There is no doubt that the role of the compliance officer has changed a lot since its early days in response to the Sarbanes-Oxley Act.

The days of filling the position with a “tag, you’re it” strategy of “volunteering” in-house talent to the role are long gone. Modern CCOs have more thrust upon them in terms of regulatory bulletproofing and risk management than ever before. It is a highly specialized role that is entwined with business units and takes a seat at the table of upper management. So, what happens when the person behind the title moves on to bigger and better things, or suddenly departs due to health reasons or unforeseen crisis? Is your company prepared to quickly and effectively fill the role?

Over the years, shareholders have demanded that companies formalize written succession plans for key executives. In June, the SEC expanded its view on business continuity planning with a proposed rule that would require investment advisors to put in place transition plans covering the departure of “key personnel.”

The focus on mandatory succession plans begs an important question: should compliance officers should be included in the—whether voluntarily or by regulatory edict?

“Today, the chief compliance officer is a full and complete participant in the C-suite,” says Timothy Hedley, KPMG’s global lead for fraud risk management services. “You did not see much of that a decade ago. Because of the importance of the efforts they are undertaking in the new era of compliance, succession planning should be a big consideration at larger, more sophisticated companies. It’s a very big deal—who is going to step into the role of chief compliance officer—and there has been a sea change in how chief compliance officers are viewed within the organization.”

“For the board, CEO, and CFO succession planning is pretty much embedded at most larger companies,” says Richard Girgenti, national and Americas leader for KPMG’s forensic advisory services, and Hedley’s co-author for the recently published “The New Era of Regulatory Enforcement: A Comprehensive Guide for Raising the Bar to Manage Risk” (McGraw-Hill Education, 2016). Girgenti notes that with the emergence of the importance of the chief compliance officer, its varied responsibilities, and the different skills that are required, we are just beginning to see companies plan better for succession.

“There is a lot of movement I’ve seen between companies of chief compliance officers, which suggests that, perhaps they haven’t built a framework within their own organization where people would be promoted up to take over those responsibilities,” he adds. “You see people coming from different parts of an organization that may not have been part of compliance—general counsel offices, internal audit, HR—becoming chief compliance officer where they have not otherwise been exposed to the compliance function. Companies are realizing they need to have succession planning that is every bit as robust for this function as they have for some of the more traditional functions where they had it for a longer period of time.”

Successfully replacing an outgoing CCO requires the foresight to “build a bench,” says Julie Copeland, a partner with law firm Lewis Baach.

“If the top person leaves, you want to have somebody that can step into the role who has a history with the institution and knows the ins and outs,” she says, noting that it might not always be possible, but it is the best model.

“We should be focusing on succession planning in compliance just the way boards are for CEOs,” she says. “There is a crucial role that compliance is playing and you really need to know you have people who can step into the role if you really need them to.”

Internal promotion may be as important as ever, especially for financial institutions, given the current hiring spree underway at big banks. Still recovering from the increased regulatory demands that emerged following the financial crisis, big banks have hired compliance personnel by the thousands.

“It is having a negative effect on regional institutions that cannot afford the salaries large financial institutions can,” Copeland says. “The race for talent is a very real problem for a lot of institutions.

Companies can ill afford to assume that automation and technology diminishes the need to maintain the same level of expertise an outgoing CCO possessed. A human touch is crucial.

“You still need somebody with judgment,” Copeland says. “You can’t commoditize compliance.”

Companies, in her view, should incorporate succession discussions into annual strategy sessions.

SEC VIEW

The following is from a proposed rule by the Securities and Exchange Commission that would require business continuity plans for investment advisers.
We believe that by considering alternatives and redundancies for critical operations and systems in advance of significant business disruptions, an adviser will be able to prioritize, recover, and resume key aspects of its business in a timely manner and consequently be better able to act in its clients’ best interests and continue providing services to its clients during such a disruption.
For example, if most securities operations functions (post-trade processing, corporate actions, reconciliation, etc.) are handled internally by the adviser, then the adviser’s plans should address the backup systems or other alternative processes or procedures that will be used or followed in the event of a business disruption where standard operations may not be available.
Additionally, we believe that contingency plans with respect to key personnel generally should address both the temporary or permanent loss of such personnel. For example, loss of key personnel could result from an employee’s sudden departure from the adviser or could be due to a weather related event that renders the employee temporarily unavailable.
Accordingly, an adviser’s business continuity and transition plan generally should include short- term arrangements, such as which specific individuals would satisfy the role(s) of key personnel when unavailable, and long-term arrangements regarding succession planning and how an adviser will replace key personnel.
Source: Securities and Exchange Commission

“Every year companies go through their annual review where they plan budgets and head counts,” she says. “Succession planning should be part of that process. Why not make that an annual process, so you won’t be caught short and if you have a potential gap you realize it at that point before it becomes a real one.”

Given the furious pace of mergers and acquisitions, future compliance plans, including the role of the CCO, are even more important.

“You have to make that part of the analysis when you are thinking of acquiring a company,” Copeland says. “That all goes to culture and that’s a big emphasis by the regulators. If you are acquiring a company, you want to take a good look at how they are managing compliance, how compliance is thought of there, and what types of professionals they have. That is going to tell you about not only whether you want to acquire them, but what kinds of changes you may need to make.”

Not everyone sees CCO-specific succession plans as a modern necessity. “It would be as unusual to have a succession plan for a compliance officer as for a chief legal officer or vice president of human resources,” says Michael Peregrine, a partner with the law firm McDermott Will & Emery. “In my experience, the only situations where the board is going to want a clear succession plan from the management team is when the CEO and, maybe, the COO and CFO.”

“I don’t think that would be a good thing for folks in the compliance industry to push on, because it is not in their best interest to have that position perceived as more important than other officers for whom there is no succession plan,” he adds. “That would be unfortunate and unwarranted.”

Instead, Peregrine places the focus on exit interviews and hiring plans. “When key executives leave, the board or senior management should be aware of why they are leaving. The need to understand it there is a problem they need to be aware of.”

It is also becoming more important “to look at the job description and how we support that position.”

“It is the board’s obligation to make sure it is hiring a top person with adequate skills, education, and training for the position,” Peregrine says. “You are not going to hire a kid fresh out of law school or business school for these positions at a multimillion dollar business and you are not going to give them an office at a remote site. The board needs to make sure that the hiring process is designed to bring in the right person for the job, that it has adequately described the job, ensuring that a new CCO knows their responsibilities and reporting relationships and setting expectations for how they collaborate with their colleagues.”

Peregrine says that the question organizations need to ask is less, “Do we need succession planning for the CCO?” and further, “Have we demonstrated that we have the gatekeepers back?” and “Do we give them the tools to do the jobs and support them?” Bottom line? Focus more on the search and what’s behind the search than succession planning.