Tag: CCO

Categories
Innovation in Compliance

Innovation in Compliance: Mastering Compliance Branding on LinkedIn: Insights from Carol Kaemmerer

Innovation comes in many areas, and compliance professionals need to be ready for it and embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, Tom Fox is joined by returning guest Carol Kaemmerer, author of ‘LinkedIn for the Savvy Executive.’

Carol shares valuable insights on how compliance professionals can leverage LinkedIn to build their personal brand and gain credibility with senior management. She introduces her Brilliance Framework, which includes strategies such as leading with authenticity, utilizing the rule of three for memorable branding, maximizing digital real estate, and emphasizing the importance of engagement. Tune in to enhance your LinkedIn strategy and make a lasting impression in your career.

Key highlights:

  • Building a Compliance Professional’s Brand
  • Reframing Compliance Communication
  • Introducing the LinkedIn Brilliance Framework
  • Maximizing LinkedIn’s Digital Real Estate
  • The Importance of Visuals on LinkedIn
  • Engagement: The Gold of LinkedIn

Resources:

Carol Kaemmerer on LinkedIn

Carol Kaemmerer Website

LinkedIn for the Savvy Executive Second Edition

The LinkedIn Brilliance Framework™: Amplify Your Professional Presence

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Great Women in Compliance

Great Women in Compliance – Civility Counts: Fostering Respect & Voice at Work with Jelahn Stewart and Katharine Manning

New #GWIC Roundtable Episode

Civility isn’t just about being polite—it’s about trust, belonging, and creating workplaces where people feel safe to speak up. In this roundtable, hosts Lisa Fine and Ellen Hunt welcome:

  • Jelahn Stewart, SVP, Deputy GC & CCO at Leidos
  • Katharine Manning, President of Blackbird DC and author of The Empathetic Workplace

They share stories and strategies on:

  • How civility impacts performance, creativity, and resilience
  • Why incivility silences women more than men
  • Practical steps leaders and teams can take to build civil, ethical cultures
  • Healthy ways to respond when civility breaks down

The Great Women in Compliance Podcast, hosted by Hemma Lomax and Lisa Fine, shares the stories of women in the field of ethics and compliance, proudly sponsored by Corporate Compliance Insights.

Connect with us:

Great Women in Compliance, hosted by Hemma Lomax and Lisa Fine, is sponsored by Corporate Compliance Insights.

#Leadership #WorkplaceCulture #RespectAtWork #Civility #InclusiveLeadership

Categories
Blog

Directors and AI: Do’s, Don’ts, and Compliance Lessons

Artificial intelligence (AI) has rapidly become embedded in the daily workflows of executives, employees, and, increasingly, board directors. From drafting strategy summaries to analyzing industry data, directors are turning to AI chatbots and transcription tools in the same way they once adopted email, spreadsheets, or virtual board portals. However, unlike those earlier technologies, AI presents new risks, and for directors, these risks intersect directly with fiduciary duties and corporate governance obligations.

A recent memorandum by Skadden, Arps, Slate, Meagher & Flom LLP, published through the Harvard Law School Forum on Corporate Governance, outlines practical dos and don’ts for directors using AI in their board roles. The message is clear: while AI offers great promise, directors must use it with caution. For compliance professionals, this guidance provides important lessons not only for boardrooms but also for the governance structures that surround them.

The Temptation of AI in the Boardroom

Boards are expected to absorb massive amounts of information, such as financial results, strategy papers, compliance reports, cybersecurity dashboards, and often under tight timelines. It is easy to see why a director might feed these materials into an AI tool to produce summaries or ask for red flags. Similarly, transcription services appear attractive for documenting complex board meetings and discussions. But here lies the trap: not all AI tools are created equal. Publicly available chatbots often train on user inputs, meaning that confidential board information could be incorporated into the system and potentially regurgitated to other users, including competitors.

Just as you would never allow directors to send board books through unsecured email, AI tools need guardrails.

Key Risks Identified in the Director’s Guide

The Skadden memorandum outlines several risks directors must consider when using AI in their corporate capacities:

  1. Confidentiality and Data Leakage – Uploading sensitive materials into public AI systems risks exposing trade secrets or personal data. Even if the information is deleted from a user’s history, the AI vendor may still retain and train on it.
  2. Discovery and Litigation Risks – AI chats are records. Like emails, they may be discoverable in litigation or regulatory reviews. Regulators could demand access to AI interactions if they involve matters under scrutiny, such as antitrust reviews of mergers and acquisitions (M&A) activity.
  3. Loss of Privilege – Using AI to transcribe board meetings or communications with counsel risks waiving attorney-client privilege. Once third parties have access, privilege may be lost forever.
  4. Accuracy and Hallucinations – AI outputs can be wrong, biased, or outdated. Treating AI results as authoritative without verification exposes directors to poor decision-making and potential breaches of fiduciary duties.
  5. Erosion of Human Judgment – Over-reliance on AI to make HR, strategy, or other critical decisions risks abdicating the duty of care and loyalty. Directors must remain firmly “in the loop”.

