Good Compliance Leader / Bad Compliance Leader

In some cases, the saying, “If it looks like a duck, swims like a duck, and quacks like a duck, it is a duck” is inaccurate. Compliance leaders are one of those cases. They may have similar backgrounds, act alike, and use the same terminology, but they are certainly not all alike. There are good Compliance leaders, and there are bad Compliance leaders.

Good Compliance leaders take ownership of the entire Compliance process. They set clear expectations. They make sure everyone on the team understands that Compliance is a puzzle and that even the smallest piece is critical for completing the picture. They foster a sense of accountability, making sure that like every member of the organization, they too have a part in keeping the business running. They take full responsibility for the Compliance roadmap (no excuses).

Bad Compliance leaders make lots of excuses. They do a lot of explaining and blaming. They take a reactive stance and say, “The audit didn’t go well, someone messed up,” and try to explain why. Not enough funding, the control owner wouldn’t respond, COVID happened.  They schedule lots of meetings. They dwell on the past. What we could have done. Good Compliance leaders learn from the past, they look to the future.

Good Compliance leaders see the bigger picture. They consider the long-term. They think strategically and continuously. They ensure all stakeholders understand WHY Compliance is vital for the business. They proactively talk to the organization about something they care about -- risk. Good Compliance leaders talk about business risks in a language that control and risk owners understand: data breaches, loss of business opportunity, reputational damage. 

Bad Compliance leaders think in terms of the next audit. They focus on the WHAT and the HOW. They focus on tasks and evidence. Topics that are granular and tactical, that only check a box to help pass the upcoming audit. They think of their work as a game of Whack-a-Mole – constantly putting out fires and never taking a holistic view of the organization. Their work cycle is a wave. It is either, “Oh, good! The audit is over, time to chill,” or “Oh, no! The audit is coming, we need to rush.”

Good Compliance leaders build relationships, understand other teams, and study the business roadmap. They relate positively and effectively to a broad group of stakeholders and address their concerns. Bad Compliance leaders show up twice a year and say, “Hey, we need evidence, this is a priority, and I'll get you in trouble if you don't do it.” Bad Compliance leaders create friction and are the people everyone avoids.

Good Compliance leaders are excellent communicators. They paint a vision of where we should be, even if we need to take incremental steps to get there. They work backward and use the WHY to make tough decisions. Bad Compliance leaders talk at people and use confusing jargon. They speak vaguely about tactical missteps.

Good Compliance leaders understand that they may be causing others pain. They have a mechanism to measure pain levels. They ask questions. They actively listen. They send surveys. Bad Compliance leaders are out of touch. They don’t understand why their activities aren’t the top priority. They act impulsively. They trust what they overheard in the hallway. Good Compliance leaders function as business-enablers, allowing other departments to focus their attention on the task at hand. Bad Compliance leaders are a burden, allowing Compliance pitfalls to block business expansion.

Good Compliance leaders recognize that while fraud exists, most Compliance errors are mistakes, misconfigurations, lack of data, or simply a misunderstanding of what evidence is needed to prove a particular outcome. Bad Compliance leaders play Gotcha! They don’t trust their teams and look for flaws. They think like an auditor and try to poke holes in every fact. 

Good Compliance leaders know how to use data to their advantage. They use data-driven signals to find trends, anticipate problems, and provide the business with insights. Bad Compliance leaders think only in terms of pass or fail. Good Compliance leaders use data to create predictability. Bad Compliance leaders are surprised by outcomes.

Good Compliance leaders filter the data by risk level to help prioritize what needs to be done. Bad Compliance leaders email a spreadsheet of 200 required actions with no context or priority levels. Good Compliance leaders make sure that if someone can only do one thing today, they know exactly what that one thing should be.

Good compliance leaders are curious about how to apply their understanding to a specific technology. They want to research and use the available technologies to improve their processes. Bad Compliance leaders expect you to fit your data perfectly into the box; if it doesn't fit, you fail. 

You can find our full "Good Compliance Leader/ Bad Compliance Leader" guide here.

Inspired by Good Product Manager/Bad Product Manager by Ben Horowitz at a16z.com