The chief compliance officer, or CCO, of a financial company, performs a vital function in the firm: making sure it stays out of trouble with the Securities and Exchange Commission and follows its own internal procedures.
Yet despite the importance of this role, some businesses choose not to hire a dedicated, qualified CCO. Instead, they hand these crucial responsibilities to people who hold multiple titles and have no experience in compliance. In many companies I’ve reviewed, the CCO duties were, at best, an added responsibility the chief executive thought could be handled without additional resources. At worst, having a CCO title in name only or in the hands of an inexperienced employee gave firm owners carte blanche to violate securities laws, with no one to point out violations or take corrective action.
Sometimes this is done with nothing but the best intentions — for example, when a company’s chief executive wants to oversee all operations and take full responsibility for any missteps. But failing to hire a competent CCO can lead to severe consequences and harsher-than-normal punishments in the event a company does violate any relevant financial laws.
There are, of course, cases where a ghost CCO is hired for more sinister purposes. These can range from nepotism to purposefully hiring someone that will turn a blind eye to a company’s misdeeds.
What is the purpose of a CCO?
The CCO’s job is to ensure that a company complies with all applicable internal bylaws as well as any local and federal laws — particularly those of the SEC in the case of financial companies.
However, CCOs are not there merely to point out transgressions. Rather, they are supposed to be a check on the power of a CEO, board, or other authority. In short, CCOs are meant to enforce the rules as well as monitor for noncompliance.
For those coming from non-financial sectors, the CCO can be an easily overlooked part of the C-Suite. Those from the SaaS startup world, which is growing at an astounding 89% pace, may be unfamiliar with the role entirely. Indeed, former tech entrepreneurs that are entering the fintech space may simply not realize that a competent CCO is vital protection against SEC violations.
The role of CCO is not only critical, it is also tough to fill and requires a candidate with lots of experience in the field.
Getting a CCO is more crucial than ever amidst the COVID-19 pandemic
The ongoing pandemic has forced businesses to operate differently, which has understandably created a bit of a turmoil.
Companies are having to adapt to sudden infrastructural changes, such as remote working, shifts to the cloud, and so on. At the same time, employees are under more pressure as well, giving them greater incentive to commit fraud or partake in illegal schemes. And these risks are amplified when companies eliminate the staff that could keep a check on their activities.
In other words, now is definitely not the time to terminate your CCO or to have a “ghost” in the role.
You see, CCOs can re-examine budgets and agendas, conduct a risk assessment to help your company focus on more profitable areas, and make sure you avoid violations. After all, it’s highly unlikely that prosecutors and regulators will accept COVID-19 as an excuse for committing fraud, sanctions, FCPA, FCA, or securities law violations.
Experience is a must
While experience is usually important in any field, the position of CCO is simply too high stakes to learn all the skills on the job. Indeed, a single misstep can spell disaster for a company’s finances, or even bankruptcy and dissolution.
A CCO should not only have experience in fields like financial analysis and knowledge of the best modern financial software for small businesses, but they should also have specific expertise in financial law and technology.
Providing your customers with easy-to-use accounting software that can perform vital tasks such as connecting your bank accounts, syncing your expenses, and getting you ready for tax time is definitely a plus, but without understanding the risks they are trying to mitigate and the laws they are trying to stay on the right side of, it will be impossible for a CCO to perform their duties competently.
Of course, in addition to experience, a CCO must also possess management and interpersonal skills so they can execute the compliance processes they design as well as stand up and speak out when they notice a violation.
The consequences of hiring a ghost CCO
Failing to have a seasoned CCO at the helm of a company’s compliance program can be disastrous. Failure to fulfil compliance obligations can lead to fines and other punishments that can put a company completely out of business.
For example, in 2019, the Illinois-based Nutmeg Group found itself under fire from the SEC because of its very poor compliance program. Randall Goulding, the CEO, had placed his son, David Goulding, in charge despite his complete lack of experience. After the Nutmeg Group was found guilty of defrauding its customers, David Goulding was forced to pay close to $32,000 in fines and disgorgement because the court ruled that accepting the position of CCO was “extremely reckless.”
All in all, these sorts of happenings should not come as a surprise. Just as you wouldn’t expect a marketer with no marketing skills to come up with anything other than an abject failure of a campaign, companies should anticipate failure from a CCO with no experience.
What a good compliance program looks like
Luckily, the US Department of Justice has set out very specific guidelines for what a solid compliance program in the financial sphere entails. In fact, these guidelines are used when the DOJ investigates cases. Businesses that follow them can avoid the specific mistakes that will be red flags during an investigation.
Companies with good compliance programs should be able to answer the following questions in the affirmative:
1. Is the corporation’s compliance program well designed?
Have all relevant risks been assessed? Have proper procedures been implemented? Has there been adequate training to integrate the policies into the corporate structure? Is there a confidential reporting mechanism in place?
2. Is the corporation’s compliance program adequately resourced and empowered to function effectively?
Is there a commitment to follow protocols by senior and middle management? Is there enough funding for it to function? Do the compliance personnel have the requisite experience? Is there data that can help in compliance operations? Are there any incentives and disciplinary measures in place?
3. Does the corporation’s compliance program work in practice?
Is there continuous improvement, periodic testing, and review? Are there investigations of misconduct? Is there analysis and remediation of any misconduct?
The role of CCO is critically important to the success of any financial company. Without hiring a competent CCO, firms leave themselves vulnerable to harsh punishment from the SEC and other regulatory authorities.
Nahla Davies is a software engineer based in the San Francisco Bay Area. Since 2016, she has helped companies build internal compliance frameworks.