I usually think of the Red Baron a couple of times per year. The first time is at Halloween when I watch the annual replay of the Peanuts cartoon special It’s the Great Pumpkin, Charlie Brown. The second time is at Christmas when there is airplay of The Royal Guardsmen’s classic hit, Snoopy’s Christmas vs. The Red Baron. Although this is marginally better than the number of times I recall the greatest French WWI ace, Roland Garros; which is once per year, during the two weeks of the French Open tennis tournament. However this year, I had another occasion to recall Manfred von Richthofen, the Red Baron, when I read a piece in a recent TLS article, entitled “Unforgotten,by Jerry Palmer. Palmer’s thesis was that the German nation has used the Red Baron in life but more particularly in his long afterlife in a manner rarely seen inside his home country and in combatant nations. The Red Baron and the various ways his legend has been used over the years introduces a topic I have been thinking about for some time, the Compliance Center of Excellence (CCoE).

While there is no definition of a CCoE, there are several definitions of a Center of Excellence (COE), which I have drawn from for this article. In a OneSpan article, entitled “Centers of Excellence (Why Create One)”, Jodi Schechter interviewed Mark Kafka, who defined a Center of Excellence as “a discipline within an organization. The concept of a Center of Excellence is to build out key processes and expertise across the enterprise. It is typically based on a technology, a critical process or an application – to help the organization adopt that process and become efficient at it.”

From this, you can see it is a team that promotes compliance collaboration within an organization. It utilizes best practices around compliance to drive greater business efficiencies, more profitability and customer-valued results. Drawing from Mark Vaughn’s Navint white paper, entitled “Financial Services: Compliance Center of Excellence”, another way to consider a CCoE is that it is a coordinated team with resources that have a range of interrelated skills and responsibilities, in a collaborative working forum, designed to share knowledge, promote best compliance practices and drive successful business results.

A CCoE should have areas, which the Horizon Group identified in its blog post “What is a Center of Excellence. First it should offer support to the compliance function’s customer, company employees, third parties and other impacted by the corporate compliance function. It should provide support for those impacted by compliance in an organization by being a subject matter expert (SME) in the compliance arena. There should be guidance from the CCoE in compliance standards, methodologies and the CCoE should act as a compliance knowledge repository. A CCoE should provide shared learning, including compliance training and certifications, skill assessments, team building and formalized roles which are all ways to encourage shared learning. A CCoE should provide measurements, which demonstrate it is delivering the valued results that justified their creation through the use of output metrics. Finally, in the area of governance, a CCoE should allocate limited resources across all their possible uses, ensuring organizations invest in the most valuable projects and create economies of scale for their service offerings.

From this general description, I see two overarching themes for a CCoE. It should obviously begin with a regulatory backbone, through compliance SMEs supporting the company. It must also deliver demonstrable and tangible results to the business. It would have a clear mission focused on the business and the compliance requirements that must be addressed for each organization.

However, this should then morph into a more business process approach, as a CCoE would become a team of specialists who work together to develop and promote compliance best practices. While initially it may be focused on providing compliance guidance to a company, it would then move to deliver business services, or operationalize compliance throughout an organization. Vaughn notes this could include, “areas such as human capital management, project management, quality assurance, regulatory compliance, business analysis, continuous process improvement, and enterprise performance management.”

Whichever form it takes, the CCoE model should include SMEs, together with other resources that become an integral part of the compliance function, supporting the business in an advisory capacity and delivering discrete services. A successful CCoE will aid a company to “understand and set priorities, create a roadmap, standardize approaches and support processes that improve the underlying structures of compliance over time.” Indeed Kafka was quoted that a CCoE “establishes a best in class operation AND it’s a scalable and repeatable process. It becomes the organizational standard. In doing so, intel from channels of operation that have already adopted practices reduces the learning curve for those new to the organization. Documented processes can be easily rolled out to new channels.”

As with the compliance function in total, it should work with the business unit to design, create and implement a compliance solution that can be pushed out to more fully operationalize compliance. Vaughn noted that the CCoE team would “work to develop a roadmap based on careful planning and analysis, including understanding how, through scenario planning efforts, the organization will pivot one direction or another, to initially address regulatory compliance and improve it over time.”

It would allow compliance to be more integrated in planning and strategy discussions to stay tuned to the ever-changing risk profile of a company. Moreover, through this interdisciplinary approach, it would bring compliance knowhow to help the business folks understand that compliance is, in reality, a business process and as a business process, it can easily be incorporated into business unit operating procedures going forward.

A CCoE can become a very powerful tool for the compliance function in an organization. Compliance is properly seen as business process. If you integrate the compliance framework of controls, incentives, continuous information and its feedback into your company’s business process; it will not only make your organization more efficient but at the end of the day more profitable.

Tomorrow, I will lay out how to create and fit a CCoE to your organization.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2018

0 comments