What is a chief compliance officer today?
Written by Natalia Shehadeh
For many companies, a chief compliance officer is a lawyer or regulatory professional tasked with advising the company on some aspects of the law and how to comply with the same. For lawyers who have transitioned to the role from private practice, their backgrounds might include white-collar defense, regulatory counseling in areas such as export controls and economic sanctions, antitrust, labor and employment, general litigation, or other regulatory areas relevant to companies in the financial, health care services, or other highly regulated arenas. In my case, I started my practice in the trade controls regulatory and white-collar spaces of export controls, economic sanctions, boycott, and the Foreign Corrupt Practices Act, or FCPA, defense and counseling.
Evolution of the Role
The challenges from my former private practice perspective were getting enough access to client companies to properly design and thread remedial controls and compliance programs into an organization’s environment before getting naturally dismissed as such advice was internalized by the target client. As I navigated the transition to in-house practice, the role quickly began to evolve with new opportunities and novel challenges.
The evolution was largely provoked by intensifying enforcement activity against public and private companies operating in regulated areas, especially enforcement of the FCPA and trade controls, with emphasis in Texas regarding companies in the oil and gas sector operating in challenging environments with a high risk of corruption. As cases intensified with greater stakeholder interest in these resolutions, CCOs were increasingly called upon to be strategists-in-chief, sitting with executive teams to assess the implications of these investigations and resolutions, arm-in-arm with heads of investor relations, communications, and sales teams. Financial sophistication has become increasingly important in managing investigation and settlement costs especially in complex cross-border matters.
No sooner than these cases became commonplace in the sector did additional legal changes provoke expansion of responsibilities of many CCOs. For example, the 2010 adoption of the Dodd-Frank Wall Street Reform and Consumer Protection Act, provoked by the 2008 financial crisis, created new U.S. Securities and Exchange Commission disclosures regarding the incorporation of conflict minerals in regulated supply chains. As it touched global trade and high-risk companies, many CCOs were called to manage this new space. From there, developments in data privacy, especially in the EU and California, human rights initiatives to combat trafficking and modern slavery, and cyber warfare exposed many of us to supply chain management and information technology. For those operating in challenging geographies, the role often exposed many of us to additional security risks beyond corruption including risks of fraud, conflicts of interest, extortion, kidnapping, and the consequences of geopolitical change, along with taking us on journeys around the world conducting investigations and training on new risk-mitigating strategies.
Beyond mere advice and counsel of the growing list of legal requirements and defense of the company when things go wrong, the role requires agility in standardization, education, and ultimately human behavior. Leading a company to stay compliant in these augmenting spaces requires the creation of policies and procedures designed to inform an organization of how to perform in compliance with these expectations. It also requires the design and implementation of programs designed to keep company employees educated regarding what is expected of them, thereby requiring we become experts in behavioral science and adult learning if motivated to ensure this education leads to sustainable change in enterprise risk. This pivot exposed the need for extensive cross-company collaboration in the design of risk-mitigating controls and testing the same with many colleagues beyond legal and internal audit functions to make sure what we advise should be happening is an organization’s reality.
Challenges and Opportunities
As companies navigated the consequences of non-compliant behavior, it became increasingly obvious that CCOs needed to become stewards of change, champions of culture, and adept at influencing human decision-making—a far cry from telling people to follow the rule of law and rather driving critical thinking to future-proof our organizations. As a result, the role today is chief communicator, advocate for change, relationships bridge builder, and constant innovator. How a CCO navigates his or her role in the organization can be influenced by his or her view of the opportunity along with the demands of the ever-growing stakeholder population. While the stakeholders used to be limited to internal employees and external regulators, increasingly the stakeholders include the voices of shareholders, investors, and the communities where a company performs. It can be an increasingly entrepreneurial journey taking the CCO well beyond the mere practice of law and into realms of crisis and reputational or brand management, enterprise culture, technology adoption, analytics innovation, deft financial management, and most of all, constant change.
The challenges are offset by opportunity, the need to compromise and build consensus while operating transparently and in partnership. The opportunity to shape the enterprise views of risk and management of the same is immense, whether you define a CCO portfolio narrowly or broadly in terms of subject-matter responsibility. Opportunity also extends to the creation of cross-functional teams for purposes of sustaining compliance and integrity. The design of a compliance program involves compromise with internal and external stakeholders to achieve a goal of a risk-mitigating environment that can hopefully result in a more inclusive enterprise environment. The execution of a compliance program involves constant consensus or bridge-building, opportunities to bring stakeholders together around a shared goal of culture creation, growth, and/or evolution depending on the journey maturity of an organization. Finally, the CCO role is increasingly influenced by the input of others—internally and especially externally, whether through opportunity—like benchmarking—or evolving obligations vis-a-vis shareholders and other external stakeholders, as there is definitely no one way in which to design or execute the CCO role or a compliance program effectively, and the external expectations of the CCO role are ever expanding.
Top Concerns and the Future
The most prominent concern today is doing this all at once while innovating as our companies evolve to the pressing business needs of the day, remaining committed to the professional development of those around us and propelling the mission forward with increasing financial discipline. For me, it remains an exhilarating practice full of growth and opportunity. We need more professionals to join us on the journey, which while challenging remains intoxicatingly exciting. TBJ
Natalia Shehadeh is senior vice president and chief integrity officer for ABB, a leading global technology company, headquartered in Switzerland, with a focus on the electrification, robotics, automation, and motion sectors. She leads a global team of integrity and regulatory compliance professionals responsible for an array of topics including trade, anticorruption, data privacy, competition, investigations, and data analytics. Since leaving private law practice, where she focused on white-collar defense and compliance counseling activities, Shehadeh held similar compliance roles with TechnipFMC, Weatherford International, and Royal Dutch Shell. She obtained her law and business degrees in the U.S. from South Texas College of Law and the University of Houston, respectively. Shehadeh is originally from Madrid, Spain.