Compliance Officers Wear Many Hats

It will come as no surprise to any compliance officer that the skill sets they must possess often stray far from any “textbook” definition of the job. What they may not consider is that, at times, their job may have a lot in common with the more exotic skill sets required of spies, gamblers, and diplomats.

Compliance officers are often treated as the corporate equivalent of a Swiss Army knife—a multi-disciplined tool ready to handle any problem shuffled upon them.  Speaking the language of lawyers, regulators, HR, auditors, bankers, investors, and whatever other specialists populate the marketplace and supply chain are all in a day's work for a typical CCO. Being a go-to jack-of-all-trades can extend beyond these expected areas, however, and with a little creative thinking there are lessons to be learned from uncommon careers.

A 2011 survey conducted by National Regulatory Services—a provider of compliance and registration services for the financial industry—found that 41 percent of respondents with the position of Chief Compliance Officer spent less than half of their time on duties that would be traditionally defined as compliance. “The reality in the industry is that there are still a majority of CCOs who continue to wear many hats and split their roles among other functions,” it concluded.

Compliance officers tend to be plucked from various jobs, and may have a legal, finance, or operations background, and they have to do a job that includes aspects of all three, as well as technology and audit facets, explains NRS President John Gebauer. “Sometimes they are an office manager or something else, but they are now named CCO and they have lots of responsibilities,” he says. Complicating matters is that hiring in back office functions has been in decline. Compliance personnel “are forced to do more with less” even as their role becomes more meaningful and multi-faceted, says Gebauer. 

For example, as technology solutions continue to play a bigger role in the compliance function, compliance officers have had to become deeply immersed in technology and have become involved in planning and managing the systems that companies are implementing. In most cases, it's not enough to simply be able to communicate with IT; in the age of automation, privacy concerns, and Big Data, compliance officers have had to become bona fide IT experts. 

In some industries, the expertise required of the compliance officer can be even more specialized. In the world of pharmaceutical and medical device makers, for example, a good compliance officer needs to constantly absorb the skill sets of other professions including, at various times, babysitters, detectives, customer service reps, and poker players. They may also, from time to time, need to toss on scrubs and head into the operating room.

Among the compliance imperatives in drug and medical device industry is ensuring that products are marketed within strict guidelines.  Misrepresentation about a drug's efficacy or off-label encouragement of a device can lead to a costly chain reaction of regulatory violations. To keep over-eager sales reps in check, compliance officers often accompany them on doctor visits, a practice known as conducting a “ride-along.” The intent is to observe the pitch and make sure it never runs afoul of the False Claims Act, anti-kickback statutes, or the Stark Law, which prohibits financial relationships between companies and physicians who purchase or recommend products covered under federal healthcare programs. Off-label suggestions can lead to charges of Medicare fraud and other legal headaches.

Sitting quietly in the wings on ride-alongs are people like Michael Clarke, ethics and compliance officer – Americas, for Actavis, a large developer and manufacturer of generic drugs. His job is to watch over inexperienced sales people and long-time pros alike and make sure they don't step over the line.

“As a compliance person, you are setting rules, overseeing training, and investigating misconduct, but you also have to be cognizant of customer relations and the commercial aspect of the relationship.”

—Michael Clarke,

Ethics & Compliance Officer - Americas,

Actavis

The former camp may merely misspeak, but that's enough to wage a red flag. More experienced salespeople, however, could go with a more intentional “wink and a nod” approach to entice doctors into a discussion of either off-label uses or illicit compensation. That's where the comparison to a professional gambler, always on the lookout for subtle “tells,” compares.

“There might be all sorts of unspoken things going on so you watch for that,” Clarke says. “You have to become very attuned to human behavior and body English. It could well be that something is going on and you don't know because it is non-verbal, so you have to watch for any indication that there will be some sort of inducement later on. You've got to figure it out and flesh it out.”

Customer service skills are also much needed. “As a compliance person, you are setting rules, overseeing training, and investigating misconduct,” Clarke says. “But you also have to be cognizant of customer relations and the commercial aspect of the relationship. Unless it is extremely egregious or criminal behavior, you really have to take pains not to jeopardize the customer relationship.”

Where most compliance officers may pace the carpeted floors of the C-Suite, Clarke sometimes starts his day in an operating room. The best sales reps have such a technically astute understanding of the medical devices they sell, that surgeons will request them to, outside the sterile field, provide advice and guidance. As with a sales call, Clarke occasionally sits in on the procedures to ensure that the sales representative adheres to required protocols. “In the heat of the surgery it is particularly challenging,” says Clarke, explaining that even a single screw cannot be put to an off-label use.

