This is a question I have posed to myself more than once and have also discussed with fellow professionals many times over, and while the technical answer to it is quite simple and can be easily found, it is the non-technical answer that interests me the most.
To leave the easy parts of the discussion behind the technical answer to the question is that the role of a Compliance Officer is to manage and run the Compliance Program of a company, period. And running the Compliance Program encompasses ensuring that all the necessary components, or pillars, of the program are properly designed, adequately resourced, are embedded into the routine operations, have proper oversight, have the support of top management and are understood by the whole company.
It is not the role of the Compliance Officer to be the one responsible for the compliance to all applicable laws and regulations – for that responsibility is shared with all other employees, nor to be the moral, or ethical, compass of the company. Compliance is not a cult that has a leader that is to be followed just for the sake of ‘complying’ with the expected behavior. At the end of the day, the Compliance Officer cannot, and will not, ensure that everybody follow the rules, for this is a personal decision of each and every single employee in the Company and no policy, no internal control, no system by itself will change.
Well, since I started this discussion clearly stating that I am interested in the non-technical answer let’s get to it. We all know that being a [good] Compliance Officer is not a task for those who only seek a breadwinning-nine-to-five job. Look around yourself and pick the examples of good compliance colleagues that you know, or met, and you will find a common trait to all those individuals: They usually are personally engaged to their profession and are nice people.
Being a good Compliance Officer takes more than ensuring a collection of clerical business processes (the Compliance Program) is running – this could be accomplished by anyone with basic business process methodology knowledge – it takes some level of personal commitment to doing the right thing all the time, it takes a high degree of empathy, it requires that one is free of prejudice towards others, it takes learning how to accept losing small battles in order to win the war, it takes knowing that evil will always be part of human nature, it is about planning and acting for the long-term changes and not about short-term check-the-box exercises, it also takes a great deal of collaboration with all other departments of a company (for the Compliance Officer can - and should - always find simpler and better ways of doing things). Lastly it does take a lot of building trust with all other persons, because the individuals in a company have to know that they can count on and trust the Compliance Officer when difficulties arise.
Long Story Short: I believe that being a good Compliance Officer is all about helping others finding the right tools, resources and advice in order for them to make the right choices and do the right thing (and ultimately succeed in their roles).
Does it take a lot of technical knowledge on the Compliance Officer’s side to do it well? Yes, it does.
Does it suffice to have technical knowledge? No, it doesn’t.
Do you have to be a lawyer, or an engineer, or any other specific type of professional? No, it doesn’t. As I usually say to my audience during a compliance officer formation course I co-teach: “It takes only having working brain cells to be a Compliance Officer, for it is mostly the exercise of good logic.”
To wrap it up: a good Compliance Officer is someone willing to help others!