chart. Take the time to
write down the next steps required to properly and explicitly assign each risk,
rather than the next action required. For example, let’s say you know that
certain high-risk sales executives need to receive anti-bribery training. Your
“Needs and Next Steps” column shouldn’t note this. Instead, the column
should note the need to determine which function owns bribery risk. Once the
proper function has been identified and explicitly given the responsibility for
bribery risk, then the conversation about anti-bribery training can follow.
I’ve filled in the first several lines of this form as it exists for one of my
media clients to show you how this evaluation looks in practice.
Wildly Strategic Compliance Officer Risk Ownership Chart – Media
Mogul Company Ltd.
Fill it out:
The ideal time to create and promote your vision is within your first few
months on the job, or at your first Board meeting. But if you haven’t
presented your vision previously, there is always time to promote yourself as
a true leader to the Board and to the business.
In order to communicate your vision, you are going to want to create three
things: (1) your three-year plan; (2) your one-year goals and deliverables; and
(3) your monthly compliance dashboard.
The first thing that you should do is create your three-year vision document. I
have created compliance programs from scratch, both as a Chief Compliance
Officer and as a consultant working with many multi-national companies. It
is critically important to get the Board and C-suite to buy into your vision for
the program. If your vision and theirs aren’t aligned, you may accidentally go
in a direction they don’t like, which will create several bad outcomes.
First, the Board will have their own ideas about how your program should
look in three years. By not setting the agenda and getting their agreement up
front, you aren’t controlling the conversation, which means you are up
against unspoken expectations, which can be the kiss of death for your
capacity to succeed.
Second, if you express your goals and vision and they are distinctly different
than the Board’s expectations, it is much better to find out early so you can
align your vision with their expectations. If you go about creating a program
that doesn’t meet their expectations, or that meets your vision but not theirs,
you will not succeed. Moreover, even if you create what you believe to be a
brilliant program, you will not have met their perceived needs.
Finally, you must create a shared vision, because all of your requests for
resources depend on your ability to convince the Board that you need the
resources to execute your shared vision. If you ask for $100,000 for a new
system, and you haven’t created a shared vision, the Board will find it easy to
say no to you. If, however, you’ve created a shared vision, when you request
$100,000 to achieve one of your agreed-to objectives, you are much more
likely to have the request granted, because the Board understands why you
need it.
Where Do I Start?
So how do you create your vision for the program? I like the categories or
elements of a compliance program that are identified within the U.S. Federal
Sentencing Guidelines. International readers, take heart – I’m London-based
and have created many programs from scratch for companies operating solely
in Europe, the Middle East, and Africa.
The thing about the Federal Sentencing Guidelines (Chapter 8) is they were
originally written to describe how a “good” compliance program should
operate. After the creation of the “seven elements of a compliance program”
as defined by the U.S. Federal Sentencing Guidelines, the U.K. Bribery Act
came with guidance specifying what “adequate procedures” meant, and that
guidance looked suspiciously like that incorporated within the U.S. Federal
Sentencing Guidelines. In 2017, the International Standards Organization
introduced the ISO 37001 Anti-Bribery Management Systems International
Standard, which once again mirrored the elements found within both the U.S.
Federal Sentencing Guidelines and the U.K. guidelines on what makes for
adequate procedures against bribery.
The reason all of the international standards use the same basic ideas is
because they provide an outstanding framework from which to create a
compliance program. It is compelling that the world has agreed on the basic
requirements for an outstanding compliance program, because it makes it
easier not only to create a good program, but also for regulators and corporate
boards throughout the world to agree to your vision.
There are seven basic areas of a compliance program required by the
international frameworks:
1. Policies and Procedures: Policies and procedures include your
Code of Conduct and all other written documents that guide the
behavior and processes of your program.
6. Risk Assessment: You will likely need to rank the business areas
by risk of bribery. For instance, if you have some business units
that deal exclusively with government contracting, they are
probably at higher risk than your legal and human resources
functions. Likewise, you may need to assess risk based on the
country, using the Transparency International Corruption
Perception Index, or another scale.
