Before addressing the issue of knowledge and skills that compliance officers need to have in order to do their job properly, as well as the responsibilities they have within an organization, we will give a short historical overview of the development of the compliance profession.
We can say that the concept of compliance refers to observance of the valid rules, laws and standards or the process within which this is achieved. Translation into other languages is often inadequate, i.e. it does not give the full meaning of this word. The compliance profession emerged during the 90s of the 20th century as a response to big scandals that shook the USA, such as the scandal of the procurement of a USD 400 hammer and USD 600 toilet seats by the Department of Defense in the 80s. A growing number of corporate scandals and the fact that punishment for organizations was inconsistent (different punishment for the same offences) were the reason that the US Sentencing Commission created the first Federal Sentencing Guidelines for Organizations in 1991, introducing a possibility of lenient punishment for organizations that had “efficient” Compliance and Ethics Programs in place at the time when the offense was committed. This opened up space or positions for persons whose duty it was going to be to develop and implement compliance programs in organizations – compliance officers. With the burgeoning corporate scandals around the world in the early 2000s (Enron, Siemens, Avon, WolksWagen, etc.), the compliance profession developed more and more.
The mentioned scandals resulted not only in big financial losses but also in considerable regulatory punishment, damaged reputation and even in disappearance of some companies (such as Enron), so a systemic approach to prevention, detection and resolution of irregularities within an organization became a necessity. And this, in a nutshell, is what compliance officers in organizations do – create programs that effectively:
• Assessing the risk and implementing risk management measures. Risk assessment is a starting point for planning annual compliance activities within a Compliance Program. As financial and human resources that the compliance officer has available are limited, it is essential to identify where the greatest risks for the organization are so that resources can be channeled in the best possible way and the best possible results can be achieved.
• Defining the rules of the game! Policies and procedures are adopted by the management, but the CO must ensure compliance and inclusion of integrity principles into business operations.
• Educating, advising, informing and communicating. Understanding the rules and procedures by the employees is key to achieving harmonious conduct of the employees, and therefore, education is one of the CO’s key activities. COs also advise employees in case of doubts or dilemmas and continually communicate values, rules and relevant information to the employees.
• Ensuring consistent punishment for individuals who breach the regulations and rules (disciplinary measures) – Although disciplinary action is a responsibility of the management (CEO in cooperation with the Legal Department or HR), the CO has an obligation to monitor how each individual case of irregularity ends and detect any inconsistencies in this process, because double standards in the implementation of disciplinary action is one of the greatest causes for employees’ mistrust and absence of their acceptance of compliance activities.
• Filling “loopholes” in the processes – ensuring that the same mistakes do not happen again. When it is determined that a certain problem or irregularity occurred on account of a system defect (e.g. the process was not defined well or fully), the CO will instruct the relevant departments to take corrective action – to intervene in the relevant processes by defining the process or responsibilities of certain actors more clearly, introduce compliance controls, etc.
• Participating in crisis management. Sometimes the faults that happen are extensive and important for the organization and as such pose a considerable risk for the reputation or the organization. In this case, it is necessary to define a strategy for crisis communication and management. The CO is one of the actors who should be involved in this process.
• Monitoring the compliance process and implementing second level compliance controls
• Communicating with employees, direct or through irregularity reporting channels
• Investigating irregularities (investigation of one irregularity often reveals other irregularities)
• Implementing compliance risk assessments – Apart from indicating the risks the organization is faced with, implementation of risk assessment can indicate quite often existence of potential irregularities.
• Implementing compliance audits (compliance audits are carried out by third independent parties, in order to ensure independence of the assessment of program effectiveness and also they can be a source of knowledge about potential irregularities).
In order to carry out these activities systematically, and in order to plan the assets and time required for the implementation of the activities, the COs define annual plans and compliance activities to be implemented within the framework of the Compliance Program, and these are approved by the organization.
It is very important to understand that everybody in the organization is responsible for compliance with the regulations and rules, but not everybody in the organization can be responsible for the organization’s ethics and compliance program. As Roy Snell, former CEO of SCCE and HCCA, said: “If everybody is responsible, nobody is responsible”. So, everybody in the organization has an obligation to abide by the rules, report every violation of the rules and implement concrete compliance activities within their domains of work, but it is the CO that is responsible for creating ethics & compliance programs and monitor compliance of the organization and the employees with the established norms.
