Compliance Expertise on your Board

by Roy Snell

493373147An emerging best practice is to have compliance expertise on the Board.  The enforcement community is tired of organizations paying fines/penalties and considering it a part of doing business.  The press, public, politicians and prosecutors are calling for individuals to be held accountable for recent regulatory missteps.  They are suggesting Board members be held accountable because they believe that regulatory compliance should be a major responsibility of the governing body.  Society believes individuals (not necessarily companies) commit fraud, and that those individuals should be held accountable. Society also believes that leadership is culpable because leadership didn’t prevent the individuals from committing the fraud.

Having compliance expertise on the Board makes sense to those who are trying to determine if you are committed to compliance.   It also gives leadership and their compliance officer a resource to help you make good decisions.  We have had finance experience on the Board for years and it has served the Board and the CFO well.  The problem I see is that leadership doesn’t understand what compliance expertise is.

If you ask most companies if they have compliance expertise on their Board… most would say yes.  When asked who the compliance expert is they typically point to a lawyer, auditor, risk manager, or an ethicists. None of these professions are automatically compliance experts. All lawyers have different specialties.  You would not have a tax attorney negotiate a bribery settlement.  Likewise you would not have just any lawyer provide compliance expertise.

What the government is looking for is not generic compliance expertise.  They are looking for compliance program management expertise.  Ethicists help build ethical cultures, but if they have never held the job of a compliance officer it’s difficult to hold them out as compliance experts.  The same is true for risk managers and auditors.  Law, ethics, risk, and audit are all elements of a compliance program, but experience in those professions is not enough to claim expertise in the compliance profession as a whole.

Well intentioned leaders are committed to compliance and they want to set themselves apart.  I tell them a best practice is to put someone with compliance experience on the Board.  They respond they have it.  They point to an individual with no education or job experience in the compliance profession.  The enforcement community knows what a compliance officer and a compliance program is.  You simply can’t convince an enforcement official, or any other knowledgeable individual for that matter, that you have compliance expertise on your Board if no one on your board has ever held the position of a compliance officer.


  1. Great text, but at the same time little bit confusing, at least to me 🙂

    Ok, I understand that for example lawyer is not (and cannot be) compliance officer. The same goes with auditor, or…
    It was said “…Law, ethics, risk, and audit are all elements of a compliance program, but experience in those professions is not enough to claim expertise in the compliance profession as a whole.” Ok, then what is enough? Does compliance officer have to be better laywer, better auditor, better whatever then the person who actually does it… and all of that at the same time, “one person to rule them all”? If that is the case, it sounds kind a scary… since even C.E.O. doesn’t have that knowledge and experience.

    Help, please


    • Tanja

      Thanks for the question. I am not saying that people from legal, risk, ethics, audit, ect. can’t be good compliance professionals. In fact, they are all excellent backgrounds for a career in compliance. What I am suggesting is that a board can’t claim to have a compliance expert on the board if the board points to someone with no education or experience in the compliance profession. That is true even if even if the person they point to has experience in a related field such as audit, legal, ethics, risk, etc. It would be like saying that a cardiologist can perform brain surgery because they are a doctor. A cardiologist could become a brain surgeon faster than a CEO could. A lawyer can become an effective compliance professional faster than a doctor because they are in a field more related to compliance than medicine. A cardiologist would require further training and experience before becoming a brain surgeon. If you wanted neurosurgery experience on your board, you would not pick a cardiologist just because they are a doctor. You would pick a neurosurgeon.

      Compliance requires a working knowledge of about 7 or 8 professions such as, audit, education, risk, legal, investigations, ethics, policy development, etc. Exceptional compliance professionals have a lot of experience in all these areas. Truly exceptional compliance professionals have experience in all elements of a compliance program and very strong interpersonal skills such as, communication, collaboration, negotiation, influence, relationship building, motivation, etc. If I was going to claim I had compliance experience on my board, I would point to someone who has worked in the compliance field and had experience in all these areas rather than just one area such a legal, audit, risk, ethics etc. The enforcement community is gaining more understanding about the difference between the legal, audit, risk, ethics and compliance professions. In fact, they just contracted with someone from the compliance field to help them evaluate the effectiveness of compliance programs. Their ability to discern the difference between expertise in one area of compliance and all areas of compliance is getting

Comments are closed.