In the past year, global economies have navigated the COVID-19 pandemic, increased demand for progress on ESG initiatives, growing calls for greater diversity, evolving regulations and elevated cyber risks – all of which have necessitated nimble changes. Consequently, corporations have realized a need for more robust compliance and enterprise risk management (ERM) models.
4 Ways to Improve Compliance and ERM at the Board Level
- Add compliance skills to the board: Similar to boards’ need for technology expertise to help drive cybersecurity initiatives from the top down, boards also need a level of compliance expertise among their ranks. ERM and compliance are complex, and board members frequently do not understand what they entail. Bringing in board members who understand the underpinnings of ERM and compliance and how they operate together unquestionably will benefit organizations. Alternatively, the board must ensure that there are sufficient educational sessions to equip its members to face the highly dynamic regulatory landscape.
- Foster a closer relationship between the C-suite and the board: It’s imperative that the board has clear and open communication with compliance leaders, particularly the chief compliance officer (CCO). At the least, key members of the board, such as the audit committee chair, must possess the ability to communicate consistently about ethics and compliance issues with a CCO or other relevant compliance team member.
- Revamp hiring at the C-suite level: Though having a CCO is an integral part of ERM and compliance, it should not be a one-person affair. Managing compliance and ERM must be embedded in the very heart of company strategy. To this regard, when hiring for key positions such as CEO and CFO, your organization might consider looking beyond traditional requirements and seek out potential candidates with a more holistic view and understanding of ERM and compliance as part of their skills and experience.
“In hiring for the C-suite level, we no longer must look for people with traditional acumen such as finance and managing complex teams, but also new aspects such as ethics.” – Dr. Dambisa Moyo, Co-Principal of Versaca Investments, Global Economist, Author & Board Member
- Strengthen risk oversight by the board: In practical terms, the Board cannot practically support and be involved in the actual day-to-day risk management of their companies. Regardless, they should be able to effectively support executives and risk management leaders to assure stakeholders that their risk appetite is consistent with the overall strategy of the corporation. Their oversight function should ensure that risk awareness is a culture that is driven through the company from the bottom up. The message should be clear to all employees including executives that comprehensive risk management should not be seen as an obstacle to business operations nor a mere supplement to a firm’s overall compliance program, rather that it is a vital element of strategy, culture and business operations.
To learn more about how risk and compliance teams need to work in tandem, yet remain distinct, read Kristy Grant-Hart’s Enterprise Risk and Compliance: 5 Best Practices to Optimize the Relationship.