I have often been asked about how to best staff a compliance function and what professional backgrounds and skill sets are most useful and necessary. Although compliance functions vary in structure, size, and sophistication from one company to another, I do believe there are fundamental skill sets that are essential for compliance programs to have access to in order to be credible in the company and effective at preventing and detecting misconduct.
When I served as the Compliance Counsel Expert in the Fraud Section of the U.S. Department of Justice, I was often astonished by how little compliance officers knew about their companies. These compliance officers printed policies and counted training sessions, but they did not know how policies were realistically implemented by management or whether training was at all relevant to people’s daily work.
One of the worst mistakes I have seen companies make is to hire compliance officers for their former government titles. The compliance officers who always introduce themselves with their former government titles often exhibit little desire to understand the company’s business. As one business leader once remarked to me: “These compliance officers are hired for [enforcement/regulatory agencies], not for the company.”
Tip: To bring business knowledge to compliance, some companies have programs that rotate high performers through its compliance or audit programs. Companies might also consider rotating their compliance personnel through operational and business units. If compliance is to influence colleagues’ behaviors, it’s best to have walked in their shoes.
Social and Emotional Intelligence
Compliance is a function that often has to raise delicate and controversial issues and to have uncomfortable conversations, and is often perceived as a burden to business. To overcome these challenges, it is critical for compliance professionals to know when and how to raise issues, to express empathy and understanding, to communicate clearly and effectively, and to have common sense in their approaches.
Data and Information Systems Management
Data is the foundation for compliance risk assessment, monitoring, investigation, and measurements. Effective compliance relies on effective—i.e., skillful and targeted to specific purposes—use of data. This includes skills in managing information systems: understanding where and how data is stored in the company’s various systems (e.g. accounts payable, payroll, distributor discount management, procurement), and having the ability to extract, harmonize, monitor, track, and compare these data. Tracking the right sets of data can inform measurement of the effectiveness of nearly all aspects of a compliance program as well as of return on investments made to the compliance program.
The implementation of any compliance program is about building and improving processes, thus individuals with process engineering skills are indispensable. One of my most valuable collaborators in building and running compliance programs was a colleague I jokingly called “the Process Machine.” A Six Sigma Black Belt, she could take any compliance objective and turn it into a process that was built into the company’s operations and supported by all the relevant stakeholders.
Fact Finding and Research
Although most frequently associated with internal investigations, which is a legal maneuver for the purpose of defending the company against potential enforcement or litigation, fact finding and research skills have broader applications in compliance contexts. Most importantly, fact-finding aimed at identifying root causes and system deficiencies—beyond defensive investigation—are necessary in order to remediate them. Research skills, including objective surveying, regression analysis, identifying causation and correlation, formulating hypothesis and testing with experiments, are also valuable in evaluating program effectiveness.
For businesses that operate across borders, cross-cultural experience is absolutely essential in understanding how risks and behaviors vary from one locale to another. Even for businesses that operate entirely domestically, however, it’s important to recognize that multiple cultures exist in one society, community, and company. The cultures of the United States and China differ, as do those of Massachusetts and Georgia, rural and urban environments, factory floor and headquarters offices. The experience of having lived and worked in different cultures is essential in translating compliance into different operational contexts.
Judgment and Courage
No amount of business, data, process knowledge, or social-emotional-cross-cultural intelligence is of much use to a compliance function if people in the function lacks good judgment and moral courage. All the information collected through data and human intelligence is just that: information. To act upon information requires sound judgment and, sometimes, courage to speak truth to power or go against the grain.
Finally, where do we find talents with such skill sets? Law and audit have been the most common fields from which compliance draws its talents. I would, however, look to people with backgrounds in marketing, operations, scientific research, journalism, information management systems, and behavior sciences. I believe such diverse backgrounds with complementary skills are the cornerstone for building an agile compliance function in the 21st century.
Hui Chen (www.HuiChenEthics.com) was the Justice Department’s first-ever compliance counsel expert before leaving in June 2017 to start her own private compliance consulting service. Before she joined the DOJ, Hui served in global senior compliance lead positions at Microsoft, Pfizer, and Standard Chartered Bank.