By taking each area of risk and putting controls around it throughout your
program framework, you will be able to create a fulsome response to risk,
which will allow you to effectively and strategically respond to the risk in the
business. Here’s your chance:
1. Policies and
Procedures
2. Training
3. Monitoring
4. Messaging
5. Due Diligence
6. Risk Assessment
7. Governance
Once Eleanor had developed her three-year plan, she needed to decide how to
present it. One of the most effective ways to present your three-year plan is to
juxtapose where the business is now and where it is going for each of the
seven areas of the compliance program. When you show the business what is
already in place, and then show it where you think the program should be in
three years, the logical progression is to create a roadmap for getting from
here to there.
It is important that you draft measurable outcomes for the “where we are
going” sections. You won’t know – or be able to prove – if you’ve succeeded
in “embedding compliance in the DNA of the company.” However, you can
prove that “95 percent of the third-parties associated with the business have
completed the new due diligence process.” Try to set objective goals for your
program wherever possible, so when you’ve accomplished them, you’ll be
able to say so. Let’s look at each of the seven areas one by one so we can see
some example goals.
Try to set objective goals for your program wherever possible, so that
when you’ve accomplished them, you’ll be able to say so.
Area 2: Training
Area 3: Monitoring
Area 4: Messaging
1. Policies and
Procedures
2. Training
3. Monitoring
4. Messaging
5. Due Diligence
6. Risk Assessment
7. Governance
Once you’ve outlined goals for each of these areas, you can easily juxtapose
where you currently are with where you want to go. You can create slides or
a presentation that will show the Board your vision.
TRAINING
The goal with each slide or discussion point is to get buy-in from the business
leaders, C-Suite or Board, so that when you ask for the budget to obtain the
resources you need to meet your goals, you will have an easier time
advocating for those resources.
Fill out the following matrix to help you define your three-year plan by
showing where the company and program are now, and where you hope to be
at the end of the three years.
1. POLICIES AND
PROCEDURES
2. TRAINING
3. MONITORING
5. DUE DILIGENCE
6. RISK ASSESSMENT
Once you’ve got buy-in for your three-year vision, it is then up to you to
make your year-one goals. Try to ensure that each of your year-one goals is
attainable. During the first year, you want to prove that (1) you have vision,
(2) you can get buy-in for your vision, and (3) you can get your vision
accomplished. You want goals you can accomplish so that you can trumpet
your achievements at the next Board meeting or annual review.
You can create stretch goals for years two and three, but for year one, go for
goals that you know you can achieve so you become someone who is known
for fulfilling promises. Eleanor created her year one goals by focusing on the
projects she’d already started. For instance, she listed “perform in-person
training for our high-risk sales groups throughout the U.K.,” as she was
already scheduled to speak at the sales conference later that year. She focused
on attainable year-one goals that she was likely to achieve, which allowed the
Board to see her as a success.
You can create stretch-goals for years two and three, but for year one, go
for goals that you know you can achieve so you become someone who is
known for fulfilling promises.
YEAR ONE
Fill in the following matrix with your year-one goals. Remember that they
need to relate to your three-year plan. For each area of the compliance
program, your year-one goals should be (1) measurable, specific, deliverable-
oriented goals that will (2) drive your ability to successfully complete your
three-year vision.
YEAR ONE
1. Policies and
Procedures
2. Training
3. Monitoring
4. Messaging
5. Due Diligence
6. Risk Assessment
7. Governance
Fill in your month-one Compliance Dashboard, using the year-one goals you
developed previously in this chapter.
(2) Training
(3) Monitoring
(4) Messaging
(7) Governance
Putting It Together
Employing the strategies in this chapter will help you to ensure you’re on the
same page as the Board and C-suite within your organization. You’ll also be
able to keep yourself on track and focused on the things that matter to your
employer. By creating a vision, and having the discipline to evaluate your
progress on a monthly basis, you are much more likely to be successful as a
Wildly Strategic Compliance Officer.
“Mr. Bumble sir, I want some more.” “MORE? Did you just say
MORE?” – Oliver Twist
hen your program needs more resources, it is critical you receive them.
W But in this cost-cutting, post-recession world, how do you effectively
make your case to the Board of Directors or the C-suite? How do you
ensure the best chance the resources you need will be forthcoming?
