HOME
/
GUIDES
/
What Makes a Good Compliance Leader vs. a Bad Compliance Leader

What Makes a Good Compliance Leader vs. a Bad Compliance Leader

January 19, 2023
Updated:
January 19, 2023
Download as pdf
Table of Contents
Table of Contents
What’s your current focus, and where would you like to see yourself professionally in 18 months?

Introduction

Fifteen years ago, Ben Horowitz rocked the business world with his groundbreaking essay called Good Product Manager/Bad Product Manager. The piece became a mainstay at business schools and marketing courses, clarifying for everyone what traits and skills it takes to be a good product manager. Although a disclaimer currently appears on his website questioning the relevance of this article today, we at anecdotes feel the piece is very relevant. So relevant in fact, that we’ve applied its principles to our own industry and collected feedback from Compliance professionals about their takes on what makes a good Compliance leader. The below is our findings, adapted with thanks to Horowitz…

In some cases, the saying, “If it looks like a duck, swims like a duck, and quacks like a duck, it is a duck” is inaccurate. Compliance leaders are one of those cases. They may have similar backgrounds, act alike, and use the same terminology, but they are certainly not all alike. There are good Compliance leaders, and there are bad Compliance leaders.

Taking Ownership vs. Making Excuses

Good Compliance leaders take ownership of the entire Compliance process. They set clear expectations. They make sure everyone on the team understands that Compliance is a puzzle and that even the smallest piece is critical for completing the picture. They foster a sense of accountability, making sure that like every member of the organization, they too have a part in keeping the business running. They take full responsibility for the Compliance roadmap (no excuses).

{{good-bad-1="/guides-comp"}}

Bad Compliance leaders make lots of excuses. They do a lot of explaining and blaming. They take a reactive stance and say, “The audit didn’t go well, someone messed up,” and try to explain why. Not enough funding, the control owner wouldn’t respond, COVID happened. They schedule lots of meetings. They dwell on the past. What we could have done. Good Compliance leaders learn from the past, they look to the future.

Thinking Strategically vs. Thinking Short Term

Good Compliance leaders see the bigger picture. They consider the long-term. They think strategically and continuously. They ensure all stakeholders understand WHY Compliance is vital for the business. They proactively talk to the organization about something they care about -- risk. Good Compliance leaders talk about business risks in a language that control and risk owners understand: data breaches, loss of business opportunity, reputational damage.

{{good-bad-2="/guides-comp"}}

Bad Compliance leaders think in terms of the next audit. They focus on the WHAT and the HOW. They focus on tasks and evidence. Topics that are granular and tactical, that only check a box to help pass the upcoming audit. They think of their work as a game of Whack-a-Mole – constantly putting out fires and never taking a holistic view of the organization. Their work cycle is a wave. It is either, “Oh, good! The audit is over, time to chill,” or “Oh, no! The audit is coming, we need to rush.”

Building Relationships vs. Antagonising

{{good-bad-3="/guides-comp"}}

Good Compliance leaders build relationships, understand other teams, and study the business roadmap. They relate positively and effectively to a broad group of stakeholders and address their concerns. Bad Compliance leaders show up twice a year and say, “Hey, we need evidence, this is a priority, and I'll get you in trouble if you don't do it.” Bad Compliance leaders create friction and are the people everyone avoids.

Good Compliance leaders are excellent communicators. They paint a vision of where we should be, even if we need to take incremental steps to get there. They work backward and use the WHY to make tough decisions. Bad Compliance leaders talk at people and use confusing jargon. They speak vaguely about tactical missteps.

{{good-bad-4="/guides-comp"}}

Asking Questions vs. Jumping to Conclusions

{{good-bad-5="/guides-comp"}}

Good Compliance leaders understand that they may be causing others pain. They have a mechanism to measure pain levels. They ask questions. They actively listen. They send surveys. Bad Compliance leaders are out of touch. They don’t understand why their activities aren’t the top priority. They act impulsively. They trust what they overheard in the hallway. Good Compliance leaders function as business-enablers, allowing other departments to focus their attention on the task at hand. Bad Compliance leaders are a burden, allowing Compliance pitfalls to block business expansion.

{{good-bad-6="/guides-comp"}}

Good Compliance leaders recognize that while fraud exists, most Compliance errors are mistakes, misconfigurations, lack of data, or simply a misunderstanding of what evidence is needed to prove a particular outcome. Bad Compliance leaders play Gotcha! They don’t trust their teams and look for flaws. They think like an auditor and try to poke holes in every fact.

Good Compliance leaders know how to use data to their advantage. They use data-driven signals to find trends, anticipate problems, and provide the business with insights. Bad Compliance leaders think only in terms of pass or fail. Good Compliance leaders use data to create predictability. Bad Compliance leaders are surprised by outcomes.

{{good-bad-7="/guides-comp"}}

Using Data vs. Ticking Boxes

{{good-bad-8="/guides-comp"}}

Good Compliance leaders filter the data by risk level to help prioritize what needs to be done. Bad Compliance leaders email a spreadsheet of 200 required actions with no context or priority levels. Good Compliance leaders make sure that if someone can only do one thing today, they know exactly what that one thing should be.

Good Compliance leaders are curious about how to apply their understanding to a specific technology. They want to research and use the available technologies to improve their processes. Bad Compliance leaders expect you to fit your data perfectly into the box; if it doesn't fit, you fail.

Bottom line

Yes, there are good Compliance leaders and bad Compliance leaders. But ALL Compliance leaders agree that as companies grow, more is required; more frameworks, more controls, more evidence, more SaaS tools and cloud environments, and better overall security and Compliance maturity. To scale Compliance through these periods of growth and beyond, and transform it from a blockage into a business driver, companies need to take strategic steps to achieve true and lasting Compliance maturity.

{{good-bad-9="/guides-comp"}}

Download as pdf
Link 1
Link 1
Link 1
Go Where Compliance Works
Get a Demo
Contact us
Platform
Solutions
Resources
Company
Partners
We take security
compliance seriously.
© All rights reserved to Anecdotes A.I Ltd, 2024
SitemapPrivacy PolicyTerms of UseReport Breach