Swipe Right for Compliance: Finding the Perfect CCO

In over 25 years of advising chief ethics and compliance officers (by that and many other names, although I will refer to them here as CCOs), I have learned a few things about which traits are important to this position. I have several clients at the moment that are either creating the CCO position for the first time or restructuring their compliance departments, which has led me to reflect on this question of what is essential to a good CCO.

And, while it may seem like a bold claim to suggest that I know what makes the perfect CCO – given that I have never actually been a CCO – I have a pretty good idea of which characteristics are utterly essential, which are nice to haves, and which don’t matter. The good news – for those aspiring CCOs out there – is that these traits are characteristics that one can develop, in case you don’t possess all of them already. My list (and I would love to hear your additions or deletions to the following):

• Unimpeachable integrity (of course!)a
• Courage
• Wisdom
• Curiosity
• Expertise
• Gravitas
• Relationship building alongside independence
• Persistence
• Humility

As businesses navigate an increasingly complex maze of laws and regulations, and as the pace of change (technological, geopolitical, and other) increases dramatically, the need for an exceptional CCO only increases. So, let’s explore each of these traits in turn, and I will sprinkle in some real-life anecdotes along the way.

Unimpeachable Integrity

That a CCO should embody high ethical standards should, perhaps, go without saying. This is, after all, the person who is leading the organization’s ethics and compliance initiatives. However, we don’t have to look far to find CCOs who perhaps strayed from the path of integrity. When this happens, not only does the compliance program suffer, but the organization’s commitment to business ethics more broadly is often cast into doubt.

During a program assessment a few years ago, a compliance professional relayed to me the story of the organization’s new compliance officer having previously (while in the legal department) been the subject of an investigation regarding a serious and undisclosed conflict of interest. The evidence all pointed to the existence of the conflict, but there was no way (short of admissions, which were not forthcoming) to prove the violation. The investigation was closed, and two years later, this person was appointed to the CCO position. As the compliance professional relayed to me, the company didn’t seem concerned about the ethical implications of the new CCO’s conduct – they were quite happy to have a good performer and rising star in the role. But to the compliance staff, and those who were aware of the investigation, there was a concerning lack of focus by hiring personnel regarding the question of CCO integrity.

And, sadly, we can likely all point to plenty of CCOs who have had undisclosed inter-office relationships; undisclosed personal relationships with outside advisors (and audit committee chairs!); terrible, uncontrolled tempers; and disrespectful ways of dealing with subordinates. CCOs need not be perfect, of course. They (like all of us) are allowed to be flawed. But finding someone for whom integrity and ethics are integral to who they are should be an important goal. Because an ill-behaving compliance officer creates a jaundiced view of the program, which can impact the culture of compliance profoundly.

Courage

The second important trait – courage – is linked to integrity. At the heart of a successful compliance strategy lies the courage to stand firm on principles of integrity and ethical conduct. A CCO must possess the bravery to make tough decisions, confront unethical practices, and advocate for compliance, even when faced with resistance from those who are above her on the org chart.

I have endless examples of the need for courage to run a successful C&E program. When leadership seeks to pursue profit at the expense of laws or business ethics, the CCO needs the courage to stand against leadership, which can be so difficult. And when allegations come in against a senior leader, the CCO must have the courage to escalate and investigate. I have (typically figuratively 😊) held the hand of many a CCO who must walk into the executive leadership team meeting or pick up the phone to call the audit committee chair when she knows that prevailing sentiment is against her. It is no easy task. But a good CCO has the courage of her convictions and make the tough calls when they are necessary, which leads us to the third trait, wisdom.

Wisdom

While courage equips a CCO to fight the good fight, wisdom determines which battles are truly worth engaging. Grey hair is not a prerequisite for a successful CCO, but a substantial measure of life’s wisdom certainly is. Opportunities to defend the organization’s values are plentiful, but discerning which hill to fight on (I don’t like the actual idiom – too macabre) is a question of wisdom.

An example – a CCO of a client recently dealt with a potential violation involving a minor misreporting error that was inadvertent and posed no threat to customers or the public. Instead of launching a full-scale investigation, the CCO assessed the situation and decided to handle it internally with targeted training to prevent future issues. This decision saved resources and increased the trust that the business had in the C&E team, while stockpiling good faith and resources for issues with more significant legal or ethical implications.

CCOs who exhaust their resources fighting every minor infraction risk diluting their effectiveness when truly critical issues arise. A judicious approach ensures that the CCO’s efforts are reserved for matters with substantial impact on the organization. Failure to be discerning can lead to a loss of faith in both the CCO and the broader compliance program. By wisely choosing their battles, effective CCOs not only protect their organization’s values but also the program’s credibility.