In my former role as Chief Compliance Officer for United International
Pictures, I reported to the Compliance Committee of the Board of Directors
twice a year for several hours. I was responsible for making the case for the
compliance department’s budget, and for asking for additional resources
when I needed them. The following are proven ways to persuade the Board
and C-suite to give you the resources you need.
Answer the following questions to narrow down exactly what you need from
the business:
________________________________________________________________________
________________________________________________________________________
Practice
People have faith in people who come into the room confident and ready to
make their presentation. Practice enables you to be confident in your
presentation, and to be ready for any follow up questions. If at all possible,
use another member of your team to ask you every question he or she can
come up with about your proposal to the Board. Practice delivering the
proposal and navigating the question and answer session until you are
comfortable making your business case. The more specific you can be, the
more prepared you will seem, and the more likely you are to get approval for
your request.
Before I went into any Board meeting, I would ask my junior attorney to
watch my presentation and give me feedback. She’d sometimes see places
where I’d made a leap without explaining myself. When you’re an expert on
the topic, it is easy to forget to explain the background in enough detail that a
layman could understand it. By practicing out loud, and getting unbiased
feedback, I was able to make my presentations more effective.
Name three people you could ask to help you practice your presentation or
your pitch for resources:
___________________________________________________________
___________________________________________________________
___________________________________________________________
Use Stories
Men and women have been using stories to educate and inspire others since
the beginning of communication. You can use stories in a powerful way to
obtain buy-in from the Board or C-suite. One of the most effective ways to
use stories is to bring in cautionary tales from your industry. If another
company in your industry or an adjunct industry has recently had a
compliance failure or import/export fine, use the story to put the Board or C-
suite on notice.
Studies have shown that people relate most strongly to stories featuring
people like themselves. If you can tell a true story using people from a
competing company, or people from a company in the same industry,
country, city or company size, you are more likely to have the Board
members put themselves in the shoes of those that had a failure. You are
much more likely to get what you need when the Board is emotionally
affected by the possibility of failure regarding export/import or sanctions.
Stories create emotional reactions in people in a way that facts and figures do
not. Use the power of storytelling to your advantage.
For example, let’s say you work in the technology sector, and you want to
implement a Know Your Customer protocol. You could tell the Board
members about the recent $1.5 million penalty imposed on a company for
selling products to Iran and Sudan, and to sanctioned parties in Syria. Using
an example within your industry can be particularly effective, as leaders
within an industry frequently know each other socially from industry
meetings and networking events. When you make the case that the new
program will cost $100,000, versus the risk of a $1.5 million fine and the
accompanying reputational damage, it is much easier to have your request
approved.
Another way to use stories is to paint a picture of how the business would be
more efficient, more effective, or better served by the granting of the resource
request. Tell the story of how the company will work after implementation,
focusing on the results of the investment. It is unlikely the Board or members
of the C-suite are interested in the details of how your new computer system
or employee resources will work. Instead, tell the story of how much better
off the company will be after the resources have been implemented. A good
story is worth more than 1,000 spreadsheets.
Use Fear, but Follow Up With Specific Actions
Using stories that evoke fear in the Board or C-suite can be very effective in
helping them to understand your need for greater resources. Be sure to
explain what can happen if the resources aren’t granted. Once you’ve set the
scene with potentially catastrophic outcomes, give the Board or C-suite your
solution so they can agree to it. The commonly used platitude “don’t shoot
the messenger” may apply to you if you tell the Board or C-Suite they are in
a precarious situation. They may turn their anger or worry on you. However,
if you provide a plan that will resolve the worrisome situation, the Board is
likely to approve plan, and therefore the request for more resources, which
will allow you solve the problem.
Use Visuals
Studies have shown that some people learn in an auditory way, while others
learn visually. If possible, bring visual aids to your presentation. When
people are using more than one of their senses, they are much more likely to
become engaged. If you are presenting in both a visual and audio way, you
are more likely to get the attention of your audience.
