Within large corporations, especially those whose business models are very technology-centric, there is perhaps no function more critical but also widely misunderstood than risk and compliance. Often seen as little more than a necessary evil at best–and a hindrance to progress at worst–Risk and Compliance leaders’ biggest challenges often come from within their own companies, in the form of executives and even boards who simply don’t understand the importance of the work they do.
In early 2023, Carpe Diem surveyed some 242 Risk and Compliance leaders at 160 companies, and followed up directly with 93 of them to gain insights into the challenges faced in their roles, and how they overcame lack of understanding internally of their function at both the executive and board levels.
While the most common thread to emerge from these professionals is the need to build relationships and educate their peers, leaders also pointed to a number of approaches including the importance of partnering with product teams. A tight alignment with this group will ensure that new technology innovation is being built in a compliant manner cognizant of the regulatory and statutory requirements in the markets where the innovation is being deployed.
For the majority of Risk and Compliance (R/C) leaders surveyed, crafting the message, aligned to business strategy and business imperatives, is the first step towards ensuring that senior executives and board members align with and to the importance of their function.
As one leader notes, that process begins with “making compliance relatable in small soundbites with real-life examples. Challenges dealing with the business and the market are important of which they are aware.”
Another leader advised “Ensure you are always educating them (Peers) on why and how compliance is critical for the impact it has on the clients–know your audience, what’s important for them to understand, and what level they need to go to get the message.”
For educating boards in particular, “understanding risk and compliance issues that other organizations are facing” can help R/C leaders draw parallels to their own companies. “Explain how they (other organizations) are managing those,” one leader suggests, “and how the business is focused on and aware of them.” Drawing a correlation between competitors and how your organization can potentially position the risk and compliance elements of their program as a key differentiator is way to engage Boards and the ELT. The discussion reverts to one of competitive advantage and not a cost burden!
The importance of education and messaging plays directly into building relationships with senior executives and board members–as does a willingness to have hard conversations.
That concept of “reporting up” also involves an understanding of giving senior leaders and board members enough information without overwhelming them, or using scare tactics–with several R/C leaders noting that “fear does not work” as a motivating factor.
Instead, successful R/C leaders tend to put themselves in the shoes of the people they are reporting to and limit their messaging to key concerns. As one leader noted “Governance is one of the things that regulators can trip you up on. Making sure the Board and ELT know what their requirements are–[provide the] right training and awareness. Focus on the top level 3-5 and what you are doing to fix those. Help guide them through the challenges in a way that they understand.”
Understanding and working toward the company’s overall business needs is another critical piece of the messaging and relationship-building puzzle for R/C leaders. As one leader noted, “Revenue and risk organizations should have different goals but a common alignment, especially in the area of new products. Product needs to include risk into the product design features and elements. There may be instances where a customer’s risk profile is increasing, so executive alignment will be critical especially if this is a material customer with a long history.”
This approach also serves leaders well when it comes to loss and fraud prevention. “The consequences of not having a robust technology stack to manage fraud are very real to brand and revenue,” noted another leader. “It’s always important to show the impact of removing fraud options and tech protections and monitoring to the bottom line. It’s also critical to sustain trust and credibility across the brand.”
At its core, this concept can be boiled down to a simple maxim, as outlined by one senior risk professional: “Make sure that R/C is promoted as a cost avoidance, not a cost.”
With consistent messaging, strong senior leadership and board partnerships, and a focus on ensuring understanding of the importance of R/C in place, leaders can gain buy-in for the true purpose of their function: building risk mitigation into the day-to-day functioning of the organization.
These market insights from Carpe Diem Global Partners are gathered from the firm’s extensive client work leading Board, CEO, CXO, and CHRO executive search engagements for public and private multinational companies. For deeper, custom insights, contact Michael Whitehead at mwhitehead@carpediempartners.com.