Wearing Stripes

In other settings, compliance personnel are sometimes required to exhibit the attitude of a referee and patience of a diplomat. Tom Rudenko, former vice president of internal audit for Caesar's Entertainment, recalled the internal squabbles that accompanied the initial implementation of Sarbanes-Oxley, for example.

“When it became a reality, nobody knew exactly how it was supposed to work and how we should comply,” he recalls. “We looked at the external auditors, and they would commence to arguing amongst themselves.  The controller's group looked at the legal folks, and they looked back and said, ‘you are the best ones to figure it out.' We looked at what other companies were doing, and it was all over the map.”

CCOS WEAR MANY HATS

The following is from a “Compliance Compensation Study” conducted by National Regulatory Services, part of BankersAccuity, comparing 2011 data to previous research conducted in 2008.

Only 33 percent of all respondents reported that 90 percent of their time is spent on compliance functions. Conversely, 41 percent spend less than 50 percent of their time on compliance. More interesting however is the role of the CCO. Of those that hold the chief compliance officer title, only 25 percent reported spending over 90 percent of their time on compliance (down from 30 percent in 2008) Fifty five percent of those identified as compliance officer or compliance manager spend more than 90 percent of their time on compliance.

Overall, our study shows CCOs spend the least amount of time on direct compliance responsibilities, while compliance officers and compliance managers spend the most amount of their time on compliance processes and tasks.

While we can make the assumption that senior level positions are more involved with other business matters, we believe this is still counter to what the regulators had planned with the implementation of the SEC's Compliance Programs Rule (206(4)-7) or FINRA Rule 3130. While these regulations may have been implemented so that those who hold the chief compliance officer title spend the majority of their time on compliance, the reality in the industry is that there are still a majority of CCOs who continue to wear many hats and split their roles among other functions. Since 2008, this trend has worsened and CCOs spend even less time on compliance.

Source: National Regulatory Services.

Eventually, the departmental battles over scope and process subsided. Because compliance was kept in-house, debate gave way to cooperation. “Because we kept it simple and tried very hard not to over-complicate, it made it easier to build long-term structural solutions rather than short-term fixes,” Rudenko says. “Through the battles we even ended up greatly strengthening the relationship with the external auditors.”

Most compliance officers wouldn't dare compare themselves to a secret agent. But stealth is also a necessary quality when internal investigations are underway. They need to ensure confidentiality and don't want to tip anyone off.

Brad Siciliano, a shareholder in Littler Mendelson's New York office and a member of its compliance practice, laments, that these missions don't always unfold with a precision worthy of James Bond.

He recalls one internal investigation he was involved with where serious charges were uncovered regarding a senior person at a company he once worked for. Given the gravity of the situation it was decided to bring in, from out-of-state, a former federal prosecutor.

The hush-hush effort took a disastrous turn the moment Siciliano arrived at his office to meet with the internal team. Turning a corner, he came face-to-face with his carefully chosen, secret investigator hugging the receptionist. By sheer coincidence, she turned out to be the man's godmother.

TIME SPENT ON COMPLIANCE

Below are two charts from National Regulatory Services.

The first chart below shows the average time spent on compliance and average compensation by title in 2008 vs. 2011, while the second chart shows average compensation by business type for the same years.

Source: National Regulatory Services.

“It obviously raised some suspicions,” he says. “It has to be a compliance officer's worst nightmare to walk in and see the receptionist hugging their criminal lawyer.”

Siciliano recalled another example where top-secret plans were thwarted by bad luck. An investigation was underway and, to help review thousands of e-mails collected as evidence, an outside attorney was brought in. A section of empty offices, frequently used by auditors or other outside vendors, was deemed the perfect place for her to set up shop. “You could stick people in there and no one ever really asked anything,” he says. “We didn't want anyone to know what this woman is doing so we set her up in one of them.”

Résumés can tell a lot about a person. In this case, the hired hand had great credentials, prestigious schooling, and experience with white-collar investigations.  What the curriculum vitae didn't suggest was that the woman could easily pass as a supermodel.

“It created an absolute buzz because she was uncommonly beautiful,” Siciliano says. Men in the office were lining up at her door to conveniently introduce themselves and graciously (if not pleadingly) offering to help with whatever she was doing in any way they could. “Who are you, why are you here, what are you doing?” they asked.

“We had to quickly come up with a cover story,” he recalled. “The moral of the story is that if you are going to hire an outside contractor, make sure they are send you ugly lawyers. They won't draw so much attention.”