When it comes to business executives with acronyms, there are a few that come to mind fairly quickly: CEO (Chief Executive Officer), COO (Chief Operations Officer), and CFO (Chief Financial Officer). These are the well-known names, but there is one that has as recently as 2000 entered the business executive lexicon outside of the heavily regulated industries, like healthcare and financial services, and that is the CCO (Chief Compliance Officer). Historically, there are two reasons for a CCO to be a part of your business: Government regulations or security regulations. It is the role of the COO to lead their compliance officers in managing compliance risk so the business passes audits by the government or security audits.
The CCO role is generally on the executive level and who they report to is up to the company, but they play a very important role in the health of the company. They evaluate the company’s compliance issues and take steps to ensure that they do not become long-term problems. The CCO learns the laws and regulations that govern the company, which is essential as increases in regulations have made it necessary for an executive with a sophisticated skillset, so the rest of the company can focus on the business. The role of the CCO differs between public and private companies.
Many public companies (i.e. traded on the stock market) following the scandals of Enron and WorldCom in the early 2000s and the Sarbanes-Oxley Act of 2002, created a position for a CCO and filled it. Basically, the United States Government required businesses to have a Chief Compliance Officer so that the companies would be compliant with the law the SEC created to regulate accounting in public businesses.
In a private company, it is more likely that a CCO will be acting to prepare and manage the acquisition of security clearances like SOC 2 or ISO 27001. Security clearances are incredibly important to businesses looking to expand into servicing industries with sensitive material that require higher levels of security. For the CCO, Something like SOC 2 would be on their to-do list; they would create policies and manage the processes needed to pass the AICPA’s (American Institute of CPAs) Trust Service Criteria of Security, Availability, Confidentiality, and Privacy. This ensures that the consumer’s information is protected while still being available to use and disposed of properly.
At the same time, CCOs for private companies must also ensure that if choosing to raise money, they meet all SEC requirements for their raise. Choosing to use financing methods such as Regulation A, Regulation CF, or Regulation D requires that companies follow the requirements set by the SEC, such as enforcing investor limits and ensuring that Blue Sky laws are met in each state the raise is taking place. Failure to comply with regulations can result in severe penalties and may require the company to refund investors.
Whether you are a part of a public or private company, a Chief Compliance Officer is a valuable part of your team. They are focused on making sure the company is compliant with compliance, government, or security regulations so the rest of the company can focus on their day-to-day functions without worry.