Scott Maurice on the CCO and Compliance Culture

In the modern business, new opportunities beget new occupations. This is very much true for growing demands of compliance, especially given increases in liability and the range of regulatory risks in recent years. For this, the Chief Compliance Officer has become an integral part of some organizations, overseeing all of the protocol necessary to maintain an environment of regulatory compliance.

It’s a difficult job. These professionals face serious consequences in the event of a violation, with many facing fines, suspension, or even job loss in the event of an issue. Additionally, the losses to both organizations and individuals are monumental; for instance, lost medical records can severely hamper the ability of care professionals to properly treat patients. There’s a lot on the line for a CCO, and only the most savvy survive.

However, it is also a role that is only loosely defined at this point in time, leading to CCOs performing very different jobs depending on their company. For any CCO, the ability to multitask, possession of extensive technical and organizational knowledge, and the logistics acumen to carry out businesswide solutions are all relevant.

There is inevitably a lot going on. In a day, a CCO may have to oversee monitoring software, keep abreast of changes in regulation, and education team members on their role in compliance. It is also necessary for them to keep detailed records; a paper trail can be critical both in proving that an organization has remained compliant and responding to breaches. They need to take an active leadership role in their organizations, as other staff will have to be responsible for maintaining compliance as well. This has proven to be a challenge for many; with over a quarter of CCOs not knowing or documenting compliance roles for their staff.

This is but one of many aspects of the role that CCOs will have to address to support their organizations. A CCO is part of an endless struggle that each company faces—with the regulatory environment constantly changing, they will need to prove adaptable and willing to keep up with shifts and create an agile infrastructure. Any new regulatory information will have to be seen, and its impact noted. Again, documentation is a huge part of the responsibilities of a CCO. If a new regulation affects their business, they need to track the ways that it does so and the ways that they respond to address the change. Case studies from other companies that have failed to meet compliance are both a cautionary tale and a way to learn potential pitfalls with regulations.

Worth noting is that CCOs are not necessarily IT experts, though they will make extensive use of technology to pursue their goals. Compliance is less about IT and more about business operations, with every employee doing their due diligence to reduce a company’s liability. The fact is, even the best security systems can be thwarted by an employee clicking the wrong link. Things like phishing schemes take advantage of the human element to data. A CCO should recognize this and strive to address these shortcomings inherent in IT solutions.

Even so, knowing the technology is important. In the upcoming years, CCOs will need an even greater understanding of the systems they use to do more with less. In addition, the role will become even more defined, with companies both recognizing a need for the position and CCOs themselves recognizing that personal liability is another aspect of the job to be addressed. Overall, the niches created by new regulatory environments are quickly being filled, but these jobs will likely come to full fruition in the near future.

Scott Maurice is an IT professional based in Seattle, Washington. Scott, along with his company, Avail Partners, seeks to provide industry-specific solutions for information technology. He specializes in healthcare compliance, with new standards such as HIPAA shaking up the industry.