Compliance Lessons for Professionals

From these risks, we can distill key lessons for compliance officers advising boards and executives on AI governance.

1. Confidential Information Must Stay Inside the Perimeter

Compliance professionals should establish clear rules: no uploading of board materials, personal data, or trade secrets into public AI tools. Instead, direct the board to company-approved platforms that are vetted for security and configured to prevent training on sensitive inputs. This is not just a best practice; it may also be required to comply with contractual obligations, privacy laws, and internal data-protection policies.

2. Treat AI Chats as Discoverable Records

Boards should assume that anything shared with AI may one day be discoverable by others. Compliance professionals must include AI chats and transcripts in records-retention policies and advise directors to avoid discussing sensitive legal or competitive issues in public AI systems. This lesson mirrors earlier corporate missteps with text messages and messaging apps. AI is the new frontier for discoverability.

3. Preserve Privilege by Avoiding AI for Legal Matters

Directors must not use AI to record privileged discussions with counsel or board meetings, as this would violate the attorney-client privilege. Compliance officers should make this an explicit policy. Approved transcription tools may be used for training sessions or customer service calls, but never for board-level deliberations. Losing privilege could cripple a company’s defense in litigation. Compliance officers should hammer this home during board training.

4. Verify Before You Trust

AI has a well-documented tendency to “hallucinate.” Directors must be reminded: AI is not a single source of truth. Compliance programs should emphasize verification. Encourage directors to cross-check AI outputs against trusted sources and ensure management reviews AI-generated analyses before relying on them for decision-making.

5. AI Is a Tool, Not a Decision-Maker

The most important compliance lesson: AI augments but does not replace human judgment. Directors remain bound by duties of care and loyalty. Compliance professionals must make clear that delegating decision-making to AI tools could not only harm the company but also expose directors to personal liability.

Building a Compliance Framework for Board Use of AI

The Skadden guide closes by urging boards to develop clear policies for AI use, including approved tools, acceptable uses, and required disclosures. For compliance officers, this is an opportunity to lead.

Here are key framework elements to consider:

  • Approved Tools List – Maintain a list of AI platforms validated by IT and legal for security and compliance.
  • Acceptable Use Policy – Define when and how directors may use AI (e.g., industry research, summarizing public filings) versus prohibited uses (e.g., uploading board decks, transcribing meetings).
  • Training and Awareness – Provide directors with training on AI risks, including confidentiality, discoverability, and hallucinations.
  • Monitoring and Audit – Periodically review the use of AI by directors to ensure compliance with relevant policies and regulations.
  • Disclosure Requirements – Require directors to disclose if AI tools were used to generate or summarize board-related materials.

Final Thoughts

The “Do’s and Don’ts of Using AI” is a timely reminder: AI governance is not only about company-wide adoption. It also starts at the top, with the board itself. Directors tempted to use AI in their own roles face unique risks. These risks could compromise confidentiality, destroy privilege, or erode fiduciary oversight.

For compliance professionals, this presents an opportunity to serve as both educator and enforcer. Just as compliance led the charge on insider trading policies, conflicts of interest, and anti-bribery training, so too must we lead on AI governance.

The bottom line is that AI can be an extraordinary tool for directors. But without compliance guardrails, it can also be a governance trap. Our role is to ensure the boardroom and the company stay on the right side of that line.

Categories
Daily Compliance News

Daily Compliance News: September 24, 2025, The Double Fantasy Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day, we consider four stories from the business world, including compliance, ethics, risk management, leadership, or general interest, relevant to the compliance professional.

Top stories include:

Categories
10 For 10

10 For 10: Top Compliance Stories For the Week Ending September 20, 2025

Welcome to 10 For 10, the podcast that brings you the week’s Top 10 compliance stories in one podcast each week. Tom Fox, the Voice of Compliance, brings to you, the compliance professional, the compliance stories you need to be aware of to end your busy week. Sit back, and in 10 minutes, hear about the stories every compliance professional should be aware of from the prior week. Every Saturday, 10 For 10 highlights the most important news, insights, and analysis for the compliance professional, all curated by the Voice of Compliance, Tom Fox. Get your weekly filling of compliance stories with 10 for 10, a podcast produced by the Compliance Podcast Network.