For example, I was consulting with a client who was implementing screening
software that would automatically check if third-parties were on sanctions
lists like OFAC’s Specially Designated Nationals list. He wanted to purchase
the vendor’s add-on service, which would evaluate and eliminate the vast
majority of false-positive hits before the client’s compliance team had to deal
with them. This add-on feature cost several thousand dollars a year, but my
client knew his team’s time was better spent on other work. To demonstrate
the value of the false-positive clearing service, my client included three slides
in his presentation to show the false positives in a simplistic format. My
client said to the Board, “OK, let’s say you’re receiving the report. It says
that our customer Jorge Garcia Sanchez may be a match to someone on the
sanctions list. Look at the match. Can you see why our customer isn’t the
same person?” The Board members immediately saw on the slide that their
customer Jorge Garcia Sanchez lives in Spain, while the Jorge Garcia
Sanchez on the sanctions list lives in Mexico. After going through three
examples with the Board, my client said, “We can eliminate this waste of
time by having my team review only potential true matches.” My client
received approval for the service.
Because the Board had engaged in a simplified version of the activity, they
could tell the add-on provided real value and made business sense. The visual
examples made all the difference in their understanding of the problem and
the benefits of the solution.
Use pictures where appropriate. If you’re using PowerPoint, be sure your
slides are easily readable. Use as few words as possible on each slide to get
your point across. Remember, reading aloud what’s written on your slides
actually makes you less effective than if you have no slides. When you read
the texts on your slides, people soon realize they can read what you are going
to say, and they tune out. Use slides as a tool instead of a script.
When you present to the Board, lead with the request for the resources that
you want most, but be prepared with a higher cost option and a lower cost
option. If the Board or C-suite questions whether the resource is really
necessary, be prepared to show a cheaper and a more expensive option. Being
prepared with a choice of options will show the Board two things: First,
you’ll show you’ve done your research and thought about what you need. But
more importantly, the Board or C-suite will feel that they have a choice,
which will make them feel empowered.
When you are presenting your options, assume that the answer will be yes.
Author Alan Weiss describes this pattern as a “choice of yeses.” Instead of
presenting a yes/no possibility, you should state that the Board or C-suite can
“choose which of these options works best for the company.” This language
assumes that one of the options will be chosen, which instinctively tells the
people evaluating the decision that their job is to pick one of the options. It is
much less likely that the Board or C-suite will say “no” when they are
presented with a “choice of yeses.”
Putting It Together
Combining all the previous techniques will make it more likely that your
request for greater resources will be approved. Helping the Board or C-suite
to understand the problem via storytelling, and offering solutions in a way
that is likely to obtain a positive response, will go a long way toward making
you highly effective.
My Notes and Ideas for
Implementation
________________________________________________________________________
CHAPTER 5
“Power … how did such a good thing get such a bad reputation? Many
people have negative connotations about power… it corrupts, subjugates,
controls, and abuses others. But this is not power – this is abuse of
power. Distilled down to its simplest definition, power is the ability to
make happen what you need to have happen without ever violating the
rights of others.” -
- Kate Sanner
O neyourofbusiness.
the most important things you can learn is how power operates in
Oh, sure, you can look at the organizational chart, but that
won’t tell you who really has the power. It also won’t tell you who the
undercover influences are, and how to use them to get your agenda moved
forward. The truth is that power dynamics strongly affect your ability to be
wildly effective. If you don’t strategically use power sources, you’ll be stuck
on your own, trying to push the rock uphill. It’s so much easier to align with
the leaders of your business than to fight against them.
Once you’ve learned who has the power, you must learn how to work with
them by getting to them emotionally.
Noble Cause
This motivation centers on pride in corporate social responsibility, and in
being the most ethical company possible. For some companies in the business
community, connecting to the ideals of corporate social responsibility and
ethical business is easy. Many companies, such as Starbucks or TOMS
Shoes, use their ethical business credentials as a marketing element. For
companies who are members of the United Nations Global Compact,
corporate social responsibility is a mandate they have chosen to fund and
measure.
If you are lucky enough to work for a company with corporate social
responsibility or ethical business as part of its identity or marketing,
congratulations! Things may be easier for you, as you sell compliance as part
of the corporate mission. A company with an espoused ethos of positive
governance is much more likely to be compelled to protect its reputation, and
the reputations of its employees, by complying with all laws and regulations.
Likewise, you may be lucky enough to work with individuals or business
leaders who hold themselves to high ethical standards, and believe that
complying with the law is simply the right thing to do. If you are employed in
a company or with people who are motivated by Noble Cause, you should
work to inspire them to be their best selves when it comes to complying with
the law, and to instill in them the sense of purpose you connect to as being
part of the movement of compliance that can and is changing the world.
