12 Key Insights for Today’s Chief Compliance Officer August 2016
Introduction Hindsight vs. insight. Which one is more valuable? For today’s rapidly changing regulatory environment, chief compliance officers are front and center in facing the challenges of the past, present and future. However, as most will agree, it’s difficult to focus on the road ahead when you’re also looking in the rear view mirror. While hindsight is the realization or understanding of the significance of events after they have occurred, insight is a capacity to gain a deep intuitive understanding, or introspection, of such events. Although both are important, for today’s chief compliance officer, one serves as a more valuable tool for effective decision making. Moreover, when you gain a new understanding of something and therefore apply it in the right situation, you make an informed decision. With hindsight, you know more about the problems you didn’t anticipate, whereas with insight, you understand not only how to avoid them in the future, but also the consequences of the decision, both good and bad. Whether you are a newly appointed CCO or a seasoned industry veteran, the following pages provide key insights for today’s chief compliance officer to help enhance the decision making process. We hope you find this informative and actionable.
Scott P. Tarra Managing Principal Financial Registrations, Inc. +1 949 338 8192 starra@financialreg.com
1. Find Your Culture of Compliance “I have a foundational belief that business results start with culture and people.” — Douglas Conan
Regardless of your industry, you will hear a lot of emphasis and focus on a “culture of compliance.” Although this might seem like the latest new catch phrase or regulatory focus, this is certainly not new. This concept has been around since the beginning. In its basic sense, it’s a firm-wide, top-down culture that emphasizes and fosters ethical behavior and decision-making at every level and in every action within an organization. A true compliance culture will generally extend beyond the boardroom to the broader employee workforce by instilling in every employee an obligation to do “what’s right.” In short, this is a mind-set that moves beyond basic compliance to integrity. Carefully planned steps taken now to embed compliance, emphasizing integrity and purpose with every action, will ultimately accelerate the adoption of a compliance culture throughout the organization. There is a culture of compliance within every organization, to some degree, and it’s up to each of you to find the one that best aligns with your values and integrity and then strive to make it better.
2. First Build, Then Guard Your Reputation “It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently.” —Warren Buffett
As this industry pushes its way toward transparency at all levels, both your achievements and your indiscretions are on full display. That means that as a CCO, you must devote special attention to cultivating and protecting your reputation with the utmost importance. When discussing a culture of compliance, it’s important to put this into proper context in that a sense of doing “what’s right” doesn’t start with the organization, its starts within each of you as individuals who ultimately make up an organization. It’s about focusing on integrity-driven people with the understanding that each individual is a valued partner in an organization’s success. So choose to affiliate with an organization that best aligns with your internal values and you will be part of a winning team every time. As a CCO, you may be drawn to the challenges of “fixing” an organization with a history of infractions or one that lacks an ingrained compliance culture, but try to resist at all costs. There is no greater risk than affiliating with an organization that doesn’t share or support your values and integrity. In the end, these challenges may result in a Pyrrhic victory where short term gains may ultimately come at the cost of your reputation. Although each of you as CCOs are perceived to be part “change agents” within the organization, you still need the support of management and a true “tone at the top” approach to effect positive change within any organization.
3. Adapt to the Changing Role of the Modern CCO “If you don’t like change, you’re going to like irrelevance even less.” — General Eric Shinseki
As CCOs, you will bear witness to a sea of incessant changes in the regulatory environment to which your success will be partly attributed to your ability to stay on top of current regulatory matters and anticipate what’s around the corner. Because of this dynamic nature, the role of the CCO is also changing. CCOs of the past can no longer rely solely on their technical knowledge. There is new recognition that the compliance function needs an increasingly diverse set of skills to meet its broad objectives. In addition to deep technical knowledge, CCOs need other skills including audit and internal control experience, forensic skills, risk management expertise, financial and accounting skills and IT knowledge. The rapidly evolving role of the CCO is transitioning from a technical role to that of an efficiency expert and skilled counselor where the emphasis is on controlling costs, improving operational efficiencies and educating staff on both regulatory and firm-level compliance initiatives. To be effective in today’s environment, this new breed of CCO must have a culmination of talent and skill to act as part operations expert, trusted advisor, enforcer, educator, policy maker, and manager of risk. Ultimately, today’s CCO must be effective and efficient in formulating, planning and executing processes that improve the responsiveness, adaptability and effectiveness of an organization’s compliance program that will ultimately drive overall business performance.
