Compliance Officers and Law Degrees
Last week we saw another salary survey for compliance officers, which found that compliance professionals with law degrees enjoyed far higher compensation than those without one. This lets us revisit that eternal debate in corporate compliance: do compliance officers need to be lawyers?
The report comes from recruitment firm BarkerGilmore, as a more detailed follow-up to a prior report on compliance officer and general counsel pay. This follow-up report is certainly worth reading too, since it’s full of benchmarking data that will come in handy during your next performance review — and one statistic jumped out at me above all.
Public company chief compliance officers with law degrees made $295,000 more in compensation than their CCO counterparts without one.
Sure, a big part of that amount presumably came from highly valuable stock-based compensation; but CCOs at private companies and nonprofits who had JDs enjoyed steep compensation premiums too. Across the board, for any type of organization, having a law degree paid off. See Figure 1, below.
We can surmise a few reasons why compliance officers with JDs make more money. First, having a JD means you went to law school, and most likely spent at least some time working as a lawyer. Lawyers tend to make decent money, because they need to pay off that law school debt. If a company wants to lure that person to be a compliance officer, that company needs to offer an enticing salary.
It’s also true that people with JDs can do more things; you can both work in compliance and work in legal. That wider range of skills presumably makes you a more valuable employee, which means more money.
OK, but those are all reasons why compliance officers with law degrees make more money. Our original question was whether compliance officers truly need law degrees to do the job. Clearly companies believe so, since they’re the ones paying that law degree premium — but is that judgment really correct?
What Lawyers Allegedly Bring to Compliance
Let’s break down this question to its fundamentals. Companies would want compliance officers to be lawyers for two principal reasons:
- Because you understand the law and “think like a lawyer;” or
- So you can do those magical things that only lawyers are allowed to do.
Upon close scrutiny, however, neither of those reasons holds much water.
If a compliance officer needs to know the law — to be able to cite it, and understand what various laws do or don’t allow your company to do — a good one can learn that through years of experience. For example, talented HR professionals pick up an understanding of labor law; medical coding executives will learn their way through the Medicare maze. You can also learn the law through one of those continuing education programs on compliance that are sprouting like weeds across higher education.
Nor do I buy the argument that compliance officers should have law degrees so that they will “think like a lawyer,” which is just a self-absorbed way of saying someone has good critical-thinking skills. Law students learn how to think like a lawyer by the end of their first year. Plenty of others learn those same critical-thinking skills through on-the-job experience. So you could hire a 1L drop-out or someone with no legal education at all, and still find a great candidate — if you have the discipline (and open mind) to recruit and interview those candidates.
Or maybe a company wants its compliance officer to have a law degree so that the compliance officer can do those things that only lawyers are allowed to do. Except, there’s really one one magical thing that lawyers can do: exercise attorney-client privilege to protect the company.
Well, if the company wants to exercise privilege, the compliance officer can just call the legal department and ask, “Will you take a look at this matter here?” That can be enough to activate the privilege.
What Compliance Needs
Now let’s consider things from the perspective of an effective compliance function. That effective function must be able to do several tasks:
- Investigations
- Policy management
- Education and training
- Due diligence
- Risk assessment
How much will a law degree help a compliance officer with any of those things? At best, maybe a law degree will help you with investigations because you might be handling a sensitive matter that needs privilege. But plenty of talented lawyers aren’t talented investigators, and we just sketched out an alternative way to exert privilege anyway. So does a law degree really help there after all?
As for the other tasks, I don’t see how having a law degree helps with any of them. You can know the law without a law degree, and you can learn the mechanics of those tasks through on-the-job experience.
Perhaps the insistence on a law degree for compliance officers is all about trust, or the lack of it. That is, if the general counsel understands the compliance team’s purpose and trusts that the compliance function is working to support the business, then that GC is less likely to get hung up on formalities such as whether the compliance officer has a JD or passed the bar exam.
But when the general counsel (or senior management generally) doesn’t trust the compliance function — when they view compliance as a potential threat to the objective of reducing liability for the company — that’s when insisting on law degrees for the CCO becomes more likely.
A Career in Compliance Without a JD
Compliance officers also have another important question to ponder. If you don’t have a law degree, what does that mean for your career advancement?
After all, for plenty of compliance officers (those with law degrees) the next move up the ladder is to be deputy general counsel or chief legal officer. That path is closed to CCOs without law degrees. So where do those folks go next in their careers?
Some might plausibly migrate into senior HR roles if that’s what they want. Others might believe working in corporate compliance is the zenith of personal and professional achievement (Radical Compliance does!) and just move around Corporate America from one CCO role to another.
Or compliance officers might try to move into chief risk officer roles. That step forward does make a certain amount of sense; you’re trained in risk assessment and the measures to keep risk in check, and those measures usually include embedding risk management controls into business operations. If you can do all that for compliance risks, you’re probably well-qualified to do the same for other types of risk, too.
But consider the implicit assumptions behind my previous paragraph: that compliance is a risk management function, not a legal function. That’s really at the heart of this whole question, and I suspect a fair number of general counsels would dispute it.
Then we come to yet more questions about what your early career experience should be if you want to become chief compliance officer and then chief risk officer. Maybe you’d need to spend more time on audit or data management issues, and then get a master’s in compliance law somewhere along the way.
What you wouldn’t need, however, is a law degree.
I’d be eager to hear your thoughts on this debate, of course. Email me at [email protected] (confidentially if you’d prefer) and I’ll include responses in a follow-up post.