Skip to content.
Contact NAVEX
How can we help?

We respect your privacy and won’t share your information with outside parties. View our privacy statement.

Thank you for your interest in NAVEX. We’ll be in touch with you shortly. If you have any immediate questions, please give us a call at 1-866-297-0224.

From: Compliance Week September 23, 2019

As part of our “Inside the Mind of the CCO” special report, we asked eight compliance leaders (right) across a multitude of industries and organizations the same five questions regarding their experiences and thoughts on the profession:

  1. Why compliance?
  2. What do you look for in a deputy?
  3. What skill is most important in your job?
  4. How do you demonstrate compliance ROI to your C-suite?
  5. What will compliance look like in five years?

Their answers are below.

  1. Why compliance?

NORM ASHKENAS:  While I enjoyed my time as in-house counsel, I felt more passion around figuring out how to avoid having an issue in the first place—which is where compliance comes into play.

ALLEN CHIU:  As a prosecutor, we had one primary goal: to pursue justice by trying to do the right thing every day. As chief compliance officer, I have the opportunity and responsibility to help foster a culture for acting ethically and with integrity in all the places we do business.

ANDY HINTON:  I enjoy compliance because of the nexus between doing the right things the right way and supporting the business in achieving its objectives.

ELLEN HUNT:  Like many others I didn’t seek out to become a CCO but was tapped on the shoulder. My legal background was a natural transition for the compliance role.

JOHN KRENITSKY:  I was asked to assume a CCO role after serving as in-house counsel. What attracted me was the challenge of more directly applying the law to design and implement business processes, operations, and controls to yield consistently compliant results. I am attracted to the “hands-on” nature of the job.

FABIANA LACERCA-ALLEN:  I started my career in a legal role and when the Office of Inspector General’s guidelines came out, I volunteered to implement it—soon helping implement the guidelines in several jurisdictions around the globe.

PHILIP MATTHEY:  What attracted me most was cooperating with many other disciplines. I remember that one of my colleagues tried to dissuade me from taking on this new opportunity, since he believed compliance would just be a short-term trend. Well, he was wrong …

CARRIE PENMAN:  I found a passion for community service while running the corporate United Way Campaign, which put me in front of our CEO and executive team. I wasn’t looking for it—I thought they dialed the wrong number when they called—but I haven’t looked back since!



  1. What do you look for in a deputy?

ASHKENAS: CCOs need a thick skinflexibility; a desire to learn; and the ability to analyze, assess, and react quickly, and they must balance regulatory/policy concerns, customer experience, business needs, and cost in all aspects of the program they’re leading.

CHIU: Integrity is an absolute requirement for anyone in compliance. Without it, you cannot lead others in helping to create an ethical environment. Judgment is necessary to identify and assess critical issues. Communication skills are required because much of the job as a compliance professional is focused on conveying the recommended course of action.

HUNT: Honestyintegrity, and transparency.

KRENITSKY: An understanding of the legal and regulatory requirements. Having a legal background is valuable and helps one quickly grasp the compliance principles and requirements, but it’s not the only way to gain an understanding of the applicable legal and regulatory requirements.

LACERCA-ALLEN: High integrity and strong emotional intelligence. They understand their strengths and areas of opportunities and can work well with others. They can assess a situation quickly and can keep their heads about them during a crisis. They have the courage to do what’s right and are passionate about making a difference. They know how to have fun.

MATTHEY: Of course, a compliance expert. It does not matter whether the person is a lawyer, an economist, or an engineer, but the person should have sound experience in dealing with compliance in a corporate environment. The deputy needs to be a strong communicator and a team player. Further, project management skills and persistency are key.

PENMANStrengths and competencies that complement my own to ensure we create a well-rounded team. Also, smartempathetictech-savvy, and data-driven, with tremendous organizational intelligence. This person should be unwavering in their commitment to doing the right things right.



  1. What skill is most important in your job?

ASHKENAS: Curiosityhunger for knowledge, and inquisitiveness. In order to be successful a CCO must ask questions, read, listen, and shadow, and do so continuously.

CHIU: Problem solving is a great skill to have. I think most people are able to identify issues and problems as they arise. However, being practicalefficient, and exercising good judgment to solve complex problems is critically important.