People motivated by Noble Cause will respond most strongly to stories where
the company is put in the spotlight as one to emulate and admire. Compliance
professionals should focus on finding storylines where the business is seen to
be doing more for the world, or being at the forefront of the most ethical
business within the industry, country or environment in which the business
operates. People motivated by Noble Cause like to imagine their company is
a shining beacon on the hill. They want their company to be the benchmark
against which other companies compare themselves. Use this motivator to
show them how much better the company could be with continued
compliance investment and improvement.
Competitive Edge
The Primary Motivator of Competitive Edge centers on winning business
through the use of compliance as a business advantage. Many sales people
can be lured onto the side of compliance when motivated by winning
business through the use of Competitive Edge.
Compliance, good governance and proper procedures really can be a business
advantage. If there hasn’t yet been a scandal in your industry or region of the
world, there will be eventually. Because multi-national corporations are
frequently the ones concerned with compliance and procedures, you can tell
your business units that ethical business and a good compliance program is
the best way to position your business to win large contracts.
Additionally, world governments are more and more frequently requiring
compliance programs and supply chain compliance as part of their criteria for
awarding contracts. In the United States, for instance, government contracts
must have compliance provisions throughout the supply chain to ensure that
no forced labor is utilized. If a company has a powerful compliance program
in place, new regulations are less likely to disrupt business.
In order to effectively use Competitive Edge, you should tell stories of
similar companies in your industry or aligned industries that won contracts or
business because of the strength of their compliance program. For example, I
was fortunate enough to be at Carlson Wagonlit Travel when the
GlaxoSmithKline scandal struck. Allegedly, GlaxoSmithKline had been
moving money through travel agencies in China in order to create a slush
fund that could be used to pay bribes to doctors in China to prescribe their
drugs. All of a sudden the major multi-national pharmaceutical companies
were banging on the door at Carlson Wagonlit Travel, as it had not been
associated with the travel agencies alleged to have been involved in the
scandal in China. Carlson Wagonlit Travel’s compliance program,
membership in the United Nations Global Compact, membership in TRACE
International, and reputation for responsible business was a major business
advantage. Those memberships and programs, which had occasionally been
questioned by various people within the business, suddenly became
marketing and sales tools the business could exploit for greater sales.
Leveraging the Primary Motivator with the Power Sources
Each company will have a dominant Primary Motivator, and each individual
within a company will also have a Primary Motivator. Companies tend to
attract people with similar Primary Motivators. To be most effective, you
must leverage both the Primary Motivator of the company and the Primary
Motivator of each individual Power Source.
t’s 3:00 a.m., and your phone is ringing for the fourth time. It’s jarring – your head is fuzzy, and
I you’re not sure what’s going on. You answer the phone and wearily say, “Hello?” It’s a crisis.
Perhaps the regulators have notified the head office about an investigation. Perhaps your European
offices are experiencing a dawn raid. Perhaps you’ve received a whistle-blower complaint alleging
fraud, or the CEO has been carrying on an inappropriate sexual relationship and it is about to be
reported in the Wall Street Journal. You’re awake now. How do you respond?
Preparing for a crisis, and understanding how to respond strategically, is a critical skill for a compliance
officer. The more you are able to be mentally prepared, the more likely you are to respond
appropriately and proportionately to the situation.
One of the first decisions you must make in a crisis is with whom to share the
information. My friend Roberta was the Director of Compliance for Europe
and the Middle East for a financial services company that was under
investigation for potentially violating sanctions against Iran. She reported to
the Vice President of Global Compliance, and had a dotted-line reporting
structure to the President of her region. The previous month, the CEO stated
he would fire anyone who was found to have tried to circumvent the Iran
sanctions. One morning Roberta received a phone call that a sales manager in
Belgium had found a way to work around the sanctions-checking software
used at the firm, and had completed a transaction with an Iranian entity.
Roberta had a choice – she knew the President of the region would want to
know immediately so he could try to control the damage, but her direct
reporting line was to her boss, the head of compliance.
