The compliance environment is getting riskier and more complex. Multiple conflicts around the world have increased the number of sanctions and money laundering risks, while at the same time, compliance efforts are falling short.
Adam Turteltaub is the chief engagement & strategy officer for the Society of Corporate Compliance and Ethics and Health Care Compliance Association. CFO Brew recently spoke to him about the compliance talent shortage, the increase of compliance risk, and what successful organizations are doing about both.
This interview has been lightly edited for length and clarity.
What are some of the challenges that organizations are seeing when it comes to compliance talent?
One of the challenges they have is there’s still not a lot of undergraduate or even graduate degree programs in compliance. It’s still a profession people tend to move into from other professions and so you don’t get people in the door at an entry level who have had training.
You just don’t have the riches there that you do in other areas. When you hire somebody new for the accounting department, the chances are they’ve got an accounting degree. When you hire somebody for compliance, the odds are pretty thin that they have a compliance degree.
Without that educational pipeline there, what do you see organizations doing to help encourage compliance talent and compliance recruitment?
Looking for related skills—there’s a lot of people who come into compliance from legal, from internal audit, from fraud, some out of the business units. It’s not necessarily a bad thing, because in truth, compliance programs are about how you operationalize proper behavior in the workplace. And there’s a lot of skills involved from communication skills and how you convince the workforce, to control function skills, like how you put the proper auditing and monitoring programs in place to ensure that the rules are being followed. So having people from diverse backgrounds is actually can be a great asset to compliance programs.
In light of new sanctions and anti-money laundering regulations, how do you see the complexity of compliance risk changing and how much should organizations be investing in thinking about these risks?
The challenge with sanctions is the names keep coming on and off the list. Especially with the Russia sanctions, it’s been noted as an issue. Compliance teams and organizations really need to have a concerted effort to stay on top of these things, and to understand that what was good today, or what was good two weeks ago, may not be acceptable today.
News built for finance pros
CFO Brew helps finance pros navigate their roles with insights into risk management, compliance, and strategy through our newsletter, virtual events, and digital guides.
How do you see technology, particularly AI, impacting the compliance function?
There’s a lot of talk about it. And I think there’s two levels to it. One is how the function itself will change internally. There is potential for doing great things like tracking transactions to be able to red flag some that seem out of safe scope for an organization.
But at the same time, for the compliance department looking out at the rest of the organization, there’s a lot of concerns, particularly in the ethics area, because AI doesn’t have a conscience. And AI doesn’t necessarily know what the laws are.
So compliance seems to have a two-fold task: one, obviously—like any other technology—to see if it has a place within the way they do their business; but on the other hand, to make sure that their business is using AI in ways that not only pass legal and regulatory muster, but also reflect ethical behaviors that fit within the values of the organization.
What are the best practices you’re seeing in organizations that are successful in their compliance efforts and at maintaining their compliance talent?
Best practice is that compliance is integral to the way that organization does business, not an appendage to it. It’s got to be something that management annunciates a list of values and encourages middle managers to do the same. Being compliant, ethical, and supporting the organization’s values are considered ways to success, not just something you pay lip service to.
It’s an organization that gives the compliance team the resources it needs to do the job—and that’s not just financial, but it’s also the access to board and leadership to be able to function effectively.
What are some of the common mistakes you see organizations making, particularly as compliance risks get more complex?
I think one of the mistakes is treating it as purely a legal function. It’s not just about what the law is; it’s about how you get people to follow the law and think about it and own these issues. Another mistake is putting it down low in the organization as opposed to high—treating it as just a cost center that has to be there rather than as a key to success for an organization.
If you want to make compliance fail, give it to somebody with low status within the organization, put it well down the organizational chart, and pretend it’s not there.