HINTON: Empathy for the objectives of the business.

HUNT:  It’s leadership, which requires empathypatience, the ability to motivate, and problem solving. To be a successful CCO, people have to trust you, want to talk with you, and believe that you will help solve their problem.

KRENITSKY:  The ability to motivate others—particularly those not necessarily under your direct supervision.

LACERCA-ALLEN: Leading by example is key. Having the ability to influence others is very important, and working effectively to set the right tone in the organization will promote the right behaviors.

MATTHEY: Communication. You need to talk to people, explain the importance of the function, convince others if they disagree, and sometimes also push through difficult decisions.

PENMAN: Adaptability! Compliance officers wear many hats—and we get new hats every week. Today, practitioners need to understand cyber-security, data privacy, employee relations, business continuity, integrated risk management, ESG, and a growing list of other responsibilities. Though you may think you have a plan for your day, you know it will change in the first hour!



  1. How do you demonstrate compliance ROI to your C-suite?

ASHKENAS: Aspects of our work lend themselves to operational metrics, which can demonstrate effective use of resources, tracking inputs, demands, and using internal service level agreements.

CHIU: Focus on education and prevention. By fostering a culture of compliance—both internally and externally—we can proactively focus our resources on preventing problems before they arise.

HINTON: A combination of quantitative metrics that measure the load on the team and a qualitative discussion of the challenges the team is dealing with and the risks associated with them.

HUNT: Stories taken from headlines are often great ways to show how successful the ethics and compliance program is. For example, taking our robust conflict of interest process and comparing it to the articles about the NRA and its board members’ conflicts was affirmation about how well our ethics and compliance program is working.

KRENITSKY: Demonstrate the alignment of compliance objectives with business objectives. You can’t begin to achieve business success (such as revenue targets, sales volumes, etc.) until you first have designed effective processes that consistently result in compliant outcomes.

LACERCA-ALLEN: By stressing that a robust compliance program will promote an environment that will attract talented employees and help with retention.

MATTHEY: What my board really appreciates is when we do not just say ‘No’ if they or somebody else raise a question, but if we provide practical options and solutions. This is when they recognize that the compliance function is really integrated within the business.

PENMAN: Early in my ethics career, I found a simple metric: I would point to one case every year that, had it not been raised to our team, would have cost the company big time. Finding that one case (and we had one every year) paid for the entire cost of the program.



  1. What will compliance look like in five years?

ASHKENAS: I could see virtual compliance advisers using machine learning “taught” and supported by human compliance experts, virtual reality for compliance training, compliance manuals compiled using supervised learning, and AI-assisted compliance officers. Rather than fight this future, we should embrace it.

CHIU: The compliance function will increasingly rely on data and advanced analytics to assist in detecting and identifying issues.

HINTON: (1) Better tools and analytics will enable better monitoring for detection of risks, which will enable better measurement of the effectiveness of compliance efforts; (2) the assurance role of the compliance function will become more defined and more important; (3) the focus on company culture as the foundation of compliance efforts will continue to increase.

HUNT: The biggest challenge for CCOs will be to look at the right dataunderstand what the knowledge and insights mean for their organizations, and to use that knowledge and insights in ethical and meaningful ways.

KRENITSKY: I expect the number of personnel in compliance departments with technical data analytics and business process management expertise will increase. To be successful, the future CCO will need to have a great command of the dynamically growing and substantive requirements of law and regulation and also be able to lead organizational change.

LACERCA-ALLEN: The compliance officer will have strong emotional intelligence and will be able to lead organizations during times of crisis. They will rely on technology, but also have the ability to influence others and to lead by example.

MATTHEY: I am convinced that the importance of compliance will continue to increase. Already in the last few years, the responsibility of my team has grown significantly. Advanced technology will play a major role in the future in two different ways: It is an opportunity to simplify our compliance work by using IT tools for specific compliance measures, but at the same time it creates new risks when used in the business operations.

PENMAN: The compliance function will be much more integrated with the risk management functionTechnology and software supports—but does not replace—empatheticadaptable, and organizationally intelligent compliance officers.

Article Linkhttps://www.complianceweek.com/surveys-and-benchmarking/eight-prominent-ccos-tackle-five-questions/27753.article