Top stories include:

  • A former Navy No. 2 was sentenced to 6 years for corruption. (NBC)
  • BCG employees to take Humanitarian Principles training. (FT)
  • DOJ is about to cut loose the Binance monitor. (Bloomberg)
  • Trump calls for the end of quarterly reporting for public compliance. (NYT)
  • Trump claims there is a deal with TikTok. (FT)
  • Marcos says no one will be spared in the corruption investigation. (Reuters)
  • First AI CCO. (BBC)
  • CFTC probes Google, Amazon over advertising. (Reuters)
  • Can Zoom make your meetings better? (NYT)
  • DOJ is looking at Uber for Disabilities violations. (WSJ)

You can check out the Daily Compliance News for four curated compliance and ethics-related stories each day, here.

Connect with Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

You can purchase a copy of my new book, Upping Your Game, on Amazon.com.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Your First Board Seat, A Guide to Success

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today, we conclude our 5-part series and consider several questions about compliance officers working with or on the Board. We also consider what you need to do to be successful after joining your first Board as a member.

For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing your Compliance Program, 6th edition, which was recently released by LexisNexis. It is available here.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – So You Want to Be on a Board

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today’s episode continues our five-part series, considering several questions about compliance officers working with or on the Board, and moves on to how a CCO can make themselves more marketable to sit on a Board.

For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing your Compliance Program, 6th edition, which was recently released by LexisNexis. It is available here.

Categories
Blog

Board Week, Part 4: So You Want to Be on a Board

If you work in compliance, you already speak the language boards care about risk, resilience, integrity, and long-term value. The opportunity now is to package your experience so that directors and the searchers who advise them will view you as a business voice who specializes in compliance, rather than the other way around. Drawing on insights from women leaders who have navigated their way to board service, along with hard-won boardroom lessons, we present today a step-by-step playbook for compliance professionals who want a seat at the table.

Reframe Your Value: From “Compliance Leader” to “Board-Ready Risk Strategist”

Boards add people to fill needs, not aspirations. Translate your day job into board outcomes.

As a CCO, you use judgment under uncertainty. Some of the key tasks of every compliance officer include triaging investigations, balancing disclosure risk, and managing interactions with regulators. Boards prize seasoned judgment more than technical depth. You also have a broad, enterprise risk lens. Recast hotline trends, third-party risk, sanctions exposure, data privacy, and culture measurement as strategy inputs and value protection, not just controls.

You should already have fluency crisis preparation and management. You know incident response cycles (facts are murky, pressure is high, stakeholders differ). That calm, evidence-first approach is board gold. Finally, show that you understand the boundary: boards govern, while management operates. You can probe, synthesize, and guide without taking control of the show.

Deliverable: Write a one-page Board Bio (not a resume). Lead with judgment, strategy impact, crisis experience, and committee relevance (Audit/Risk/Gov). Keep it crisp; your first paragraph must sing.

Choose Your On-Ramps: Nonprofit, Private, Public—In That Order (Usually)

Recruiters fill a minority of board seats; most come through networks and word of mouth. For many compliance professionals, the fastest on-ramp is to mission-driven or local nonprofit boards, followed by private company boards, and then public boards.

Nonprofit boards hone the muscle memory of governance, committee work, and board dynamics. You learn agendas, pre-reads, fiduciary duties, and the cadence of challenge/support. You also practice EQ moves, such as knowing when to ask in the room versus follow up offline. Private company boards value operators who have built programs and navigated growth risk, which are perfect for compliance leaders who have matured third-party, privacy, or cyber programs at scaling companies. Finally, public company boards hire for specific committee needs, prior board experience, and public company expertise (audit, compensation, nominating/governance, cyber risk).

Action to take: Pick three nonprofits whose mission you genuinely care about. Offer to help first (advisory project, committee seat), then raise your hand for the board. Passion + preparation beats paper credentials.

Build a Targeted Narrative, Not a Generic Pitch

Your pitch should not be “I want a board seat.”; but rather Here’s the problem I’m built to solve.”

If you are a controls/assurance pro (SOX, internal audit, investigations): position for Audit or Risk committee. Emphasize financial integrity, whistleblower credibility, remediation discipline, and root cause rigor. If you are a tech-savvy, privacy-conscious, or cyber-savvy CCO, aim for Risk or Technology oversight. Stress incident playbooks, data governance, AI/ML risk, and cross-functional response. If you are facing cultural/ethical issues, look to nomination and governance needs. Areas such as board composition, CEO succession risk, incentive design that deters misconduct, and culture as control.

