In some cases, the saying, “If it looks like a duck, swims like a duck, and quacks like a duck, it is a duck” is inaccurate. Compliance leaders are one of those cases. They may have similar backgrounds, act alike, and use the same terminology, but they are certainly not all alike. There are good Compliance officers, and there are bad Compliance officers.
In the following article, Anecdotes, experts in all things Compliance explore the qualities of a good Compliance officer.
What Makes a Good Compliance Officer?
Good Compliance officers take ownership of the entire Compliance process. They set clear expectations. They make sure everyone on the team understands that Compliance is a puzzle and that even the smallest piece is critical for completing the picture. They foster a sense of accountability, making sure that like every member of the organization, they too have a part in keeping the business running. They take full responsibility for the Compliance roadmap (no excuses).
Bad Compliance officers make lots of excuses. They do a lot of explaining and blaming. They take a reactive stance and say, “The audit didn’t go well, someone messed up,” and try to explain why. Not enough funding, the control owner wouldn’t respond, COVID happened. They schedule lots of meetings. They dwell on the past. What we could have done. Good Compliance officer skills include learning from the past and looking to the future.
Good Compliance officers see the bigger picture. They consider the long-term. They think strategically and continuously. They ensure all stakeholders understand WHY Compliance is vital for the business. They proactively talk to the organization about something they care about - risk. Good Compliance officers talk about a continuous risk management process and business risks in a language that control and risk owners understand: data breaches, loss of business opportunity, reputational damage.
Bad Compliance officers think in terms of the next audit. They focus on the WHAT and the HOW. They focus on tasks and evidence. Topics that are granular and tactical, that only check a box to help pass the upcoming audit. They think of their work as a game of Whack-a-Mole – constantly putting out fires and never taking a holistic view of the organization. Their work cycle is a wave. It is either, “Oh, good! The audit is over, time to chill,” or, “Oh, no! The audit is coming, we need to rush.”
How to be a Good Compliance Officer
Good Compliance officers build relationships, understand other teams, and study the business roadmap. They relate positively and effectively to a broad group of stakeholders and address their concerns. Bad Compliance officers show up twice a year and say, “Hey, we need evidence, this is a priority, and I'll get you in trouble if you don't do it.” Bad Compliance officers create friction and are the people everyone avoids.
Good Compliance officers are excellent communicators. They paint a vision of where we should be, even if we need to take incremental steps to get there. They work backward and use the WHY to make tough decisions. Bad Compliance officers talk at people and use confusing jargon. They speak vaguely about tactical missteps.
{{banner-image}}
Good Compliance officers understand that they may be causing others pain. They have a mechanism to measure pain levels. They ask questions. They actively listen. They send surveys. Bad Compliance officers are out of touch. They don’t understand why their activities aren’t the top priority. They act impulsively. They trust what they overheard in the hallway.
Good Compliance officers function as business-enablers, allowing other departments to focus their attention on the task at hand. Bad Compliance officers are a burden, allowing Compliance pitfalls to block business expansion.
More Qualities of a Good Compliance Officer
Good Compliance officers recognize that while fraud exists, most Compliance errors are mistakes, misconfigurations, lack of Compliance data, or simply a misunderstanding of what evidence is needed to prove a particular outcome. Bad Compliance officers play Gotcha! They don’t trust their teams so they look for flaws and try to poke holes in every fact.
Good Compliance officers know how to use data to their advantage. They use data-driven signals to find trends, anticipate problems, and provide the business with insights. Bad Compliance officers think only in terms of pass or fail. Good Compliance officers use data to create predictability. Bad Compliance officers are surprised by outcomes.
Good Compliance officers adopt a risk-based approach and filter the data by risk level to help prioritize what needs to be done. Bad Compliance officers email a spreadsheet of 200 required actions with no context or priority levels. Good Compliance officers make sure that if someone can only do one thing today, they know exactly what that one thing should be.
Good Compliance officers are curious about how to apply their understanding to a specific technology. They want to research and use the available technologies to improve their processes. Bad Compliance officers expect you to fit your data perfectly into the box; if it doesn't fit, you fail.
Want to Discover More Tips on How to be a Good Compliance Officer?
Now that you understand how important it is to be a good Compliance officer and ensure all members of the team are working with you to guarantee Compliance, download our full "Good Compliance Leader/ Bad Compliance Leader" guide for more suggestions and recommendations.
Inspired by Good Product Manager/Bad Product Manager by Ben Horowitz at a16z.com