When a crisis strikes, like the COVID-19 outbreak, risk and compliance issues can become aggravated, making effective risk and compliance management even more important, making the chief compliance officer’s or the CCOs’ role supreme.
Today, the CCO is a vital member of the C-suite, charged with turning the compliance function into a dynamic, proactive force that safeguards the organisation and its reputation in an increasingly challenging environment.
A recent Gartner report states, as demands on the compliance function grow more intense, CCOs must proactively embrace new leadership responsibilities for their role and reposition how their function is thought of among stakeholders. However the analyst firm also said that CCOs must embrace new leadership responsibilities and rethink extent of mandate to be effective.
In recent months, organizations across the globe are increasingly dealing with a diverse set of risks and opportunities including environmental, social and governance reporting, return to workplace initiatives, third-party risk management, and privacy-related issues, among others.
In India too, as per the new IT rules, the government has made it mandatory for social media and digital companies to appoint a Chief Compliance Office to drive a strong “culture of compliance”. In December last year, the Reserve Bank of India also emphasized on the importance of having compliance officer and said the CCO should help the banks develop and maintain a quality assurance and improvement program covering all aspects of the compliance functions.
“CCOs face an overwhelming set of risk responsibilities at a time when many organizations’ cultures have been stressed or entirely uprooted,” says Brian Lee, managing vice president in the Gartner Legal & Compliance practice.
He adds, “This moment requires that CCOs consider the roles they play within the organization and the robustness with which they carry out these duties.”
Gartner has developed some working models that will help the CCO assertively expand how their function is thought of by stakeholders and business leaders, including acting as a strategic business advisor and championing the use of analytics to better manage new layers of risk.
New Framework for Effective CCOs
To help CCOs better visualize the key postures needed to carry out their roles effectively, Gartner developed a framework featuring four working models that allow CCOs to best support business priorities. By embracing and balancing the following working models, CCOs can proactively shape the course of how the business views and manages risks and align the CCO role more closely with key business initiatives. Gartner’s working models for the CCO role include:
Strategic Business Advisor – These CCOs provide compliance advice that influences and strengthens an organization’s strategic direction. They seek out a clear understanding of business objectives, advise leadership on compliance risks associated with business growth and provide objectives-driven guidance that can influence an organization’s strategic direction. They are most needed in companies that are rapidly changing, entering new markets, or undergoing a digital transformation.
Culture and Ethics Steward – These CCOs promote a strong corporate compliance culture to build shared accountability and influence business outcomes. Specifically, they focus on reinforcing the organization’s culture in a changing environment and create policies and communications that maximize transparency and minimize employee misconduct. They are most needed in companies that are changing rapidly, including those companies moving to a hybrid work environment.
Tech and Analytics Champion – These CCOs support technology initiatives to improve risk mitigation outcomes and functional effectiveness and promote technical skills development function-wide. They utilize analytics, automation, and artificial intelligence (AI) to augment the capabilities of their resource-pressed staff. They are most needed in companies that rely upon data to understand potential risk trends and implement integrated risk management initiatives.
Aligned Assurance Forger – These CCOs establish strong partnerships throughout assurance functions with clearly enumerated risk ownership, accountability, and reporting roles. They address concerns related to unaligned assurance and allow for a comprehensive view of risks that threaten the organization, offer better assurance by minimizing redundancies and provide a unified assurance voice to the board. They are most needed in companies that have siloed functions that run multiple risk assessments and reports.
Expanding Compliance Mandate
Gartner data shows that 44% of compliance teams primarily own third-party risk management, while more than two-thirds own or participate in privacy activities.
Meanwhile, 86% of business leaders still expect CCOs to drive a strong “culture of compliance” at a time when hybrid and remote work policies present obstacles for maintaining an organization’s cultural norms. Against this challenging backdrop, the cost for non-compliance continues to increase, with regulatory fines for data privacy and workplace safety violations especially prominent.
“CCOs today can become overwhelmed simply from following their basic program management obligations,” says Lee.
“To be effective and gain the necessary influence to accomplish their goals, CCOs need to spend more time advising business leaders and aligning their guidance to the business’ strategic objectives, including the compliance risks associated with top growth initiatives,” he mentions.