Curiosity

A good CCO is curious – curious about the company, about how to improve controls, about how to operationalize controls into the business, about risks and emerging risks, and about continuous improvement opportunities. Curiosity fuels the desire to constantly seek better solutions, understand emerging risks, and anticipate regulatory changes. An ideal CCO is inherently inquisitive, always looking for ways to enhance the compliance program and adapt to the dynamic regulatory environment. This trait is crucial for staying ahead of potential compliance issues and fostering a culture of continuous learning and improvement within the organization.

I saw an example of how lack of curiosity can impede a C&E program in a recent program assessment. The head of one of the company’s businesses, which was exploring the use of artificial intelligence, lamented the lack of engagement by the C&E team in creating appropriate controls around the company’s use of AI. The business leader relayed to me that, “If I hadn’t built the governance model, it would never have been built. Internal compliance should have been on top of that, rather than just validating that my governance model is satisfactory. I am not getting probing questions. They don’t seem to be curious about the risks that are created or how the controls address the risks. So where is the value-add?”

Expertise

Curiosity, while valuable, realizes its full potential only when grounded in expertise in laws, regulations, and compliance standards and practices. The ideal CCO understands both the regulatory environment and the nuances of the business, paired with practical experience in implementing compliance programs. This expertise is crucial for a CCO to navigate complex compliance issues, provide informed guidance, and design strategies that are not only effective but also efficient.

When a new technology (or business strategy, or product, or service, or geography) comes along, a competent CCO must quickly leverage their expertise to assess and adapt. Understanding where risks may emerge is essential for developing appropriate controls tailored to these new contexts. Without a deep grasp of both the business operations and regulatory demands, a CCO risks being relegated to merely approving controls suggested by others rather than crafting strategic, bespoke compliance solutions.

Consider, for example, where a company introduces a new data analytics platform that collects extensive customer data. An adept CCO, familiar with data privacy laws and the specific business model, would be pivotal in designing controls that not only comply with the law but also achieve business objectives, enhance stakeholder trust, and protect the company’s reputation. This proactive involvement ensures compliance measures are not only reactive but are integral to the strategic growth of the company.

Gravitas

Gravitas is another critical trait for a CCO – meaning the seriousness and authoritative presence necessary to command respect and influence across an organization. This quality is more than just a projection of authority; it is about inspiring trust and confidence through a demeanor that balances assertiveness with empathy and professionalism. A CCO with gravitas is poised and composed, even in high-pressure situations, which reinforces the perception of compliance as a central pillar of the business and the CCO as someone equipped to steer the company through turbulent waters. A CCO with gravitas can challenge leadership, can report on high-level violations with calm rather than aggression, and can convey complex legal and ethical issues in a clear and impactful manner.

Relationship-Building Alongside Independence

Building strong relationships across the organization is vital for fostering a culture of compliance. The ideal CCO excels in communication, collaboration, and persuasion, and can engage with stakeholders at all levels. However, equally important is the ability to maintain independence – to objectively assess and address compliance issues without bias or influence from internal or external pressures. This delicate balance between relationship-building and independence is a tough line to walk, but is vital in ensuring the special place of compliance in an organization.

Persistence

Compliance programs will face challenges – sometimes daily. CCOs can face resistance from leadership, budgetary challenges, employee fatigue, and general lack of enthusiasm, to name just a few potential obstacles. Persistence, perseverance, resilience and grit – all essential qualities in a CCO.

Humility

My final key trait – humility – is one that is necessary for all compliance professionals, but especially for CCOs. Humility means recognizing our own limitations, seeking input from others, and embracing the continuous improvement journey. Humility fosters open dialogue and helps guard against self-righteousness (which is a terrible trait in a CCO!).

I am familiar with a number of people who become CCOs after a long and successful career in law, audit, HR, finance, or other realms. I was recently chatting with a ridiculously talented litigator who has been appointed CCO of a large, multinational organization. He is smart and experienced. He is deeply familiar with the business and its risks. He exudes gravitas and wisdom. But he doesn’t know compliance. So, my counsel to him, as he takes on his new job, was to approach the field with the requisite degree of humility. To understand that compliance is a profession that is tied to but separate from law, and that he should approach his new role with a beginner’s mind.

Conclusion

To navigate increasingly complex regulatory requirements and business demands, the above (along with a whole lot of grace) are important qualities for effective CCOs. This list may seem daunting, but I have known plenty of people in this wonderful profession who have all the above qualities and more. And I certainly do not want to imply that when a CCO suffers a setback, it is caused by failure to embody essential character traits. (It is instead, in my experience, typically due to lack of support from senior leadership.) However, as the world becomes ever more complicated, the importance of swiping right for the ideal CCO becomes more critical.