Homework: Then do industry homework. If you’re pursuing a career in healthcare, life sciences, fintech, or manufacturing, read 10-Ks, enforcement actions, and peer risk factors; convert your experience into sector-specific oversight value.

Network Like It’s Your Job (Because It Is)

Board seats are an art, not a posting. Your path will resemble a mosaic more than a pipeline.

Warm introductions often outshine cold resumes. Tell three people each week in positions such as GCs, CFOs, fellow CCOs, auditors, and PE operating partners exactly which needs you need to fill and in which sector. Peer groups are multipliers. Join compliance councils, audit institute chapters, NACD/director forums, and alumni boards. Offer to moderate a panel on “Board Oversight of Third-Party Risk” or “AI and Culture Risk.” Finally, be visible in solving problems. Publish a short LinkedIn series on board-relevant topics (e.g., “A director’s five questions for sanctions exposure”). Speak briefly; show judgment.

Remember: Patience wins. Boards decide on quarterly cycles, not recruiting sprints.

Get Committee-Ready—Fast

Most first-time directors enter through committees. Make yourself instantly addictive:

The Audit Committee. Develop a new approach that ties investigations, SOX controls, fraud risk assessments, and hotline patterns to financial statement risk. Show how your work protected revenue or EBITDA. The Risk Committee brings a heat map that integrates cyber, third-party, geopolitical, product safety, and culture risk. Demonstrate scenario planning and escalation criteria. The Nom/Gov Committee connects incentive structures, succession planning, ethics benchmarks, and board composition to long-term value. Finally, consider the Compensation Committee by translating root causes of misconduct into incentive design advice (pay for how results are achieved, not just that they’re completed).

Deliverable: Create a two-page Board Briefing Pack you can share confidentially when asked: a sample dashboard, escalation triggers, and a case study where your counsel changed a decision.

Do the Diligence: Culture, Time, and Risk

Do not treat an offer like a trophy; do your homework for the Company and the position. Ensure you are a cultural fit. Talk to multiple directors and at least two executives. Ask how the board challenges management, how dissent is handled, and how pre-reads and follow-ups actually work. If they are reticent to connect you, that is a red flag. Make sure you understand the time reality. Beyond quarterly meetings, count committee meetings, prep, and off-cycle crises. Nonprofit boards can be especially “needy”; set eyes-open expectations. And last but certainly not least, tie down the D&O and indemnification. Always ask to see the policy and indemnity language, including limits, carve-outs, and advancement of expenses. For public or PE-backed companies, confirm coverage by entity and by capacity.

Make Your Board Bio and Outreach Ready This Month

Create a one-page Board Bio. It should contain an Opening (3–4 lines) that demonstrates your judgment, sector context, and committee fit (e.g., “Audit/Risk-ready executive who led global compliance and crisis response across 30 countries; proven board advisor on cyber, sanctions, and culture risk”). It should contain 3-5 selected impact bullets tying actions you have taken to outcomes (“Reduced investigation cycle time 40% and increased substantiation quality; informed board decision to exit a high-risk distributor, avoiding potential enforcement exposure”). Add your board interests in selected industries, committee preferences, and geography. Of course, add your contact information.

Action: Take this and create an outreach list with 15 names, including those from legal, finance, audit, PE ops partners, CEOs you’ve advised, and nonprofit leaders. Ask for needs-first conversations, not a seat at the table.

Final Word: You’re More Board-Ready Than You Think

Boards do not need passengers; they need steady judgment, crisis fluency, and a practical grasp of how controls become strategy. That’s your wheelhouse. Do the homework, shape a needs-first narrative, and start where you can make an impact now. The seat will often come from a conversation you did not know would matter.

And when it does, remember the rule that separates great directors from the rest: noses in, fingers out, with a steady hand on the compass of integrity.

30-60-90 Action Plan

Next 30 days

  • Draft board bio + two-page briefing pack.
  • Reconnect with five execs who’ve seen your judgment under pressure; ask for introductions to their board contacts.
  • Identify and approach one nonprofit and one private company where your risk expertise is directly relevant.

Days 31–60

  • Speak on one panel/webinar: “Board Oversight of Third-Party & Sanctions Risk” or “What Directors Need to Know About AI and Culture.”
  • Conduct three informational interviews with current directors and refine your narrative based on their feedback.

