The portfolio of chief compliance and ethics officers is ever-expanding, growing from traditional duties like managing policies to overseeing modern issues like ESG. Gartner’s Chris Audet gives incoming compliance leaders a crash course in starting off on the right foot.
Over the past two decades, the mandate for many chief compliance and ethics officers (CCEOs) has expanded from traditional responsibilities — such as overseeing compliance training curriculum, creating policies and procedures and conducting risk assessments — into newer terrains. Third-party risk management, DEI and ESG expand the CCEO’s stakeholders from regulators to include the C-suite, the board of directors, activist consumers and employees.
New CCEOs looking to make a quick impact on corporate strategy must navigate these expansive demands amid a multipolar risk environment.
Proper preparation and assessment, planning, action, measurement and above all, communicating will be critical during the first 100 days on the job for building a solid foundation for long-term program (and career) success.
Quickly assess the current state of affairs
With a solid understanding of the organization’s business, culture and existing compliance program in hand, the first step is to evaluate current compliance elements, initiatives and structures. Avoid the temptation to solve problems or even render judgements at this stage. Rather, the chief priority should be benchmarking compliance’s functional maturity and conducting analyses that will provide insight into pressing issues and internal information that will inform the strategic plan.
- Understand stakeholder perspectives on the compliance program. Have functional leader meetings and identify how each leader feels about the current compliance program.
- Understand the compliance team’s perspectives on the compliance program. When interacting with direct reports and key team members, pay close attention to their sentiments about the current compliance program and your transition.
- Analyze program staffing and spending. Understand how compliance’s budget is allocated and request a three- to five-year dashboard of compliance spending. Conduct a benchmarking exercise to understand how current compliance spending and staffing compares to your peers. (The benchmark can also help you plan future program developments and make a budgeting case to the board.)
Whether entering a previously created compliance program or building from the ground up, assess the current state of the function and conduct a gap analysis for a robust vision of organization wide compliance performance.
Proper planning prevents poor performance
With an understanding of the current compliance program’s structure, staffing, budget and performance, develop a strategic plan that addresses any issues you have uncovered.
- Use peer data while creating your strategic plan. While building your program’s strategy, assess how your investments, activities and staff allocation compare with your peers.
- Develop metrics and create a progress tracker. Create metrics that effectively capture progress for activities in your strategic plan. Set up a progress tracker with specific milestones and accountabilities for the first 100 days to demonstrate program progress.
- Meet with key stakeholders to solicit feedback. Assess how stakeholder concerns brought up during earlier conversations are addressed by your strategic plan. Test this plan in your meetings with select stakeholders (e.g., CEO, GC) to solicit their feedback.
- Optimize cost. If you are filling an existing CCEO seat, you may face pressure from the business to optimize existing program costs. To manage this expectation, you should:
- Benchmark compliance program spending against that of peers.
- Identify where compliance can streamline its requirements through tailored training and improved controls.
- Find investment opportunities that will maintain program effectiveness while supporting business needs.
- Focus on data analysis. Data analysis is becoming increasingly important for legal and compliance risk management. More than ever before, regulators and other stakeholders have increased their attention on data informed program management. New analytics initiatives should align with strategic business goals and specific department needs.
Without execution, strategy is useless
Now it is time to deliver visible results. Monitor progress closely to ensure obstacles to execution are dealt with swiftly and continue information gathering internally to iterate the longer-term plan.
- Operationalize quick wins. Prioritize some short-term projects that address stakeholder pain points to garner goodwill and build momentum. Quick wins will look different depending on the maturity of your program.
- Get involved in existing projects. By this phase, a new CCEO should understand how compliance works at the organization, so they can add value to ongoing projects in a supporting role, not by assuming all responsibility.
- Develop a formal strategy for communicating your initiatives. As you finalize your strategic initiatives, communicate your strategy to the team, including leaders and the broader compliance team.
- Identify initiative owners. Identify which team members and stakeholders will be involved in the next strategic initiatives and set expectations for them — timelines, how success or failure will be measured, etc. Source feedback on the plan to make any necessary adjustments before you implement it.
Give initiative owners the autonomy to build their plans and ensure they have a list of decision factors for project discontinuation. These activities should build off the quick wins to establish longer-term projects.
Measure, review, refine … rinse and repeat
This is your opportunity to demonstrate the evidence of your influence and the effect of your initiatives.
- Execute postmortem reviews. When wrapping up an initiative, review the goals and outcomes with the owner. Discuss any shortcomings and opportunities to improve the process for the next initiative. Check that those involved in the initiative are producing the intended outcomes.
- Summarize outcomes and key findings. Toward the end of the first 100 days, tell the story of your project outcomes and findings to the CEO and leadership team. Provide a summary of what you learned, potential organizational and process changes and next steps.
- Refine your metrics gathering. Use the most accurate insights you can, even if some of them are anecdotal, and explain how you will refine the process of measurement in the future.
- Update and adjust your plans. After one quarter, use what you have learned about internal procedures, team capabilities and organizational dynamics to update plans and goals. Discuss them with your CEO and/or GC, particularly if you will need to modify any of your key performance metrics.
- Update your strategic plan as needs arise. Periodically revisit the overall strategic plan and adjust based on the progress of the plan and any shifts in business priorities.
- Regularly communicate with your stakeholders. Establish a reporting mechanism for your stakeholders that provides an appropriate level of detail. Communicate any plan changes to ensure continued alignment and buy-in on program activities.
- Review quick wins. Identify where quick-win projects struggled and draft a plan to improve those areas for future projects, including upskilling activities, adjusting what information is collected from stakeholders, etc.
- Promote your team’s successes. Do not count on your team’s accomplishments to filter through the organization on their own. Rather, send email updates or consider launching internal marketing campaigns to showcase some of the initiatives and successes of their owners.
The first three months as a CCEO are an opportunity to establish a solid foundation and set your tenure up for success by clarifying your role and mandate, quickly developing stakeholder relationships and developing a strategic plan with short- and long-term objectives.