The Evolution of the Compliance Profession
The profession of "compliance" has transformed so quickly and so fundamentally in the last twenty years, it’s almost unrecognizable. What started out as mostly accountants, then lawyers, is now a glorious potpourri of people with diverse skills and backgrounds. Effective compliance programs are maturing to integrate the unique skills of learning specialists, project managers, process designers, auditors, communications experts, investigators, analysts, data scientists, culture experts, and more. As compliance becomes more and more recognized as a critical foundation for business success and simultaneously recognized for its incredible complexity, the diversity of talent required to do it well has evolved at pace.
In today’s compliance profession, a wealth of opportunities exist for those starting out and those interested in making a mid-career pivot. Whether you’re just starting out or have years of experience under your belt in another field, give compliance a careful look. Today’s compliance programs require a variety of skills and experience that address the ever-growing complexity of:
- day-to-day business operations across an array of functions (e.g., sales, marketing, order fulfillment, billing, 3rd party relationships, finance, manufacturing, development, and so on);
- the incomprehensibly vast amount of data expected to be synthesized into meaningful risk information;
- the ways a multi-generational workforce learns and retains information; and
- emerging technologies and social paradigms we have yet to even integrate into our thinking.
Built-in vs. bolt-on
One of the fundamental shifts of the last two decades has been the recognition that built-in compliance controls tend to be more effective than their bolt-on equivalents. System and process controls, including “real-time” training reminders, built directly in to operational processes have a much higher chance of success. But to work, those controls have to be designed well and integrate seamlessly into the work. Gone are the days of standalone approval processes or screening controls that exist over there. Whether the work is within marketing, sales, or finance, real-world experience in those processes is essential to designing and implementing an effective control. Who better than someone who has done that work for ten years to design ways to close gaps, install gates, or spot opportunities for a pop-up reminder? If you have broad and deep experience in the day-to-day operations in an industry or within a company, you’re an ideal candidate for a compliance team looking for ways to build in control mechanisms. If you’re just starting out in your career and able to look at a process end to end to find gaps, ideate better ways of accomplishing outcomes, and water-test seals to find leaks (ways people could accomplish bad things), you are also an ideal candidate for a compliance career. Compliance programs need people who know every nook and cranny of their complex ERP system, but also people with fresh eyes who understand the massive and constant changes to the technology. It can often take the combination of the very experienced and the new to the field employees to find the best solution to complex regulatory changes, emerging risks, and creative innovations in criminal thinking.
Data is King… and also the court jester
Not only do regulators expect companies to use the data they have to spot red flags and make sound decisions, they expect compliance programs to use data in very broad and very narrow ways. Compliance programs today have to use incredibly complex and constantly changing data sets to perform both strategic and precision decision-making. And they need people who can understand the data, the systems used to create and report the data, and the machine learning opportunities that can help interpret the data.
It’s impossible in today’s data-age for a mere mortal to capture, understand, analyze and synthesize the vast amounts of data created in our business operations. We not only need computers to store the data, but we now rely on computers to make sense of it for us. So, more than ever, we need data scientists and computer programmers that can help us create computer algorithms that turn data into meaningful information.
I can’t even count the number of investigations I’ve worked on that started with a nefarious outcome we traced directly back to warning signs in data that would have helped us prevent the bad act, if only someone had seen the warning flag flapping in the breeze. I like to describe our current wealth of data as a blizzard – a white-out condition, high winds, power lines may go down, blizzard. We have so much data that we have trouble seeing any one particular snow drift, let alone individual snowflakes. We’re all doing our best to keep the car on the road and stay aware of new squalls and that’s about the best most of us can hope for. I could pause here to cite some incomprehensible statistic about the volume of data created every nanosecond, but it would probably be outdated by the time I get to the next paragraph. There are two big ways this data blizzard presents opportunities and risk. The opportunities are endless – imagine how powerful it would be to use your company data to spot risk trends, develop targeted thresholds for process controls, prioritize compliance investments and escalations, and be able to show the C-Suite their risks in impactful, company-specific data stories. But, beyond the positive ways mastering data can help compliance be more effective, the reality is that when not utilized well, it creates big risk, too. Enforcement authorities almost always view data through the narrow lens of the investigation at hand and that can lead to somewhat unrealistic expectations about what a company should have (or I’d argue even could have) done with it. As they pull on the thread of an allegation, there is almost always some data in some system somewhere that could’ve warned you this was happening if only you’d looked. And suddenly your “isolated bad actor” defense gets a lot less effective. If you’re someone steeped in the collection, management, and dissection of data – compliance needs you. If you’re someone highly capable of understanding and capitalizing on the power of artificial intelligence and machine learning, compliance needs you.
