As part of our “Inside the Mind of the CCO” special report, we asked nine compliance leaders (right) across a multitude of industries and organizations the same five questions regarding their experiences and thoughts on the profession. Here’s the fifth and final question in the series:

Q. In your opinion, what will the compliance function look like in 5 years? What do you think the biggest challenges of the CCO will be?

Meet the CCOs


Stephanie Davis CCO


Chief Ethics and Compliance Officer

Volkswagen Group Of America 

Years in compliance: 12


Cédric Dubar CCO


Chief Compliance & Ethics Officer

Volvo Car Group 

Years in compliance: 17


John Finley CCO


General Counsel and Chief Compliance Officer

AIS Healthcare 

Years in compliance: 20


Duane Holloway CCO


Senior Vice President, General Counsel and Chief Ethics & Compliance Officer

United States Steel Corporation 

Years in compliance: 15  


David Huntley CCO


Senior Executive Vice President & Chief Compliance Officer


Years in compliance: 6


Steve Koslow CCO


Vice President, Chief Ethics & Compliance Officer

Allianz Life

Years in compliance: 25+ 


Andrew McBride CCO


Chief Compliance Officer

Albemarle Corporation 

Years in compliance: 22 


Lisa Taylor CCO


Vice President & Chief Compliance Officer

UC Health 

Years in compliance: 19


Asha Palmer CCO


Chief Ethics & Compliance Officer


Years in compliance: 9

STEPHANIE DAVIS: I think the compliance function will continue to evolve, and, like so many other areas of business, may benefit from the AI trend that is coming. I firmly believe third-party risk should be top of mind for all CCOs, and I think this will continue in the future. The global economy will continue to make all industries dependent on third-party suppliers. So if you don’t understand who your suppliers are, or what your high-risk areas of the business are, you’ll have issues. Third-party risk should continually evolve, and anyone who tells me they have it totally under control doesn’t really understand it. That’s why it’s so important to continually conduct risk reviews of your organization and third parties—the target is constantly moving. But it’s always fascinating and always rewarding.


CEDRIC DUBAR: I see two main trends that will impact the compliance profession in the very near future: Further emphasis on culture and ethical business, so as to enable employees to make better decisions when facing compliance risks. At Volvo Cars, we have been focusing on developing ethical behavior and professional integrity for a few years. Our core training programs encourage self-reflection on ethical behavior, and our leadership programs for managers are designed with a view to support our managers in being role models for ethical leadership. Technology and data analytics will be increasingly used for more efficient monitoring and training. For example, in the field of monitoring, my friend Matt Galvin (Anheuser Busch) has developed a unique program that uses data analytics to detect and prevent compliance risks. Also, in the field of training, we are focusing on adaptive learning, with the objective to adapt training content in real-time to the learner profile. I strongly believe that our compliance community should be more proactive in sharing their good initiatives.


JOHN FINLEY: Compliance will have to go ‘Beyond 7.’ For too long, some compliance programs narrowly focused on the basic seven elements of an effective compliance program: e.g., rules, regulations, and training. Compliance programs can leave a lot on the table. Compliance will have to shift to being more strategic and aligning with business partners if they want a seat at the table. Compliance leaders will need to see ‘Beyond 7’ to strategic solutions. Collaboration and transparency will be important as companies grow across borders and staff move to a home environment. Compliance will have to be consumers of data and technology. Technology and AI enables compliance to be nimbler, more responsive. The use of data and analytics will require compliance leaders to rethink hiring decisions and staffing. Compliance will need teams that can find, manage, and analyze data. Finally, some compliance leaders often take an independent, ivory tower approach. Everyone, including compliance, needs to be rowing in the same direction to achieve the shared goal of a successful business that operates in a compliant and ethical manner.


DUANE HOLLOWAY:  I think compliance will continue to gain in importance as a critical business function. Regulators have long cared about compliance, but regulation alone as a business driver goes only so far in many industries. A major driver of business strategy are the expectations of both customers and investors—those who control where the money goes. And in most industries, we are seeing evolving customer and investor priorities that include various aspects of compliance, including ESG-based purchases and investments. As this trend continues, I expect that compliance functions will gain both greater prominence and greater responsibility in corporations.


DAVID HUNTLEY: In five years, it’s my belief that the compliance function will be even more data driven. Our ability to use meaningful metrics and predictive analysis will serve both our function and our business’ bottom line. These insights will not only help drive decision-making but will also serve to mitigate risk and indicate problems before they occur. We’ll need to remain flexible. If the COVID-19 pandemic has taught us anything this year from a business perspective, it’s that we must always be prepared to flex to fit the changing needs of the business. One of the biggest challenges of the CCO will be leading in an ever-changing environment where culture may be more challenging to foster as many companies look toward a more permanent remote workforce well after we’ve overcome the hurdle of this pandemic. Remaining true to our ethical core in an environment when no one is apparently watching will be key.


STEVE KOSLOW: I see two related drivers taking center stage in the next few years. The first will be a significant rise in analytics-based decision-making. Years ago, I would not have foreseen having a team of analysts preparing data-driven dashboards for our business partners. While still in the early stages, I envision compliance areas significantly increasing the number of data analysts hired into compliance departments. We may not get to the holy grail of predicative compliance analytics in the next five years, but we will certainly move the dial on identifying non-compliance instances and trends earlier than we do today. The related second driver will be a move toward a more formalized and defined Second Line of Defense functionality. Mature compliance organizations will establish and articulate clear standards for business lines to follow and have the capability to monitor, measure, and report on adherence to those standards.


ANDREW McBRIDE: In terms of the traditional role and activity of a compliance function—communications, training, counseling, monitoring, investigations—I suspect we will all be expected to do more with less resources. Compliance is not immune to the same pressures that business units and other functions will face, namely to digitize and streamline processes more, utilizing the latest artificial intelligence and robotics technology. And all of this will be happening where more of our engagement with each other, and employees, is likely to be virtual. While a CCO might feel that the core elements of the ethics and compliance program under his or her control are maturing nicely, more work may still need to be done in enhancing the processes of other functions (order to cash, source to pay, travel and expenses). That requires advocacy on the part of CCOs to convince other functional leaders of the merits of process improvements that are more risk-driven rather than efficiency- driven. But the bigger question is whether compliance officers will outgrow that title. As behavioral scientists, counselors, change management agents, data analysts, trainers, investigators, and process fitness experts, does the title ‘compliance officer’ really do it justice?


LISA TAYLOR: I think the compliance function will be more and more driven by data in the future. As compliance professionals, the biggest challenge will be building efficiencies into our programs in order to increase effectiveness. We need to continue doing more with less. How do you leverage software and computerized programs and what they can do with full-time employees and what you need them to do for you? The most successful compliance professionals will be able to continue to do more with less and still have all of the requirements of an effective compliance program. The government sees the value of compliance and has provided its seal of approval. Compliance professionals need to be ready for more regulation and how to fit it in to the overall program.


ASHA PALMER: In five years, unless we do something differently, and soon, compliance will be in the same place many CCOs are in now, which is not actually deterring or preventing misconduct and very much still a ‘cost center’ or back-office function.  We must start to do things differently—to train differently, to look at leadership differently, to learn and analyze risk differently, to understand human behavior differently, to use data and technology differently, to factor in culture differently, and to look at accountability differently.  This will require future CCOs to develop wholistic and critical approaches to what is and is not working in our programs and adapt to trying things differently if they have proven not to work time and time again.