4. Learn to Manage Moving Goal Posts “Change almost never fails because it's too early. It almost always fails because it's too late.� — Seth Godin
Similar to ongoing change, as CCOs, you will be expected to manage the internal goals and objectives of the compliance function set by management along with the external goals set by the regulatory environment. However, the goals and objectives are not always clear and often combined with changing managerial and regulatory expectations. In most cases, the goal posts are constantly moving and how you prepare and respond to the challenges of achieving compliance with those expectations will be critical to your success. To be effective, you should have clearly defined goals and objectives that establish your role within the overall governance structures of the organization, reflecting a more granular approach to managing regulatory and reputation risk. This means that your role and objectives need to be carefully calibrated with those of other departments to improve operational processes wherever possible. The calibration should reflect the extent to which a compliance culture is embedded within the organization and its ongoing efforts to promote such as environment.
5. Foster Collaboration over Competition “Learning to collaborate is part of equipping yourself for effectiveness, problem solving, innovation and life-long learning in an ever-changing networked economy.� —Don Tapscott
Each of you should strive to make compliance collaborative not competitive. In other words, each of you as individuals, and the industry as a whole, stand to benefit from the shared knowledge and insights in the compliance community. Constantly build on your foundation of knowledge, improve your skill-set and perfect your craft. Join industry related associations, attend conferences and seminars, engage with industry consultants and network with likeminded peers progressively building the necessary competences, as the roles and responsibilities of the compliance function evolve. The financial services industry is a relatively small world and the more connected you are, both formally and informally, the more you stand at an advantage from the collective knowledge share of your network. Learn, share and grow as an individual and as a community.
6. Learn to Effectively Interpret Data of All Sizes “You can use all the quantitative data you can get, but you still have to distrust it and use your own intelligence and judgment.” —Alvin Toffler
As the saying goes, “little threads make big patterns. You’ll miss both if look only at the loom.” Simply put, to be a successful CCO, you will need be an effective interpreter of data of all sizes. As CCOs, you need to gather information from both "detail" and "big picture" perspectives in order to fully understand the risks at hand and the risks that lie ahead. Like a puzzle, you don't get the whole picture until you have all the pieces. As an interpreter of data big and small, you must have the ability to see through the veil of what would be normally viewed as “business as usual” to see fact patterns, recognize inconsistencies and identify outlier activities to help you effectively manage risk.
7. Know Your Value within the Organization “Personal value is the kind of value we receive from being active instead of passive, creative instead of consumptive.” —Clay Shirky
As CCOs, you are the compliance leaders within your organization and on similar ground to those in other C-level positions such as the CEO, COO, CFO, CTO, etc. You are held equally accountable and responsible for your actions and the overall compliance function so your role is an important one and critical to an organization’s success. In some cases, you may find that you bear more responsibility than your C-level peers in when it comes to moments of crisis, and there is no other role an organization will lean on more for guidance in a moment of crisis than the CCO. Remember that with greater risk and responsibility comes greater reward. Therefore, it’s important that each of you as CCOs understand the value you bring to an organization and are rewarded accordingly.
8. Focus on Customized Solutions “Just because it suits someone else doesn't mean it will suit you as well. Tailors were made for a reason.” —Goitsemang Mvula
Compliance is not a “one-size-fits-all” solution. In other words, there is no standardized compliance program that fits the needs of every organization. This means that as a CCO, you will be in charge of designing, implementing and overseeing a compliance system based upon your organization’s own business operations, complexity, size, structure, customer base, product mix, geographic location, and other relevant factors. You will need to analyze both internal and external forces that affect the compliance role and discover new ways on how you can improve on such a system. This will require you to draw from both intellectual and creative strengths to come up with the right solutions to meet your organization’s specific needs.
