A new company has been formed or a small business was started last week. Today the founder starts to try and understand, “how do I mitigate risk so I can make more money and keep that money from going to others?” This is often asked due to things like failure to follow a law that he or she may not be aware of, the failure to meet regulatory requirements to things like sending an email to prospective clients, or forgetting to create policies and procedures to govern the organization as it grows.
To answer these questions and to preserve the revenue from going out through cracks in the compliance window, an organization needs to establish the Chief Compliance Officer role. As part of this role, the organization has defined a role responsible for establishing standards within the organization as well as implementing procedures to effectively and efficiently on a continuous basis identify, prevent, detect, and respond to areas of noncompliance with applicable laws, regulatory requirements and other legal requirements.
Urgent Risk Without Time to Hire
Sometimes these questions come up not by choice but rather a regulatory authority, third party or prospective client at the front door demanding answers. To achieve this, the organization needs to hire a chief compliance officer. If someone is knocking at your front door, that kind of time may not be available, which is where the virtual Chief Compliance Officer (vCCO) comes in. The vCCO is in no way intended for a long term replacement; rather a band-aid to help build a program while a full time resource is sought by the organization.
Role of the Virtual Chief Compliance Officer
A virtual Chief Compliance Officer can step into your organization, using experience from working with multiple organizations, to perform functions as:
- Building and managing out your compliance program. While fractional services are offered by Gilliam Security, it is recommended this role be a full-time member of your management team to maintain your program due to the highly confidential nature of the role;
- Facilitating the creation of corporate policies, procedures and standards;
- Serving as the second line of defense (learn more here) for the compliance function within the organization;
- Conducting organizational risk assessments across the entire organization versus a singular department;
- Interfacing between resources on the ground and internal audit (the third line of defense); and,
- Providing compliance training and awareness to the staff of the organization.
While performing these functions, the vCCO should document everything along the way so as the organization hires a full-time Chief Compliance Officer, the continuity of compliance operations can remain.
Benefits of Using a Virtual Chief Compliance Officer
The key benefits of bringing on a virtual Chief Compliance Officer is the affordability of having the compliance services services typically provided by the compliance function. The typical total pay of a Chief Compliance Officer minus benefits can be up to $ 239,000 yearly.
The hidden cost this does not include is employee turnover costs. In a 2016 study by the search firm Russell Reynolds, it was found the employee-based position has a 40 Percent turnover rate over a two year period (link). A company with annual revenue of $20 Million, 50 employees, and a standard working year with a position open for 73 days could cost an organization up to $126,957 (link).
When bringing those two numbers together, you are looking at potentially $302,000 a year in cost.
By comparison, a vCCO will run one $325/hr., which is almost 1000 man hours of a salaried CCO.
What to Look For When Using a Virtual Chief Compliance Officer
Similar to that of a virtual Chief Information Security Officer (link), the virtual Chief Compliance Officer is a role based on risk. That said, it is important to focus on business experience, specifically:
- One who has relationships with other businesses so he or she can leverage his or her experience to provide the maximum benefit to your organization.
- A person who has ability to sell the concept compliance. Compliance must be communicated to all levels of the organization and several people find compliance sometimes to be challenging or not agreeable.
- A relationship based person. Compliance is a team effort. As part of that the person must be able to bring people together as a charge central to the success of an organization.
- A business person at heart. Compliance is understanding what level of risk can be tolerated while complying with the existing requirements. To do that the person must be business-focused who can manage multiple work-streams while being able to use what is available to him or her to make quick and effective business decisions.
Validating the Professional Education of a Chief Compliance Officer and a Virtual Chief Compliance Officer
The Chief Compliance Officer and virtual Chief Compliance Officer position has several certifications based on the industry served and the sub-functions of the the role. The two primary certifications are the the following:
- Certified Professional Compliance Officer. known as the CPCO, issued by the AAPC (read more here).
Note: This certification is primarily focused in healthcare compliance. - Certified Regulatory Compliance Manager, known as the CRCM, issued by the American Bankers Association (read more here).
Note: This certification is primarily focused in banking compliance.
One of the key things to look for in this role is a law degree as a background in law helps with the understanding of corporate compliance.
Looking for a vCCO? Contact Gilliam Security via our Contact Us page (link) and we would be glad to connect you with one of our vCCOs.