Executive coach and former Chief Compliance Officer Amii Barnard-Bahn responds to your anonymous questions on some of the grayer areas compliance officers face, such as culture, hiring, training, and ethics. Click here to submit your own for inclusion in our next edition.

Q. I recently spoke in front of a classroom of law students, many of whom are on a track to join the compliance community. It was a good talk, but I have to be honest … I am concerned they won’t have the people skills they need to truly be effective in a compliance capacity. If you were in my shoes, what would you tell them to do to get better at dealing with people? —Anonymous

Amii: I love your question! It gets the heart of the skill set that is needed to be an effective compliance officer, as well as to succeed over time as an executive. People skills—being approachable, a good listener, and building rapport quickly are all critical skills for compliance professionals.

Current research demonstrates that the way to influence—and lead—is to begin with warmth. It goes to the old adage, “People don’t care how much you know until they know how much you care.” People cannot be influenced by you if they don’t trust you, and they don’t trust you if they don’t feel comfortable around you and believe that you are open to their concerns.

Over the years in my coaching practice, I’ve seen that attorneys can become over-reliant on the force of law or their positional authority to drive action. Attorneys are systemically rewarded for their competence, credentials, and power. You can get results this way, but it’s usually through some degree of fear/deference to authority, which does not inspire likability. This can be a particularly acute problem when attorneys move from a law firm or the public sector (where positional power is a cultural norm) and go in-house to corporations, where power is more diffused and work needs to get done on a cross-functional “community” basis.

Depending on their background and leadership style, attorneys who transition into a compliance role may focus too much on the “what” of their job—providing the right answer—versus the “how” of their job—building trust and influence with stakeholders. It’s my belief (based on lots of behavioral science evidence) that no one will listen to you unless you connect with them first on a personal level. This is especially true if you’re telling people something they don’t want to hear, which is often the case in our jobs!

So, to be effective compliance professionals, I would tell attorneys they need to focus on balancing warmth with strength—leading with warmth. This will reduce the unhealthy “us vs. them” barrier that can exist with compliance; help cultivate affiliation, which we all crave as human beings; and consciously enable our understanding of others’ points of view—critical to our success in effectively leading and inspiring others to do the right thing.

Mailbag text

Q. It used to be that the compliance department was made almost entirely out of lawyers, but now I keep hearing about the importance of diversifying the function with people with different backgrounds (data science, psychology, etc). In your view, which skills are most important when hiring for compliance (looking to the future, of course)?—Bill

Amii: For some of the same reasons as stated in the previous question’s answer, and the size of your team, it is a huge benefit to have a compliance team comprised of varying skill sets. Compliance requires a solid foundation of legal and regulatory subject matter experts (usually, but not exclusively, attorneys), who can provide the right guidance to organizations. Depending on the complexity and size of your organization, however, you’re also going to need monitoring and auditing, project management, influencing, and communication and training skills.

When designing your compliance “A” team, think strategically about the aggregate skills, knowledge and abilities you need for a solid team (including diverse personality types). You want to have coverage for each necessary skill set. Here is my short list:

  • Legal and regulatory subject matter expertise for your industry, business and key risks (technical specialists and problem solvers)
  • Project management skills
  • Data analytics and reporting
  • Strategic thinking
  • Employee communications and marketing (influencing, inspiring, selling)

Some of my best compliance hires have included professionals such as a former nurse-turned-compliance officer who had healthcare expertise and knowledge of hospitals, one of our primary client groups. Thanks to his ground level hospital knowledge, he walked in with immediate trust, which enabled our compliance team to quickly create and deliver effective compliance training. Another time, I hired away a brilliant project management consultant who had worked at one of the top consulting firms in the country. She became my right-hand person with regard to overarching strategy for our compliance program, designing and reporting on Key Performance Indicators, and tracking and evaluating the progress of our many multiple project streams. When building an anti-bribery and corruption program, I hired a talented former auditor from KPMG who had worked abroad in anticorruption for several years. She was an expert at data analytics and could make the most unruly Excel spreadsheets sit up and bark like a dog (one of my weaknesses). Think of your overall team as a symphony. What instrument is missing?

Q. What’s best practice for how often to update a code of conduct? It’s a really tough process for us, and we’re only doing it every 3-4 years or so. Do you think we need to do it more often than that?—Jo

Amii: Barring a legal or regulatory change that impacts your company, it’s pretty standard to update a code of conduct every 3 to 5 years. It’s an expensive and time-consuming undertaking, as you’ve referenced.

Companies generally update codes of conduct when the risk profile changes, such as, a merger or acquisition or a significant change in law or regulation that applies to the business. Sometimes a code refresh is driven by marketing- triggered by a new company branding initiative or updated logo, where the code is leveraged as a valuable recruitment and corporate governance document.