How to translate compliance metrics into meaningful conversation
The goal of every chief ethics and compliance officer is to talk effectively with the rest of the enterprise about risk: the risk that some course of action might cause a compliance violation, or violate the organization’s ethical principles, or lead to some other disruption the business should probably avoid.
Part of that task is getting the right information about risk into your hands, so you can present objective, data-driven arguments; but an even larger part of the task is a human one. Compliance officers need to speak “the language of the business” and communicate in terms that your board, management team, and other business leaders will understand.
Speaking from that perspective is the best way (and often the only way) for compliance officers to be welcomed as a valued adviser on strategic issues. Otherwise, you’re exiled to the sidelines, raising concerns after others have decided what they want to do, forever struggling with inadequate resources and trying to catch up with compliance risks rather than preventing them.
So how can compliance officers learn to speak that language of the business?
Start by knowing your stakeholders
One challenge for compliance officers is that you have multiple groups within your organization who genuinely do care about ethics and compliance issues, but each group cares about somewhat different issues in somewhat different ways. So not only do you need to speak the language of the business; you need to speak several dialects.
For example, the table below shows several groups the compliance officer typically works with, and the risks that each one cares about the most.
| Audience | Sees Risk As… | Cares Most About… |
| Board | Governance failure | Oversight and reputation |
| Compliance | Program degradation | Speak-up integrity |
| Employees | Personal safety | Fair treatment |
| Business Unit Leaders | Operational impediments | Efficiency |
| CFO | Financial volatility | Loss prevention |
| CHRO | Culture erosion | Engagement and retention |
| Legal | Litigation | Civil or criminal liability |
Nobody can fault any of the above groups for the concerns they have; it’s their job to worry about those things first. Look more closely, however, and you can see how compliance risk (speak-up integrity) weaves through the risks of all the others.
For example, if your organization’s speak-up culture is poor, employees won’t feel comfortable raising safety risks they see at the office or the factory floor. If employees don’t raise their concerns, those problems will linger, hindering leaders of First and Second line teams from meeting their performance goals. Morale will suffer, and employees will leave, which is the risk of cultural erosion that HR teams worry about. In the worst cases, injured or aggrieved employees might file lawsuits, which could lead to unwelcome headlines and accusations that the board didn’t exercise enough oversight.
A savvy compliance officer therefore needs to know two things:
How to frame your compliance concern as a matter important to the other business leaders.
So it’s less, “I worry that we have too many allegations of retaliation this year,” and more, “Employees don’t feel comfortable speaking up about things going wrong in the business. That leaves us with blind spots about what’s really happening.”
How to connect business leaders’ risks and concerns to compliance program capabilities that could help to ease those fears.
So for example, when they say, “We want to set up an off-shore manufacturing subsidiary to be closer to end-use customers,” you can warn, “We need to vet those customers carefully to be sure we don’t trigger an export control fine.” (This is not a hypothetical; U.S. export control regulators recently issued one of their largest fines ever for exactly this scenario.)
Again, it’s like speaking a second language: You need to know how to convey your thoughts in a way the listener will understand; and you need to understand what the other speaker truly means, rather than simply hearing the words they say.
The value you can add is your judgment, based on the data your compliance function digests and the understanding of business risk you gain by speaking “the language of the business” with others.
Radical Compliance
Matt Kelly
CEO
Develop your language skills
The best way to learn a language is to sit down with speakers of that language and start speaking it. The same principle applies here.
For example, compliance officers could schedule regular meetings with your counterparts in HR, legal, finance, and other operating teams just to hear what is on their minds. Ask about the goals they have, the pressures they face, the obstacles they want to overcome. (This is something good internal audit leaders have been doing for years.)
If you can offer advice and assistance, that’s great. Even if you can’t, simply having these conversations is helpful because it helps you understand the challenges those other business leaders have, and builds trust between your compliance team and the rest of the enterprise.
Moreover, compliance officers are in a great position here: you sit at the nerve center of information about risk! If your compliance function has built sufficiently strong capabilities for internal reporting, data analytics, regulatory change, and policy management, you can translate all that data into useful intelligence for the rest of the enterprise. You just need to listen to the other business leader – and then figure out how your risk insights can be actionable advice for that other person’s problems.
The value you can add is your judgment, based on the data your compliance function digests and the understanding of business risk you gain by speaking “the language of the business” with others.
Fluency in the language of the business takes time and practice. You can start with those casual conversations, and as you gain proficiency, build upward to board presentations on your corporate culture or debates with senior management about how to embed strong risk management into their business goals.
Ultimately, however, compliance officers do sit at a strategic perch in the enterprise. You can generate valuable insights about business risk, given the data you gather about compliance risks.
Invest the time in talking with others, learning to speak the language of the business, and that will translate into stronger success for your compliance function and for you, the compliance officer.
Learn how to put your compliance communication to the test
Join Carrie Penman and Jane Norberg as they discuss the most recent whistleblowing and case management data. This webinar is a can’t-miss opportunity to learn how to translate your whistleblowing metrics into meaningful conversation with your board and other stakeholders.