Look at this shiny thing over here
Just like in our personal lives, employees are inundated with too much information, too many “urgent” things, and too much noise. And generally, employees either consciously or subconsciously sort through that noise and focus on the imperatives – a sort of mental Maslow’s Hierarchy of Needs. So, how do we get crucial compliance messaging to break through and get mapped to that lower tier of the mental pyramid? To make matters more complex, we’ve also never had such a huge range of workers spanning significant generational and learning-style differences. We can’t just focus on getting employees to notice us waving a shiny object, we need them to actually understand and contemplate what’s written on it or coming from its loud-speakers. There is an entire profession around adult learning and retention that’s become more complex and more crucial as the social media, 24x7 consumption, sophisticated multi-channel communication capabilities have become mainstream. I liken it to juries conditioned with years of CSI style TV shows having a hard time getting to a guilty verdict without some hardcore forensic data from the prosecutors. Realistic or not, we’ve all been quietly conditioned to expect DNA, hair and fiber analysis and exotic insect larvae as standard course in a criminal case. The same is true for corporate communications. We are all so used to dynamic videos, flashy ads, adorable puppies, and creative social media marketing techniques that we have become quietly conditioned to expect that in everything we do. A boring email reminding us to get approval before we take that public sector official to lunch? No way… I will need a Buzzfeed-style 6 Reasons Why I Should Care video journal with animated avatars and a catchy song playing before I even consider clicking on it. Between Maslow’s Hierarchy and our information-absorption conditioning, compliance needs experts who know how to communicate in a way that catches, keeps and inspires attention.
Emerging social and ethical paradigms we haven’t even thought of yet
As technologies evolve, new kinds of ethical dilemmas are emerging. As social justice and employee and consumer activism take root, new ways of identifying and aligning to an ethical code are becoming more critical. 3D printing brought new challenges for companies to decide whether to try to prevent their technology from being used to print weapons. Bad behavior of the ultra-wealthy and outspoken social activists have forced non-profits and giving platforms to reconsider whether they want their money and where and how to draw the moral lines. Advances and harmful biases in artificial intelligence have forced law enforcement agencies to struggle with when and how to use the powerful tool. Since a whole generation of those under 25 grows up knowing how to code now, tech companies are regularly facing conflicts of interest questions related to employees who design apps on the side. Ethical issues that we hadn’t even thought of ten years ago are now mainstream dilemmas. Whether to require employees or customers to wear masks, disclose vaccine status, or come back to the office is now a topic in most leadership meetings. Loud and impactful examples of consumer and employee activism permeate our newsfeed. There is no shortage of new and difficult dilemmas companies have to tackle and often the compliance function is seen as a key arbiter, influencer and subject-matter expert. If you’re an ethicist, a researcher, a student of cultural-social-justice movements, a seeker of global perspectives, and willing to challenge your own views, compliance needs you.
These are just a few examples of the ways the compliance profession has expanded and will continue to evolve alongside technological, ethical, and societal changes. What are some other professions, skill sets, and capabilities you’re seeing become critical to the compliance profession? Tell us on LinkedIn!
What is one piece of advice you would give to your younger self?
Learn what is worth stressing over (hint: not EVERYTHING).
If you had to choose an alternative career, what would you be doing now?
Singer (I sang professionally for a short time and loved it, but I would hate the time on the road for sure).
If you were to sit and reflect at the end of your career, what one hope do you have?
That I helped. Helped them feel their worth, to grow, that I challenged them and supported them, that they mattered.