9. Embrace the Digital Age with Human Touch “Man is a slow, sloppy, and brilliant thinker; computers are fast, accurate, and stupid.� —John Pfeiffer
The use of technology can be a key enabler to supporting the compliance role and managing compliance risk within the organization. With the rapid increase in the use of technology in business, CCOs are forced to become part technology expert in that you must know the various types of new and existing technology available, what types of technology work best for your organization and how to implement such technology to improve your current operations. As you look to the future of technology to improve the efficacy of the compliance function, remember that it has its limitations. In other words, compliance technology is tremendously useful but should serve more to complement the existing compliance function rather than as a cure-all solution. Technology must serve a unique purpose within the organization and ultimately prove its worth in operational efficiency, costs or both. Technology by itself is only part of the solution. For every technology system, there is an experienced and skilled staff behind the scenes managing, reviewing and analyzing the data. Blending the use of technology with skilled insight may prove to be the best solution for improving the compliance function.
10. Make Compliance the Agenda “Once you articulate an agenda, you have to follow it.” —Brian Mulroney
Compliance cannot afford to be an afterthought. Now more than the ever, the old, reactive ways of managing compliance functions will leave a firm exposed to greater regulatory and/or reputational risk than its forward-thinking competitors. The changing environment will mean more, and more demanding, expectations on compliance functions from management and supervisors alike. As a CCO, you must seize the opportunity to influence those expectations proactively. Ultimately, compliance is most useful when both proactive and reactive such as helping to ensure that new business is compliant as well as monitoring existing business. Although the right balance needs to be struck between the two roles within the organizational, business and cultural context, strive for proactive measures over reactive solutions in your efforts to strengthen your compliance program. Don’t wait for a problem to arise. Leverage your experience while remaining both inquisitive and intuitive to anticipate and foresee risk on the horizon.
11. Document Your Actions to Tell a Story “Act as if what you do makes a difference. It does.” —William James
Documentary evidence is key. As a CCO, you must document your actions and maintain your records as if you’re telling a story. You should be evidencing and maintaining you records in such a way that, upon request, the display of those records should be able to detail your supervisory processes in terms of who is conducting the supervision, what task or action is being supervised and how such supervision is evidenced You may have an effective compliance program, but if you’re not maintaining documentary evidence of your supervisory processes, you’re missing a major part of the story—the story itself. One of the most important steps you can take to substantiate your actions and defend your position in any disputation is to document your actions. It’s worth noting that cases are won and lost on documentary evidence alone so make it a firm-wide priority within your organization.
12. Strike the Right Balance within your Role “Don't confuse symmetry with balance.” —Tom Robbins
As a CCO, your trust and credibility is critically important in your ability to influence corporate decisions, implement policy and effectively manage the compliance program. A key goal must be to strike the right balance between compliance’s “police officer” and “counselor” roles, against the backdrop of the compliance culture within the organization. Your ability to create the right balance between these roles will largely depend on the level of trust generated within the organization. When building trust, some of the more effective qualities in a CCO seem to be the ability to engender respect in the business, personal integrity, discretion, fairness and independence of judgement. Given these qualities, the principal prerequisite for engendering trust is pragmatism - the ability to find appropriate and timely solutions to an organization’s compliance needs. To be pragmatic, CCOs need to focus on the competitive challenges faced today in the context of past and current compliant performance and future regulatory requirements. As the organization progressively manifests the right behavior, the need for the compliance function to reactively enforce its activities through the police officer role diminishes, and the proactive role of the counselor comes more to the forefront. This process will ultimately transition an organization from simply “achieving” to “sustaining” the compliance.
Join the Conversation.
Online #CCOinsights www.financialregistrations.com
www.financialregistrations.com/thought‐leadership/
Financial Registrations, Inc. is a compliance management consulting firm providing registration, enterprise compliance and risk management solutions to the financial services industry. We specialize in providing customized compliance solutions to FINRA member broker/dealers and SEC and State registered investment advisers. With former securities regulators and industry professionals on staff, we offer a full array of talent and experience necessary for handling the most recent and complex compliance issues facing the financial services industry. For more information on this topic or other compliance related matters, please contact: Scott P. Tarra Managing Principal starra@financialreg.com
Financial Registrations, Inc. 25602 Alicia Parkway #107 Laguna Hills, CA 92653 www.financialregistrations.com
Toll-free (800) 641-1818 Direct (949) 770-6154 Fax (949) 770-6198