An encore presentation from Episode 33
In a recent episode of our podcast, we stepped away from our usual audience of compliance professionals to deliver an important message directly to CEOs and executive leadership. If you’re a top leader at your organization, this episode is for you! It focuses on three common — but avoidable — mistakes CEOs make when it comes to working with their compliance officers, which can undermine their compliance program.
Please see full Podcast here.
Mistake #1: Failing to Define the Compliance Officer Role
Too often, especially in smaller organizations, someone is given the title of “Compliance Officer” without a clear job description. This is especially common when the role is secondary to their main job. While dual roles are understandable, not outlining the compliance responsibilities in writing sets everyone up for failure. Without a defined scope of duties:
- The individual may not know what is expected.
- Leadership can’t properly evaluate performance.
- The organization risks assigning someone without the time or skills needed.
- Transitions in the role can lead to dropped responsibilities.
A detailed job description signals that compliance isn’t just a formality — it’s a priority.
Mistake #2: Not Having the Compliance Officer Deliver Routine Updates to Your Governing Body
Compliance officers should provide routine updates directly to the organization’s governing body— whether that’s a board of directors or ownership group. This is not just good practice; it’s an expectation from regulators, including the Office of Inspector General (OIG) for Health & Human Services. Having the CEO deliver the compliance report instead can:
- Create the appearance of a conflict of interest.
- Undermine the compliance officer’s independence.
- Limit the board’s access to unfiltered compliance concerns.
Instead, allow your compliance officer to provide direct updates to the board on a cadence that’s appropriate for your organization. If they need support in developing those reports, provide it.
Mistake #3: Excluding Compliance from Decision-Making
When compliance concerns are raised — especially when the concern is in a “gray area” and the organization intends to accept some risk, it’s important that the compliance officer understands the rationale for the organization’s decision.
Involve the compliance officer in the decision-making process and allow them to ask questions. Consider sharing legal opinions or having a legal discussion about the intended resolution or handling of the matter directly with him/her. If they’re excluded or their concerns are brushed aside, they may:
- Feel disconnected or devalued.
- Lose trust in the organization’s commitment to compliance.
- Eventually leave — or worse, become a whistleblower.
Even in sensitive or confidential situations, once the confidentiality issue is no longer a factor, loop the compliance officer in. They are best positioned to monitor long-term risks and track regulatory changes that may impact your organization’s risk profile.
Bottom Line:
Avoiding these three mistakes — unclear job roles, lack of board access, and exclusion from compliance risk discussions — will go a long way toward building a compliance-minded culture. As a CEO, your actions shape how seriously your organization takes compliance. Equip your compliance officer to succeed, and your organization will be stronger for it.
