Gartner says as demands on the compliance function grow more intense, Chief Compliance Officers (CCOs) must proactively embrace new leadership responsibilities for their role and reposition how their function is thought of among stakeholders.
Gartner has developed four distinct working models that the CCO will need to flexibly pivot between to cope with a climate marked by new business models, rapid digitalization, changing and divergent stakeholder expectations and higher levels of employee change fatigue.
These working models require CCOs to embrace new roles, and in some cases, assertively expand how their function is thought of by stakeholders and business leaders, including acting as a strategic business advisor and championing the use of analytics to better manage new layers of risk.
“CCOs face an overwhelming set of risk responsibilities at a time when many organizations’ cultures have been stressed or entirely uprooted,” said Brian Lee, managing vice president in the Gartner Legal & Compliance practice. “This moment requires that CCOs consider the roles they play within the organization and the robustness with which they carry out these duties.”
Expanding compliance mandate
In the past year alone, compliance organizations have been increasingly asked to lead or significantly partner in the management of a diverse set of risks and opportunities from environmental, social and governance (ESG) reporting, return to workplace initiatives, third-party risk management, and privacy-related issues, among others.
Gartner data shows that 44% of compliance teams primarily own third-party risk management, while more than two-thirds own or participate in privacy activities.
Meanwhile, 86% of business leaders still expect CCOs to drive a strong “culture of compliance” at a time when hybrid and remote work policies present obstacles for maintaining an organization’s cultural norms.
Against this challenging backdrop, the cost for non-compliance continues to increase, with regulatory fines for data privacy and workplace safety violations especially prominent.
Lee opined that CCOs today can become overwhelmed simply from following their basic program management obligations.
“To be effective and gain the necessary influence to accomplish their goals, CCOs need to spend more time advising business leaders and aligning their guidance to the business's strategic objectives, including the compliance risks associated with top growth initiatives.”
Brian Lee
New framework for effective CCOs
To help CCOs better visualize the key postures needed to carry out their roles effectively, Gartner developed a framework featuring four working models that allow CCOs to best support business priorities.
By embracing and balancing the following working models, CCOs can proactively shape the course of how the business views and manages risks and align the CCO role more closely with key business initiatives.
The four working models for the CCO role include:
Strategic Business Advisor – These CCOs provide compliance advice that influences and strengthens an organization’s strategic direction.
They seek out a clear understanding of business objectives, advise leadership on compliance risks associated with business growth and provide objectives-driven guidance that can influence an organization’s strategic direction.
They are most needed in companies that are rapidly changing, entering new markets, or undergoing a digital transformation.
Culture and Ethics Steward – These CCOs promote a strong corporate compliance culture to build shared accountability and influence business outcomes.
They focus on reinforcing the organization’s culture in a changing environment and create policies and communications that maximize transparency and minimize employee misconduct.
They are most needed in companies that are changing rapidly, including those companies moving to a hybrid work environment.
Tech and Analytics Champion – These CCOs support technology initiatives to improve risk mitigation outcomes and functional effectiveness and promote technical skills development function-wide.
They utilize analytics, automation, and artificial intelligence (AI) to augment the capabilities of their resource-pressed staff.
They are most needed in companies that rely upon data to understand potential risk trends and implement integrated risk management initiatives.
Aligned Assurance Forger – These CCOs establish strong partnerships throughout assurance functions with clearly enumerated risk ownership, accountability, and reporting roles.
They address concerns related to unaligned assurance and allow for a comprehensive view of risks that threaten the organization, offers better assurance by minimizing redundancies and provides a unified assurance voice to the board.
They are most needed in companies that have siloed functions that run multiple risk assessments and reports.