Last week I had a post exploring whether senior-level compliance jobs are becoming harder to land, and some possible reasons why that might be. The post led to numerous compliance officers sending me some of their own observations; with their permission (and some confidential details scrubbed out), let’s dig a bit deeper into what’s going on here.
First, several compliance officers raised the age-old complaint that companies are cramming compliance duties into the legal department. As a result, compliance officers might overlook a job listing that substantively is a compliance role, but carries a legal department title and might even be advertised only on legal department job boards.
One mid-career compliance professional at a mid-sized tech company described the situation as follows:
Sometimes this function is getting placed under the general counsel (bleh) and hidden as an associate GC position. I’m facing this now with a company I’m interviewing with. I still think I’ll take the position (because the pay is right) because it’s with a public company and could lead to bigger and better things.
OK, I accept that this hiring practice happens; but it still strikes me as potentially unwise — because it means the legal department is running the show, and I’ve heard many, many stories from compliance officers about corporate legal teams who have no idea what a successful compliance program actually entails.
For example, I’ve heard tell of general counsels who don’t understand that compliance programs for the FCPA and healthcare’s Anti-Kickback Statute are substantively the same thing (an anti-bribery program), so a veteran Anti-Kickback professional is usually the better hire than a law firm partner with FCPA expertise. Compliance is more about running a program than understanding the law (that is, after all, why you keep outside counsel on outrageously high retainers), and that point can elude many lawyers.
Other folks complained to me that companies are low-balling the title and authority of a compliance officer, with the added irritation of a low-balled salary, too. My particular favorite was a large company hiring for a director of compliance where “you may have the opportunity to brief the board” like it was a chance to score backstage passes to an Adele show. As another compliance professional said —
I’m finding that when it’s the first real compliance position it may be posted as a lower position such as director, when in fact it should be a CCO. Sometimes this is because of lack of knowledge, others because they are being cheap and not taking the position seriously. I apply anyway and I’m on my third round of interviews with a company now.
I wish that person luck, although the complaint is one I hear often.
A View From the CCO’s Perch
One veteran compliance officer, CCO at a Fortune 500 company with significant consumer interaction, gave a long answer that is worth quoting in full.
Prior to the pandemic, I would average about one inquiry a month from a recruiter and about one a quarter from a Fortune 500 company. Over the past 18 months that number has been zero. Maybe it’s me, my age, and that I am not actively looking — although none of that seemed to matter 2 years ago. What I think is the following:
First, there is more of a focus on DE&I, ESG and privacy right now (privacy is the new Compliance) although I recognize that privacy is often part of the CCO role. I feel like “core compliance” is a bit on the back burner.
Second, the ongoing trend of combining the GC and CCO role; or at a minimum, having the CCO report into the GC. That reduces the number of senior level CCO roles that need to be filled.
Third, perhaps many of us who consider ourselves the “pioneers” of this field (meaning we’re old and have been doing this a long time) are in the most senior roles and clogging up the works; which results in a slowing of the market. That is, maybe we’ve become a mature function.
This person makes a lot of sense. Corporate compliance does go through evolutionary stages, from financial controls in the 2000s, to anti-bribery issues in the early and mid-2010s, to privacy, cybersecurity, and diversity today (all of which are surging in interest and importance). ESG is going to be one of the next stages in the 2020s.
What’s intriguing is that this person is talking about issues rather than the practical challenges of running a program. Which fits with the person’s other point, that perhaps “core compliance” capabilities — how to perform a risk assessment, or build a third-party oversight program, or roll out training — are indeed taken for granted now, and on the back burner.
The pioneers developed those fundamental capabilities; and now that those capabilities are ingrained in the organization, companies can focus more on leaders with expertise in specific issues (privacy, diversity, ESG, cyber) who can inject that knowhow directly into the program already running.
I don’t know how widespread that state of affairs might be, but it’s logically cohesive.
Yes, Industry Matters
And we do have one dispatch from director of compliance in the healthcare sector:
In healthcare compliance there are lots of executive level jobs. Five recruiters contacted me in the past two weeks, all for CCO/VP positions. It may be different for non-health compliance positions. Consider switching to healthcare!
I would only note that healthcare compliance is a nuanced field, with regulatory obligations and details about billing codes, third-party spending, and the like that many other sectors don’t encounter. I’m not sure how easily others can transit into the field. But if that transition is something you can master — well, at least one of your peers says it’s a good move.
If anyone else has observations to share, drop me a line at [email protected] any time!