Global chief compliance officers (CCOs) work assiduously to secure a strong, empowered position for themselves. Today let’s put the shoe on the other foot: what can a global chief compliance officer do to empower local compliance officers throughout a corporate enterprise?
CCOs should be asking these three questions — which, incidentally, should all sound familiar.
Do they have independence?
A local compliance officer in some distant operating division should answer to you, the global compliance lead, rather than to a local general counsel or operating division president. Otherwise, that local supervisor has the ability to thwart the execution of a strong compliance function.
Logically we could make this argument: The U.S. Sentencing Guidelines say the compliance officer should report directly to the organization’s highest governing authority: the board or audit committee. If your job as global CCO is to bring a complete picture of compliance activity to the board, then you need to see the complete picture below you. So local compliance officers should report to you, to provide those clear lines of sight; rather than to a local general counsel or business manager who might obscure potential trouble.
Practically, that means more than drawing a solid line on the org chart. For example, global compliance officers should have say over local compliance officers’ compensation structure, promotion paths, and access to information. You also may need to intervene with local managers who ignore or alienate local compliance officers. Which brings us to…
Do they have respect?
Inertia and disregard are powerful weapons that employees in distant operating units can wield against new programs favored by central management. Even if local compliance officers have independence from local managers, a compliance officer facing non-cooperation from colleagues still has a fierce obstacle to overcome.
That doesn’t mean the global compliance lead must demand that your local compliance officer can play on the office softball team. Rather, your job is to create a climate where ethics and compliance is taken seriously, so emissaries of the compliance function get the courtesy and respect they need to fulfill their jobs.
How do you create that supportive climate? It will often involve you working with your peers in headquarters — heads of marketing, sales, HR, customer services, and the like — to establish enterprise-wide policies that drive ethics and compliance. (Say, including compliance metrics in performance reviews.) Then those peers deliver the message to their local subordinates, working next to your local compliance officer.
Do they have resources?
Once upon a time, we might have defined “resources” as necessary computer equipment, travel budget, support staff, the passcode to the photocopier. All those elements are still critical for success. You also need to consider whether local compliance officers have access to information, perhaps the most important resource of all in modern corporate life.
Those three questions should sound familiar because they’re the same questions you, the global compliance lead, ask about your own position. Independence, respect, and resources are crucial for a compliance officer’s success no matter where he or she is perched in the corporate enterprise.
One practical point
Nobody should be surprised when a local compliance officer asks for changes to procedure and the business unit responds, “We can’t do that!” It’s a natural part of corporate life. The question is whether the business unit has a valid point — and how local compliance officers might accommodate it.
Sometimes local business units might have a point: some procedure decreed by headquarters might not comply with local law or regulation. (For example, an anti-discrimination statute might not apply in a foreign country; or local banking rules might dictate how much capital you keep in bank accounts.)
In those instances, empower the local compliance officer to focus on the substance of the policy (fair treatment of workers; prudent financial transactions) rather than the specific steps of the procedure. It’s just the sort of empowerment at the local level that, in turn, builds the strong compliance function you need, across the whole enterprise.