It is important to understand that it is the top management (CEO or Board of Directors) that has the ultimate responsibility for the conduct of the organization. The management manages the company and makes decisions related to the company, while the CO advises the management with regard to compliance, action in cases of identified irregularities, defining corrective action, education, communication with the public in case of a reputation risk, etc. The role of the CO is to provide to the management all relevant information for decision-making, including risk assessment in case of making certain decisions, but the final decision is always made by the management.
Compliance officers help the organization to follow the established rules, in the manner described above. Therefore, it is very important for them to have the support of the top management so that they can achieve the best possible results in their work of protecting the company from financial, reputational and regulatory risks.
These are the basic preconditions required for adequate work of compliance officers, i.e. compliance teams:
1. Appointment by the chief administrative body of the organization
CO answers to and has a direct communication with the chief administrative body of the organization
CO must have a high level of independence in work in order to be able to identify irregularities without fear from retribution or conflict of interest.
3. Inclusion - Seat at the Table
CO must be familiar with all regular activities of the organization in order to be able to build the ethical culture advancing the general goals of business.
CO must have such powers as can ensure that his or her decisions and recommendations are taken seriously and are implemented or addressed at all levels of the organization.
CO should have financial and human resources available so that he or she can effectively promote the standards, educate employees and respond in a timely manner to potential violation of rules.
Keith Darcy, executive director of the Ethics & Compliance Officers Association, says that the most important skills of a CO include leadership, writing, public speaking, ethical decision-making, communications and training and instructional design.
From tasks and duties of Compliance Officer that are presented above, it is evident what kind of knowledge and skills CO needs to have. In order to present in more detail the varieties of knowledge and skills required for the compliance function, we used the data of the USA Bureau of Labor Statistics. According to the data, “Compliance officers need many skills, but most especially Active Listening and Reading Comprehension. The revealed comparative advantage (RCA) shows that Compliance officers need more than the average amount of Social Perceptiveness, Writing, and Speaking.”
According to the data, the following skills are most important (see the picture):
- Complex problem solving skills
- Content (Science, Mathematics, Speaking, Writing, Active Listening, Reading Comprehension)
- Process (Monitoring, Learning strategies, Active learning, Critical Thinking)
- Resource Management Skills
- Social Skills (Negotiation, Persuasion, Social Perceptiveness, etc.)
- System skills (System analysis, judgment and decision making)
- Technical Skills
It is clear that all the enumerated skills cannot be found in one person, therefore, companies most often create teams consisting of professionals with various skills, depending on the organization’s size and needs. It is important to bear in mind that social and organizational skills of COs are key to their roles in the organization, as well as the individual’s integrity, which is one of the key features of a person who performs the function of a compliance officer. In case of a need for specific technical expertise, the organization may hire external experts.
The data on the CO’s education profile show that the highest number of COs has qualifications in the field of business, then social sciences, biology, protective services, etc. It is interesting to note that less than 1% of COs has a legal education background. In societies with predominant regulatory compliance, such as the Western Balkans, a large number of COs have a legal background. The education background of compliance officers also depends on the industry in which a company operates, since the knowledge of indutry regulations is of utmost importance.
Compliance and Ethics Professionals Code
The US Society of Corporate Compliance and Ethics adopted a Compliance and Ethics Professionals (CEPs) Code guiding the performance of their professional duties. According to the Code, CEPs have an obligation towards: the public, the organization for which they work and the profession itself. More on the obligations of CEPs according to the Code, which they need to observe in order to protect their own reputation and that of the profession, can be found here.
 The Complete Compliance and Ethics Manual. Structuring the Chief Ethics and Compliance Officer and Compliance Function for Success: Five essential features of an effective CECO position, by Donna Donna C. Boehme.
The author of the lesson: Mila Crnogorac Bajic, Senior Ethics&Compliance Consultant at Net Consulting d.o.o., Bosnia and Herzegovina