Your Compliance Career in Charts
It happened to me again the other day. I was writing up an item for the Compliance Jobs Report, and got confused about who reports to whom in the compliance team pecking order: Does a compliance director report to a compliance manager, or vice-versa?
A quick call to a chief compliance officer who has done plenty of hiring (and job-seeking) over the years soon answered my question. A compliance manager reports to a compliance director. Then I started to ponder how one climbs the compliance career ladder more broadly. What is the title a compliance youngblood would typically have in his or her first job? What comes next, and then next after that, until you’re a chief compliance officer?
After consulting a few more compliance officers and recruiters, and studying a range of compliance job postings online, I mapped out a compliance career ladder with six primary rungs. See Figure 1, below.
If you’re going to devote your career in corporate ethics and compliance, then you’re likely to land on all the above titles sooner or later. (Except maybe that seventh rung of CEO, which I included just to understand who exists above the CCO.)
Depending on the size of your employer, the compliance function might also expand its ranks by adding various “senior” roles too. I’ve seen managers promoted to senior managers, who still report to directors; and directors promoted to senior directors, who might report into executive directors or to vice presidents.
I’ve also seen vice presidents of compliance promoted to senior vice presidents, who seem functionally equivalent to chief compliance officers. (I suspect that’s a power play either by insecure general counsels who’d feel threatened by a “chief” compliance officer, or by tightwad CFOs who don’t want to pay the higher salary or equity awards that a C-level peer would typically get.)
At the low end of the ladder, I’ve sometimes seen “compliance coordinators” but not often enough that they warranted their own rung on the ladder.
Does my career ladder seem complete to you? Am I forgetting any other important rungs? Let me know at [email protected].
An Expanded Org Chart
OK, that’s the compliance career ladder vertically. Now let’s consider the duties within a typical corporate compliance department, and how those duties compare to other Second Line risk oversight functions. See Figure 2, below.
My goal here was to identify what the various Second Line risk oversight functions actually do, to help people understand (a) how you might move across teams horizontally rather than upward though one team specifically; and (b) how you might reorganize similar types of tasks into more consolidated, and technology-assisted, roles.
For example, the compliance, procurement team, and IT security teams all do lots of third-party due diligence. Each team focuses on specific types of risk (compliance team, ethical conduct risk; procurement team, pricing and reliability risk; IT security team, cybersecurity risk) — but it’s all third-party due diligence of some kind.
So could your organization perhaps create some sort of “chief third-party risk officer” role, whose primary duty is to perform due diligence and monitoring for all the risks that all your third parties pose?
The idea seems logically sound, although I’m not convinced the necessary IT applications are there yet and you’d need someone with a gift for navigating office politics and turf wars. But one can see how the role might work.
Or consider investigations. The compliance team plays a significant role in investigations, especially if the allegation involves a regulatory or legal infraction of some kind. But HR and the legal team (neither of whom are included above, mostly because I didn’t have the room) do lots of investigations work too.
So could your organization create a director of investigations role that serves all three teams? If you did, where on the org chart would it be located? I suspect legal would always insist that an investigations function report to them because they’re paranoid dweebs so concerned about liability and attorney-client privilege, but who knows.
Again, how does my org chart look to you? What duties or teams am I overlooking? Let me know so I can devise something better!
What Comes Next
The other reason I doodled up these career and org charts was to help illuminate how new compliance duties and advances in technology might scramble traditional notions of who does what, and at what point in your careers.
Let’s take trade compliance as an example (since apparently we’ll be in a trade war with Europe by Thursday). If you’re a business suddenly needing to create a new trade compliance officer role, where would you put it?
One argument is to house that role within the legal team since trade compliance rules are complex and involve lots of contract negotiations. Lawyers are good at those things.
On the other hand, when I see people announcing on LinkedIn that they’ve just landed a trade compliance officer role — and especially if they’ve been promoted into the role by their current employer — plenty of those folks are coming from a supply-chain or procurement background. And really, why not? A large part of trade compliance is about knowing who your suppliers are. Supply-chain folks are good at that.
If you’re a large global business with a significant legal team, you’d probably put your trade compliance role there. If you’re a smaller shop bewildered by President Trump’s tariff-by-tweet policies and low on manpower, you might start with someone in the supply-chain or procurement team.
That’s an example of how org charts might change cross business functions. Artificial intelligence is an example of how career ladders might change within one business function.
We all know the claim that AI will automate away the scut-work from lower-level employees, to free up their brainpower for more sophisticated tasks. So imagine that a compliance analyst’s job starts to expand upward, to overlap with a compliance manager role, since the AI agents are doing the analyzing.
Except, I’m not convinced that’s how it will all work. It might be that the compliance manager’s job will expand downward, crowding out the analyst. AI won’t free up the lower-level employee to do high-level work; it will pile more work onto the manager’s plate, to be done and overseen in a more automated, AI-infused fashion.
So if you’re mid-career, and AI expands your role downward, will that slow your trajectory upward? Who will do your job in 10 years, when today’s compliance analysts no longer get a first foot on that ladder in the first place? Or will AI fail to deliver, and none of this even matters?