It is hard to follow all the news, events and political trends across the globe. To the regular observer, the ability to identify, measure and respond to evolving risks has become more chaotic and near impossible. Risks are multiplying exponentially — it can be overwhelming.
In the end, however, ethics and compliance professionals (“E&C officers,” Chief Compliance Officers (“CCOs”),” and “compliance professionals”) have several strengths that put them in the perfect position to tackle the new, evolving risk environment.
As I have written before, ethics and compliance professionals are “experts” or subject-matter-experts (“SMEs”) when it comes to identifying risks, and most importantly, ranking risks within a consistent, analytical framework. That does not mean that compliance professionals will eliminate risks or mitigate them to the point where they are non-existent.
In fact, ethics and compliance professionals are able to rank and evaluate risks in order to respond by allocating a fixed set of resources to mitigate those risks. In other words, ethics and compliance professionals are SMEs when it comes to cost-benefit analysis. As SMEs, they are able to design a plan to respond to a particular risk profile that makes the most efficient use of limited resources. (I know, I sound like I am a micro-economist).
As part of this effort, we can assume that ethics and compliance professionals know how to identify risks, update a risk assessment, and respond to new and evolving risks. In order to execute these responsibilities, ethics and compliance professionals have to establish and maintain a fundamental requirement — line-of-sight across the organization.
Assuming that the chief compliance officer has the required independence, authority and resources, the CCO should be a member of the C-Suite. By that, I mean they are involved in all senior management activities, including senior executive team meetings. In this situation, the CCO will have what is referred to as “line-of-sight” across the organization, meaning that the CCO will have the ability to observe and learn about the activities of every component of the organization — finance, sales and business development, security, information technology, legal, audit, procurement, human resources, just to name a few.
With this essential position, a CCO can effectively learn of ongoing and planned activities and identify potential risks from existing and planned strategies and plans. By placing the CCO in the C-Suite, the organization has the opportunity to ensure that risks are identified, that information is shared across the various functions, and that the CCO can maintain an accurate risk profile to govern risk mitigation activities.
Frankly, in the absence of such a structure, the CCO will be blinded to the fundamental operations and risks facing the organization. Of course, the CCO will manage those risks that can be identified with this limited perspective, but the CCO will be hindered, by definition, from executing the CCO’s responsibilities.
By pointing out the importance of the organization’s structure to the compliance function, I do not mean to narrowly argue that structure is everything. in fact, my position is that the CCO’s position relative to others in the organization is essential to an effective ethics and compliance program.