Timothy Miller: To be a compliance officer is to be a guardian of trust

I am often asked, when I speak at conferences, “Why compliance as a career?” To be completely transparent and honest, when I first started my career, what I was doing was not called “compliance” per se. 

However, the reality of what I was doing was completely compliance-related. When I first started my career back in the Marine Corps, I had the opportunity to work with the Division Publication Library.

The Division Publication Library was the custodian of all the manuals and standard operating procedures (SOPs) for every piece of equipment that was being used in the entire 3^rd Marine Air Wing.

When a unit deploys, the unit ‘Pubs’ Librarian must ensure that all the manuals and SOPs for what is being shipped out are with the unit. If a single manual is missing, the deployment can be stalled until the document is located. A delay could mean the loss of life and cost millions of dollars.

This was my first real experience with the importance of maintaining compliance within an organization. In a sense, compliance at this time meant the assurance that the job could get done and the mission was protected from one possible point of failure.

Fast forward 30 years, and I still look at compliance in the same way, just with even higher expectations. I believe, as a compliance officer, my first duty is to protect the company. Now, I am not protecting the company as a chief information security officer (CISO) or chief legal officer (CLO) would, though I do support them in their individual efforts.

I mostly protect the company from itself, so the company can be able to get the job done and reduce the risk of possible repercussions from failing.

I believe that compliance is more about education than it is about being the “gatekeeper” or “enforcer” with the organization, and I love education.

When I joined IBM after the Marines, I was fortunate to be part of a unique department that was one of a kind within the company. I was the Integration Lab Manager. My lab was responsible for testing every piece of software and hardware that the company made to ensure that it was meeting the specifications that the company stated.

Every product had to have my lab’s sign-off to be released. Basically, this was a dream job for an information technology (IT) person. We put the products through the testing process in an attempt to make them fail. If the failure point was higher than the specifications, the product passed and was able to be shipped. If the product failed to meet the specifications, the report of the failure was sent back to the engineers, and the product release was stopped.

We were told to break things and not fix them, a dream job.

However, in reality, we were ensuring that every product met the compliance standards that the logo on the box was known for providing. Once again, I was charged with protecting the company, though this time it was reputation and financial protection and not the loss of life that I was ensuring. I guess you can say that I was able to have two spectrums of experience in my compliance foundations that helped forge the compliance officer I am today.

Today, the challenges in the compliance realm I face are constantly evolving.

The digital landscape, in particular, continues to introduce new frontiers of risks at a pace faster than the regulatory bodies can produce new controls to meet the risks. Artificial intelligence (AI) and machine learning, for all their promise, bring with them complex questions around data bias, fairness, and explainability.

I often find my company, as well as most organizations, in a race to keep up with the ever-expanding pace, trying to anticipate the regulatory response to technologies that are still in their infancy.

Another major challenge is simply the sheer volume and pace of regulatory change that comes in the wake of the new technology. What was a stable regulatory environment 20 years ago is now a dynamic and often erratic landscape of constant change.

All of the morphing requires compliance leaders to be more than just experts in the controls and standards; we must also be agile learners, constantly adapting our knowledge and processes to attempt to keep one step ahead of the wave.

Yet, despite these hurdles, my passion for this work has only deepened. The compliance officer’s role is not just about rules and regulations; it’s about the organization and ultimately, the people.

It’s about fostering an ethical culture where employees feel empowered to do the right thing.

It’s about protecting the company’s reputation and building a foundation of integrity that can withstand any storm.

To be a compliance officer is to be a guardian of trust, and that is a responsibility I carry with immense pride.

You could say that my desire to protect and care for others is why I dedicate so much time to mentoring the next generation of compliance leaders. I share my knowledge so just maybe, the next generation will be better at protecting their companies than we have.