The ComplySci Summit 2019, held on September 9, 2019 in New York, offered attendees many vital insights and practical takeaways to help strengthen their firms’ compliance programs. Designed for Chief Compliance Officers (CCOs), other firm executives with risk management responsibility, and compliance team members, the one-day summit addressed integrity and the compliance function, compliance technology, and culture of compliance.
One highlight of the Summit was the “CCO Panel,” which featured five highly experienced and well-respected compliance professionals sharing their experiences and insights gained from facing and overcoming numerous regulatory challenges in their respective roles. Moderated by Scott Louis Weber, Partner, DLA Piper, the panel was rounded out by Helene Glotzer, CCO Bridgewater Associates; Gwen Reinke, CCO, Vista Equity Partners; Mathew Watkins, Deputy CCO, KKR; and Lauri Scoran, Managing Director and CCO, Jefferies LLC.
Below, you can further explore into insights of the panelists’ responses, views, and opinions on key issues CCOs face every day.
What it Takes to be a Successful CCO
When asked to reflect on their careers and identify the most important skills and traits shared by effective CCOs, there were several common themes.
Understanding employees’ challenges is critical. Without taking that step, the panelists affirmed how difficult it can be to tailor solutions to address problems before they grow into bigger issues. At the same time, CCOs need to know what resources are available to help them meet the compliance mandate and use those resources wisely.
Matching big-picture risks with creative solutions, such as using internal and external consultants, technology platforms, and outsourcing, can help compliance professionals better identify and mitigate risk.
The panel also unanimously agreed that implementing technology that uses automation and machine learning can also help CCOs stretch their resources. RegTech, in particular, provides metrics designed to help CCOs make more strategic decisions. Technology is a must-have resource for certain types of risks, however, successful CCOs understand that technology is not designed to replace human compliance staffers. Instead, RegTech solutions should create efficiencies and allow firms to deploy human capital more effectively and efficiently.
CCOs’ Biggest Worries
Panelists were also asked what keeps them up at night.
The responses shared one clear theme: even the most seasoned compliance professional worries about emerging risks and threats. More concerning than known threats is the idea that there are risks no one sees coming and therefore can’t be addressed appropriately. It’s difficult to effectively stave off risks one cannot predict.
Specific areas of concern shared by the panel included misappropriation of funds, reputational harm to the firm and its leaders, third-party provider risk, UK and EU regulations affecting US-based firms, and IT-related risks including the threat of data loss, social engineering, and of course, cybersecurity threats.
Changing regulations is also an area of concern for CCOs, along with worries about whether the firm will have the resources it needs to meet the regulatory compliance challenges of both today and tomorrow. Ultimately, CCOs must find ways to manage a variety of potential threats and implement solutions that give them some peace of mind knowing they’ve covered their bases.
The Evolution of the CCO Role
Over the past decade, the role of the CCO has evolved. CCOs are increasingly asked to do more with fewer resources. They must do this while somehow managing to devote enough time and energy to staying atop of industry events and regulatory news that could impact their firms’ risks.
Developing and building relationships with staff throughout the firm, knowing key employees and managers and talking to staff frequently has helped many CCOs strengthen compliance effectiveness in their firms.
CCOs on our panel also discussed how the specter of CCO personal liability impacts their daily activities. Panelists admitted that compliance and liability risk can be a balancing act. It’s important for compliance professionals to be committed to ensuring compliance while at the same time having confidence in their efforts so they don’t have to worry endlessly about being held responsible for a failure.
Having a clear roadmap of where the firm is going, and being connected to the rest of the firm, can help tremendously. Other stakeholders should be committed to the firm’s compliance program – even if they don’t have direct responsibility for it. Spreading responsibility across the firm and operating by consensus can help ensure no single person bears all the potential liability or takes all the risk.
CCOs’ Views on Compliance Culture
When asked to share what the phrase “culture of compliance” meant to them, our panelists felt strongly that compliance should come from the top of the organization and flow throughout the firm. Communications about regulatory requirements should not be limited to the compliance department alone. CCOs in organizations that have strong cultures of compliance have been able to build trust so that employees feel comfortable coming to the compliance department with problems; that trust is often built on a strong foundation of communication.
Ultimately, senior managers need to understand where the CCO fits into the organization. CCOs work for the company, the board, clients, and employees and are ultimately fiduciaries for the firm’s clients. While CCOs need to build and maintain working relationships with the rest of the company, it’s important not to become a “rubber stamp,” signing off on everything. Taking a thoughtful approach allows CCOs to give advice freely to the advisory board or committee and can strengthen the firm’s compliance culture.
Introducing Compliance to New Employees
As the session wound to a close, the CCOs on our panel shared their thoughts about how to best introduce compliance to new employees at their firms.
The panelists agreed that including compliance training early – from the very first day of work – can set the stage for a strong, positive relationship between the employee and the compliance department. It’s also important for initial compliance messaging to involve and introduce the entire compliance team.
While specific elements of firms’ compliance training programs are product- and service-specific, there were common themes shared across firms with successful compliance programs. These include emphasizing a sense of urgency, clearly explaining what employees’ individual compliance obligations and expectations are, and making “integrity” a focal point, emphasizing when employees should walk away from certain situations or activities. Employees should also be coached to understand where their biggest risks lie, and how to address them.
Finally, showing real-life examples of situations where firms or personnel encountered compliance issues and/or regulatory scrutiny, and providing examples of ways such issues could have been avoided, can also be impactful on new employees. While there is not a definitive guidebook on how to be an effective CCO, compliance professionals can learn a lot from their peers.