A very common deficiency found at the root of the most shocking business scandals, compliance failures, and government enforcement actions is the failure of leadership — the absence of effective leadership behaviors and the failure to establish a ‘culture of compliance’. The larger an organization, the more formal the design and execution of the leadership framework and culture needs to be.

An organization’s foremost compliance officer is its chief executive, whether at the legal entity, operating unit, or holding company level. Leaders are expected to set the ‘tone from the top’, ‘walk the talk’, and model the behavior expected of every director, employee, agent, business partner, and service provider.

Drawing on my experience as a compliance officer and leader at five global organizations, I observed the best examples of leadership behaviors that promoted a culture of compliance at American Express under the leadership of Harvey Golub and Ken Chenault, It is no coincidence that this world class company operated with a strong culture of compliance promoted and supported by its chief executive.

A culture can be installed or changed most quickly by incenting people to perform in accordance with company values and desired behaviors and actions. The most effective and immediate way to steer the ship in that direction is to link compliance performance to compensation. To accomplish this, a compliance goal-setting process can be instituted whereby entire business units and each employee are charged with developing compliance goals for which they can be evaluated against tangible results and rated on absolute and relative terms. There is beauty in setting aspirational targets and creating competition to get there.

A business unit compliance rating can be a contributing factor to senior management’s assignment of overall business unit performance ratings that drive the size of incentive compensation pools (bonuses and stock awards) available to a unit’s employee base. Then, individual compliance ratings can factor into each employee’s overall performance rating, which then impacts their share of the business unit pool for salary increases, bonuses, and stock awards.

The implementation of a system of reward and penalty for compliance performance and conduct is a compliance officer’s best friend — observed behaviors change, results begin to materialize and gain momentum, reluctance turns to cooperation, and success begets competition for recognition.

Compliance Goals for business units can be set up under broad constructs for driving intended results, in the short term for activities related to Leadership Behaviors, Actions Against Gaps, and interim advancement of Program Maturity (policies, training, and monitoring activities put in place in alignment with all known legal and regulatory requirements) that typically develops over multiple rating periods.
First line units can also be evaluated against Results of Independent Audits and Exams, which are the moments of truth in an organization’s compliance life. The processes and protocols for setting, implementing, cascading, tracking, and evaluating compliance goal are subject to a broader but separate discussion.

Best-practice Leadership Behaviors can be formulated with respect to compliance program resourcing, strategic initiatives, senior management involvement in communications and training, aggressive issue resolution, access to senior management, and regulatory relationships.

As best I could, I have condensed my 25+ years in compliance leadership roles across multiple global organizations into the top ten Expectations for Leadership in the compliance arena, as follows:

  1. Prioritize compliant and ethical behavior by establishing clear ownership and accountability for driving execution of compliance initiatives throughout the management ranks, periodically assessing progress.
  2. Institutionalize a process to periodically (e.g., every six months) assess resource needs for executing the compliance plan, program upkeep. remediation, and expansion, and changes in the environment. A 12-18 month Resource Plan should consider leadership, credentialed staffing, operating expense, strategic planning, capital investment, and unanticipated compliance exposures or remediation efforts.
  3. Establish and cascade tailored or pro forma compliance goals, at a minimum, to all levels of management in Q1.
  4. Embed a culture of compliance by regularly demonstrating and communicating commitment to compliance excellence in meetings and communications. Publicly recognize and reward outstanding examples of integrating compliance into daily activities.
  5. Raise compliance awareness among employees by implementing a formal annual compliance communication plan in all lines of business, regions, and markets, with regular distribution (e.g., quarterly) to all employees, to promote awareness or mandate certain actions in respect of requirements, issues, or initiatives. Customize communications to specific audiences as topical compliance matters may warrant. Compliance Officers may sometimes ghost write leaders’ compliance communications.
  6. Support compliance training by communicating its scheduled delivery, requiring attendance, and introducing, attending and/or delivering the training.
  7. Ensure compliance representation in strategic planning decisions for new product and system development, outsourcing and partnership deals, acquisitions, and org changes, such that compliance requirements and issues are considered, vetted, and addressed as part of the development, decision-making, and approval cycle.
  8. Demand personal accountability from leaders at all levels for aggressive and effective issue resolution and gap closure associated with violations or untreated, systemic risks, including formal escalation, tracking and reporting processes that evidence management’s commitments to appropriate resources, effective address, and timely closure.
  9. Provide timely support and engagement for regulatory exams and relationships, including access to requested people, documentation and data, as guided by Legal and Compliance.
  10. Assess and reward performance against compliance goals as part of performance ratings, e.g., using weighted results, or +/- levers).

Remember, compliance with a small ‘c’ is everyone’s business, not just that of large ‘C’ Compliance. And it is the duty of leadership to embed compliance into the fabric of an organization. To whom much has been given, much is expected!

Thought Leadership Series
An Article by Mr. Gary Ferrari, CAMS
Executive Advisor for Strategic Markets

Mr. Ferrari has been an Executive Advisor for Strategic Markets at THE DATA INITIATIVE since June of 2019. He is also a consultant on financial crimes risk and compliance matters. Mr. Ferrari has had an extensive and distinguished career in financial services and consulting; having held executive roles at Ernst & Young, American Express, Standard Chartered Bank, Citi, and GE.