What is the Role of the Compliance Officer?
A compliance professional working in China posed this question: What is the role of a compliance professional?
I answered the question in my post, The Job of a Compliance Officer is to Tell the Truth.
We exchanged emails about my post. And we discovered that while compliance professionals may live in different countries around the globe, when it comes to the challenges of the profession, we really do speak “the same language.”
The compliance professional in China has generously agreed to share his thoughtful reply to my post with FCPA Blog readers.
Please feel free to “listen in” to the conversation, and if you like, join in by email to me or to the FCPA Blog at any time.
The compliance professional in China said:
“Thank you for writing me back and your interests for further discussions.
Actually I like your blog post very much which sets out the right tone. My friends from the compliance community also read it and referred the blog to me!
Only thing is the practical world is far more complicated.
My point is that we need to define the professional standards of a CO from the legal and ethics perspective.
Many COs I know personally are upright, straightforward and fearless in telling the truth. However people have varying experiences when they do so, depending how their companies and management treat the topic.
In a worse situation where the CO's advice on critical compliance concerns is ignored, what would be the duty of the CO?
Some are brave to escalate to the top management or even to authorities. But in such situations there would be concerns 1) What if the CO's good-faith judgment is wrong since anyone could make mistakes; 2) If a CO makes a wrong judgment, the CO would violate one of the code of conduct: following the right instructions from their supervisors; 3) If a CO makes correct judgment, that would normally take years to prove in case of court procedures.
In any of the above cases, the CO would have to endure unfavorable personal results out of his/her insistence for a long time. The majority of COs would not take such risks.
Therefore the compliance industry urgently needs a widely accepted professional code to define the duties and responsibilities of COs, making sure COs can do their job with an acceptable level of risks. Without this, talented people would hesitate to enter into this job. In the long run, it would harm the whole compliance industry, especially in the corporate world.
Right now I don't see any major initiative to tackle this issue.
I hope this is helpful and I want to continue the discussions. I am based in China and if you come here, I hope to have chance to meet you. Regards.”
* * *
In my next post I'll try to answer some of the important questions raised above.
I certainly don’t have all the answers. My opinions and suggestions are just that: My opinions. They may be useful or not, but by sharing we can accomplish three things.
One, we will realize that we have problems in common because the world is changing and compliance has “gone global.”
Two, we are likely to discover better ways to solve the compliance problems that are similar even though the companies and locations are remarkably different.
Three, and most important, we can change the agenda of discussions currently going on to include issues about the compliance profession that are mainly ignored now. They really need much more attention.
We've been talking about codes of conduct for compliance officers. But let's face it. At too many companies, the true code is simple: Please Your Boss. The conflict resolution principle is Go Along to Get Along. In practice, at these companies compliance is subservient to the power and prerogatives of top management.
Said another way, compliance is useful only until it conflicts with a career-making, super profitable business strategy. Then compliance is an Inconvenient Truth to be gotten round -- and who better to reflect the unethical management culture at Irresponsible Inc than the compliance department itself? COs there know NOT to inquire about the details. If they know too much, they can't sign off. And if a problem does come up later, they want to be able say they would have opposed the plan, but on the facts given, it looked acceptable.
Or sometimes the head of compliance assigns the weakest, plodding CO to the planning committee. Outnumbered and out gunned, the Clueless CO signs off, providing the head of compliance with cover if things go badly.
Certainly not all companies operate this way. But one of the secrets of the compliance profession is the degraded state of compliance at many companies, including some that are well known. If you've worked at a corporate compliance job or have friends who do, you will recognize the situation. Sadly, it's often heads of compliance at companies like Irresponsible Inc. who rig the outcomes, and the Clueless COs, who move up the ladder past the burned out Compliance Heroes doing the real work and paying the price.
In other words, at some companies, the code is not the SCCE’s but one that's wrapped entirely in office politics.
Obviously, if you are working at Irresponsible Inc., it’s time to “vote with your feet.” And time for the profession to consider how to challenge the status quo.
The role of a good CO should be to be the corporate conscience and tell the management the truth, no matter how inconvenient that may be. Unfortunately in most Asian countries there is no protection for people who oppose The Boss. Banks that would have trouble firing anyone in their home country, "farm out" troublesome accounts to countries with no employee protection.
If the CO objects it's a matter of "go away or be shown the door".
Twice in my career I have been in a situation where the management asked for downright criminal behavior. Once the entire compliance team (including myself) left within a month, the second time the management had found a "rubber stamper" and showed me the door when I refused to cooperate and sign off on false reports.
Regulators and lawmakers should realize that without the inside support of compliance personnel, it is much harder to make sure that there are no bad apples.
Large institutions may be on the radar but it is the smaller ones that fly low and often get away with unethical or even illegal conduct. This goes especially if there are only a few compliance officers or even one single one. COs are people too and the extra stress of being threatened with their jobs doesn't make it easy to resist caving in on business demands. Protection for compliance personnel should be a top priority if you want to keep the quality high. -
This is an unfortunate reality in the life of conscientious COs. Strange that regulators, legislators and standard setters have generally side-stepped or failed to address these issues directly so as to mitigate or prevent these situations, which have become common-stance.
Sadly, COs who are faced with unreasonable demands that have underlying unethical or illegality issues may have only one viable option; that is, to walk-away!
The perpetrator may then go on to either hire or use a more compliant CO to to get their way. Almost all the financial scandals, including Libor to the recent money-laundering cases that implicated major banks have involved senior management and an ineffective and compliant compliance team.
The real issue is whether societies-at-large are willing and able to empower competent COs to do their jobs without fear or favor?!
If the answer to that is a resounding yes, then how do we go about achieving that objective, and balancing legitimate business needs, developments and operations?
Does legislation like FCPA and UKBA, and FATF Recommendations, industry best practices and so on, go far enough to induce the desired behavioral changes that domestic or global stakeholders can safely rely on?