35% of Global 2000 companies now have a Chief Compliance Officer – and not all of these companies are in the financial sector. The weight of compliance legislation (particularly Sarbanes Oxley, Corporate Governance codes around the world, Privacy regulations, etc) the workload faced by the audit committee and by the CFO are, between them, encouraging a number of major organisations to appoint a Chief Compliance Officer. The question is: is this role really going to make a difference, or is it simply going to create more confusion inside organisations?
The issue is that, today, compliance fundamentally depends on technology and has significant financial involvement – from reporting through to costs. Already, on balance, CEOs and CIOs are failing to communicate. The CCO will have to communicate with the CEO, the CIO, the CFO, the audit committee and the IT governance committee (if there is one) – and will need substantial legal expertise to boot. If the CCO can effectively co-ordinate all these business functions, then there is a possibility that compliance will actually be improved – if not, the CCO will simply add to bureaucracy and inefficiency, without any significant improvement in the information security posture of the organisation.