Compliance Risk Management in the 21st Century: From Finding and Fixing Problems to Compliance Risk Management
Regulations, ethics, and integrity are challenging the organization like never before. Governments are increasing scrutiny of organizations, stakeholders demand transparency, clients want assurance the organization is reputable and upholds their values, and business partners require commitments to compliance and ethics.The role of the chief ethics and compliance officer (CECO) has changed: it has evolved from various compliance areas to become a strategic pillar of the enterprise. The CECO in the 21st century has more to do than find and fix problems and ensure compliance requirements are met. Today's CECO has to ensure compliance risk is understood and managed, that organizational obligations are more than written policies but part of the fabric of business operations and interactions, and that there is a strong corporate culture that ensures social responsibility as part of the ethical environment. A strong compliance program is based on values, but requires a risk-based approach to understanding and prioritizing limited resources to combat risk.
CECOs are climbing the corporate ladder to a higher status. What was scattered across business functions — with a concentration in legal — is now coming of age as a senior executive role. With the burden of increased scrutiny, oversight, and ethics the CECO is often reporting directly to the board of directors and senior executives.
Yesterday's compliance program will no longer work. The 21st century demands a robust compliance program to manage the breadth and depth of ethics and compliance risk that bears down on the organization today.