Roberta called her boss and explained what happened. She then called the
President of her region, who asked if she had told her boss. When she said
yes, the President erupted. He began to scream, accusing her of violating his
trust and saying she was not pro-business. He was afraid of getting fired, as
his direct report had made the error. Roberta was conflicted. Had she done
the right thing?
When you’re facing a crisis, you must be strategic about whom you tell, and
in what order you tell them. If you’re not the global head of the compliance
program, or if you report to the General Counsel, and not the CEO or Board,
you are usually best off telling the head of compliance or the General
Counsel about the crisis first. If you are the head of compliance and you don’t
report to the General Counsel, you should usually tell the CEO about the
crisis first.
Be sure to think through whom you will tell about the crisis, but first consider
how you will tell them. Whenever you have to deliver bad news, always
follow it up with a plan for how the company can begin to fix the problem.
When people hear bad news, it is easy to want to shoot the messenger. By
stating both the problem and a solution (or a plan for investigation), you
become an ally who is alongside the business, resolving the issue.
It is tempting to share salacious stories or bad news with colleagues,
especially if your colleagues are your friends. Try to resist the temptation.
Although compliance officers are only human, we are held to a higher
standard, and required to maintain confidentiality. Sometimes this is harder
than it looks.
Several years ago, the business manager in charge of Italy was causing me
trouble. I gave him explicit directions about actions he was not to take,
because they did not comply with the law. Not only did he not follow my
instructions, he wrote an email that was later forwarded to me, alleging that
compliance had told him he could do the thing I told him not to. I was
furious, but there was no one I could talk to about it. I went to the bathroom,
closed the door, and ranted to myself about what a callous, ridiculous jerk he
was. Once I had calmed down, I went back to my desk and wrote a reasoned
email to the CEO explaining that he was incorrect – I had not authorized the
behavior, and I had email proof to show the instructions I had issued. He
wasn’t with the company much longer after that.
When deciding who to tell about a crisis, consider the following questions:
Lastly, look for people who are on your side, or who have your back in a
crisis. You may need emotional support, and if you can rely on someone who
you need to tell, you’ll be in a good situation going forward.
Fill out the following next time you have a crisis, or as practice for the next
one:
Who is my direct boss?
___________________
Who do I report to, both directly and in a dotted-line relationship?
___________________
Who needs to react to this immediately?
__________________
Who needs to make a plan to respond? This may include:
The business or client lead
___________________
The communications or public relations people
___________________
The Legal Department or General Counsel, who may need to hire outside
counsel
___________________
The Information Technology or Information Security folks if it involves data
___________________
Who will be mad at me if I don’t tell them first, and does that matter?
___________________
Am I more likely to get into trouble if I tell the person, or fail to tell the
person, about the issue?
___________________
As for Roberta, did she do the right thing? The President of the region
complained to the executive committee that he wasn’t the first to know about
the issue, but the General Counsel and Chief Compliance Officer both pushed
back strongly in front of the CEO that compliance must be independent of the
business. She was supported by a strong tone from the top, and the President
of the region learned that his interests, while important, were secondary to her
capacity to do her job appropriately and in a transparent way.
One of your best allies in protecting your business during a crisis (and before)
is Google Alerts. If you have a Google account (this includes a Gmail
account, YouTube account, and many other Google products), you can ask
Google to send you emails when certain words or phrases come up in the
news, other media or on websites.
I recommend creating a Google Alert on your name, the company’s name,
the name of your CEO, and any other words that would alert you that the
media is talking about your company or you. If your company has had a
public scandal (or is expecting one), create a Google alert with your
company’s name and the type of scandal (e.g., AliCo. and bribery) so you are
instantly aware of when something critical hits the Internet.
You also want to monitor the conversations around your water cooler, break
room or lunch area. Be sure to casually go into the places where employees
congregate to hear what they are talking about. You may pick up valuable
information by going where the business people talk.
Whenever there is a crisis in business, the Board and executives like to find
someone to blame. Ideally the guilty party is a single individual – a “rogue
employee” who circumvented the immaculate procedures the compliance
department put into place because he or she is a BAD PERSON. Really?
Your job as the compliance officer is to get to the root cause of the problem.
