Chief Compliance Officer: What CCOs Do (and Why Your Company Should Have One)
Learn about the Chief Compliance Officer role in Data Protection 101, our series on the fundamentals of information security.
The Chief Compliance Officer (CCO) oversees and manages compliance issues within their company or organization. The CCO ensures that the organization is in compliance with various regulatory requirements and that employees are in adherence with internal procedures and policies.
Chief Compliance Officer Responsibilities
What are the main responsibilities of a Chief Compliance Officer? The CCO is tasked with:
- The CCO should come up with corporate policies and procedures needed by the company for compliance. The CCO will then need to communicate these policies and train employees.
- The CCO should be able to attest to the company's and employees' compliance with these procedures and policies.
- The CCO should also monitor compliance. They measure and evaluate the level of compliance across the entire organization.
- The CCO should investigate any incident or violations for legal or regulatory requirements.
- The CCO is tasked with reporting to the board on everything related to compliance (from policy development and monitoring to enforcement and implementation).
The American College of Healthcare Executives also adds that the CCO should periodically review policies to ensure that they are still current and relevant.
The CCO coordinates with different departments including internal audit, employee services, and risk management, among others, to ensure that compliance issues are fleshed out, investigated, and resolved.
The CCO should also be proactive in identifying potentially vulnerabilities and be able to address these head-on with corrective measures. They also must be able to come up with proper guidance on how employees and the company can avoid similar situations in the future.
1 in 5 Companies Lack a Designated Chief Compliance Officer
Deloitte came out with a study in 2016 that showed that around 1 in every 5 companies do not have a designated CCO and that most companies have very small compliance teams. Only a third of respondents have a standalone CCO post, while others have no designated CCO. For those with a designated CCO that is not a standalone post, the CCO role is typically given to the general corporate counsel, while around 12% have given the position to other people in the company.
Chief Compliance Officer Salary & Career Prospects
According to Payscale, the average salary of a Chief Compliance Officer in the United States is $112,648.
Aside from the pay, Chief Compliance Officers enjoy an exciting career path. CCOs are going to be in great demand as more companies realize just how vital compliance is and as more industries start to be regulated. As it is now, most CCO positions are concentrated in regulated industries, particularly the banking and securities, manufacturing, energy and resources, insurance, healthcare, and technology sectors.
GDPR Survival Kit
Chief Compliance Officer Requirements
A good Chief Compliance Officer must have a thorough technical and practical knowledge of the business. This allows a CCO to envision and then supervise compliance solutions. A CCO is responsible for designing the right policies and procedures and tapping into technologies needed for compliance.
A good CCO should also have great interpersonal skills, as they regularly interface with a variety of people, from C-level executives to the rank and file. The CCO’s responsibilities take them from the boardroom, reporting on compliance issues to top management and the board of directors; to the manufacturing plant, in order to train production workers on compliance.
Gravitas and credibility are important must-haves for a Chief Compliance Officer to be taken seriously. Additionally, a good CCO is able to navigate legal matters with relative ease and builds lasting positive relationships with regulators.
Superior multi-taskers often make the best Chief Compliance Officers, as they need to make strategic decisions, supervise complex monitoring programs, manage and educate highly skilled professionals, and even talk with other departments on issues relating to risk and control. What’s more, they need to stay up-to-date with what’s happening in their industry and changes in regulatory requirements.
To be clear, a CCO does not have to be an IT expert or a lawyer to be good at their job. But it does help if a CCO is comfortable dealing with both the legal and technology concerns that they are likely to encounter.
Key Challenges Faced by Chief Compliance Officers
Like any position, there are inherent challenges and risks faced by Chief Compliance Officers. The first challenge is that the job is not really clearly defined. Some companies give the CCO role to their general counsel, thinking that it only involves legal concerns. Others think that CCOs are merely the corporate equivalent of a high school hall monitor.
Then there is the challenge of not having the independence and authority to make decisions. Ideally, the CCO works with the CEO, the board of directors, and other employees to make compliance second nature to the company. However, conflicts of interest might arise, and for some departments, compliance might get in the way existing processes. In other organizations, CCOs do not report directly to the board, which makes it difficult for the officer to develop and implement policies and procedures.
Another problem faced by CCOs is that they might not have the necessary resources to do their jobs, as compliance teams tend to be lean and underfunded. However, investing in enterprise data loss prevention (DLP) software allows for deeper visibility and information control that can make compliance simpler and easier for the team. DLP software extends a compliance team’s capabilities while increasing efficiency, making it an essential part of a successful CCO’s operations.
Additionally, there has been a marked increase in personal liability not only for the CCO, but also to other senior officers. Thomson Reuters noted that in the past few years, they’ve seen a number of compliance officers working for big companies who are getting in trouble on the job. These compliance professionals have been fined, suspended, bannered, fired, or asked to resign.
Despite the challenges, the role of a Chief Compliance Officer can be quite rewarding, and it’s a role that’s becoming increasingly important for modern organizations in heavily regulated industries. As regulations continue to become more stringent and complex, CCOs will be in even higher demand as companies seek qualified professionals who are able to manage the complexities of the regulatory landscape.
The Definitive Guide to DLP
- The seven trends that have made DLP hot again
- How to determine the right approach for your organization
- Making the business case to executives
The Definitive Guide to Data Classification
- Why Data Classification is Foundational
- How to Classify Your Data
- Selling Data Classification to the Business