‘It takes a village’ to build a culture of compliance

The term “culture of compliance” is tossed around so often that I often think it no longer has any value. It’s not unusual for a CCO or senior member of a firm’s staff to assure a regulator that the firm has a “culture of compliance”. But when asked what that means or how they can demonstrate it, people struggle to articulate a meaningful response.

“Culture of compliance” means more than expecting your staff to follow the law. It means that every person, from the owner to the administrative staff, own a piece of the compliance program in their day to day jobs.

You might ask yourself, isn’t that the job of the Chief Compliance Officer? To implement the compliance program? If you think that, then your firm probably doesn’t have a culture of compliance.

The CCO is the most important part of the compliance program. He or she is responsible for the administration and oversight of the program. But there are many aspects to a compliance program that require specific skills and knowledge and it is unrealistic to expect one person to have all those skills.

If I could build the perfect CCO in a lab, they would need the following core competencies to effectively assess the firm’s risk and design an adequate compliance program:

  1. The CCO should be a lawyer, well versed in U.S. federal securities laws. (The book on my desk is more than 2300 pages long.)
  2. The CCO should have an audit background with a degree in Finance or Accounting.
  3. The CCO should have a deep understanding of the firm’s investment strategy. A CFA or CFP designation will be helpful in this regard.
  4. The CCO should be well versed in the firm’s trading protocols.
  5. The CCO should be immersed in all other operational aspects of the firm, in order to assess the risks and adequacy of controls.
  6. The CCO should be an expert in cybersecurity and information technology, as well as have expert level experience with all software used by the firm.
  7. The CCO should have the necessary people skills to represent and advocate for the compliance program to firm’s senior management.
  8. Finally, the CCO needs to actually have the time to implement and administer the compliance program.

I’ve yet to find a CCO with this complete skill set. That is why your CCO needs to be able to rely on the team around them to be the experts in the places they cannot, and every member of your firm needs to be invested in compliance. SMEs need to understand the general principals of securities laws and work with the CCO to design a bespoke and effective compliance program.

The next step of this is getting buy in from these SMEs where they actually want to work with the CCO rather than fight what they are trying to implement. This is where the remainder of senior management needs to play a key role in advocating for compliance resources and supporting its role in the organization. You’d be amazed how often other leaders at the business talk down on compliance and that attitude permeates through the entire organization. Employees at all levels should be encouraged to speak up if a gap in the program is identified.

It is through this approach that a firm will be able to demonstrate its culture of compliance.

We can help

Our team of regulatory experts see how different firms tackle regulation every day. We can help you take a deeper look at your compliance framework and make sure your culture of compliance is embraced at every level.

Menu