Unless you understand the root cause, it is extremely hard to stop the
occurrence from happening over and over again. Is it possible that Bob in
Accounting stole because he was an alcoholic and needed the money to
support his addiction? Sure. But perhaps there is a pressure-cooker
environment in the accounts department, and lots of people there are turning
to unhealthy coping mechanisms to deal with a terrible boss. As a compliance
officer, it is your job to dig deeper and not to simply accept the party line. If
you don’t address the underlying problem, your crisis will repeat itself.
Many compliance crimes are committed by good people who let external
factors color their judgment. Common causes of compliance failures include:
Misplaced or unrealistic sales targets that cannot be achieved by ethical
means;
Unreasonable hours or working conditions, such that the employee
convinces himself/herself he or she has earned the right to steal, bribe,
or commit fraud to make more money;
A culture where winning is the only acceptable outcome;
A culture where fear, ridicule, demotion, public humiliation or firing
occur when sales goals aren’t met;
Incentives set to reward outlandish or overly competitive behavior.
If you find yourself within a crisis, see the silver lining, and ask for the
resources you need to stop it from occurring again. Talk about the need to
proactively manage risk, and bring solutions to the Board, C-suite and
General Counsel that can reduce risk and enhance culture. A little crisis can
sometimes be the best cure for compliance malaise.
My Notes and Ideas for
Implementation
________________________________________________________________________
CHAPTER 7
Moving Targets
One of the best and worst things about being a compliance officer is that the
job is never finished. There will always be new laws and regulations. Bad
regulations will be repealed, good regulations will be strengthened, and some
laws will be litigated with outcomes that force you to change your whole
program in response.
If it sometimes feels like your work is never done – that’s because your work
is never done. The Federal Sentencing Guidelines, ISO 37001 Anti-Bribery
Management Systems Standard, and other guidance anticipate a system of
monitoring, auditing and improvement. Don’t fret if your program isn’t
perfect and isn’t finished. It’s the nature of our work.
Once you’ve achieved a goal or target, it will be time to create another one.
In this way, both this book and your program’s lifecycle is a circle. You
complete one three-year plan, and then it’s time to start the next one. You
complete your year-one goals, and then it is time to start working on your
year-two goals.
When managers and power sources change, you need to observe who now
has the covert and named power, and once again figure out which of the Four
Primary Motivators will work with each person. This workbook can be used
again and again as you go through your career. If you’re assigned a new risk
area, or a new law creates a risk area for you, go back through the exercises
to ensure you have a Wildly Strategic response. Your work is never done, and
that can be a good thing! A Wildly Strategic compliance officer will always
be in demand.
I thought for a long time about a single criterion that could determine whether
a person was good or bad at the job. I finally decided the best way to
determine whether a person is a good compliance officer is whether, over
time, the business proactively comes to the compliance officer with
problems, or to ask for advice. The most successful compliance officers are
those who gain the trust of the business, and who become integral to its
operations.
Luckily for all of us, there isn’t a single good/bad barometer, and we can
always learn, grow, and become more effective. It can be helpful to ask
yourself the question: Does the business (or important members of it) come
to you to seek your advice, ask for your blessing before the project starts, or
tell you what is really going on? Then congratulations – you’re good! If
you’re finding it hard to answer the question in the affirmative – take heart!
We are all learning how to do the job more effectively. And that, by itself,
means we’re “good” and getting better.
Where you have higher numbers (fours or fives), hone those abilities even
more. And where you have lower numbers, work on building those skills and
abilities so that you can be even more effective at your job. Focus on being
strategic with your own personal and professional development, which will
help you enormously on your road to being a Wildly Effective and Strategic
Compliance Officer.
When you feel defeated, remember each tiny action in the compliance space
alters the corporate landscape in a way that is changing the world. The tiny
little actions your company takes are made in concert with the actions of
millions of other companies across the continents. Companies, NGOs, and
governments are changing the world, and you are on the front lines of this
change. It is up to you to create the mechanisms, policies, and procedures that
protect your company from prosecution, but these same mechanisms,
policies, and procedures make the world a better place to live in for millions
of people you may never meet.
Remember, always, that you’re making a difference by being on the side of
law and ethics. Connecting to your underlying mission is critical, so you can
keep going during the hard times.
Every Battle Is Won Before It Is Fought