Days 61–90

  • Commit to a nonprofit board or board committee role.
  • Join a director education program (NACD or equivalent) and complete a module on Audit/Risk oversight.
  • Publish a three-post LinkedIn series: “A Director’s Playbook for Crisis Escalation,” “Five Board Questions for AI Risk,” “Culture as a Control.”
Categories
Compliance Tip of the Day

Compliance Tip of the Day – The CCO Role in Preparing the Board for the Next Crisis

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

We continue our 5-part series, considering several questions about compliance officers working with or on the Board. Today, we consider the role of a CCO in preparing a Board for the next crisis.

For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing your Compliance Program, 6th edition, which was recently released by LexisNexis. It is available here.

Categories
Blog

Board Week, Part 3: The CCO’s Role in Preparing a Board for the Next Crisis

Crisis is no longer a rare event. From ransomware attacks and regulatory shocks to activist investors and CEO departures, boards today operate in an environment defined by volatility and disruption. PwC’s recent memorandum, “Being Prepared for the Next Crisis,” highlights the importance of boards adopting a proactive approach to resilience and oversight. However, while directors bear the primary responsibility for governance, a Chief Compliance Officer (CCO) plays a distinct role: ensuring that the board is informed, equipped, and prepared to respond effectively.

The CCO is often the organization’s “early warning system,” translating risks from the operating level into insights for the board. In a crisis, this role becomes magnified. The CCO must help the board anticipate threats, stress-test plans, and avoid the common pitfalls that derail effective responses. Today, we will explore how CCOs can adapt the PwC framework into a playbook to guide the board through the crisis preparedness lifecycle.

1. Before the Crisis: Embedding Compliance into Resilience Planning

The best crisis plans are living documents that are constantly updated, tested, and integrated across all functions. For CCOs, the challenge is to ensure compliance and ethics considerations are built into those plans from the start.

The CCO’s Role:

  • Cross-functional integration. Ensure that the compliance function sits at the crisis planning table alongside risk, legal, and operations. Issues such as bribery, data privacy breaches, or third-party misconduct can escalate into crises if left unaddressed.
  • Scenario planning. Push for tabletop exercises that include compliance scenarios—not just cyber breaches. A dawn raid by regulators, whistleblower allegations, or sanctions violations should all be tested with the board. Most boards are fixated on cyber exercises (81%) while under-testing activist campaigns, fraud investigations, and geopolitical risks. The CCO can broaden that scope.
  • Defining escalation triggers. Collaborate with management and the board to define when compliance issues rise to the level of a board crisis. For example, a government subpoena, a major third-party red flag, or media exposure of misconduct should be predefined as triggers for immediate notification to the board.

By embedding compliance into resilience planning, the CCO ensures that ethical and regulatory risks are not afterthoughts but central to the crisis playbook.

2. During the Crisis: Supporting the Board’s Oversight and Communications

Once a crisis hits, speed and clarity are critical. Work to avoid pitfalls such as “leaping before looking,” minimizing the problem, or losing credibility with stakeholders. Here, the CCO becomes the board’s translator and truth-teller.

The CCO’s Role:

  • Facts over speculation. Ensure that communications to the board are grounded in verified information. If facts are incomplete, emphasize transparency about what is known and what remains to be investigated.
  • Maintaining authenticity. Compliance leaders are custodians of corporate values. During crisis communications, the CCO should challenge management if the messaging strays from the organization’s ethical commitments. As PwC notes, stakeholder trust depends on alignment with company values.
  • Stakeholder inclusivity. Understand the importance of addressing all stakeholders, not just the loudest. The CCO should ensure employees are included in the communication strategy. In many crises, employees are both victims and messengers. If left uninformed, they can become sources of rumor or disengagement.

The CCO also helps the board resist the temptation to downplay severity. Regulators and investors are unforgiving of minimization. Credibility, once lost, is difficult to recover.

3. After the Crisis: Driving Root Cause Analysis and Continuous Improvement

The PwC framework underscores the importance of post-event reviews, root cause analysis, and continuous improvement. For CCOs, this is where compliance expertise shines.

The CCO’s Role:

  • Independent assessment. If misconduct or governance failures triggered the crisis, the CCO should advocate for independent investigations to determine the cause. This not only ensures credibility but also demonstrates the board’s seriousness in remediating gaps.
  • Root cause focus. Compliance officers are trained to ask “how and why.” A surface-level review, examining what happened and the actions taken, overlooks the deeper cultural or control weaknesses that enabled the crisis to occur. Without addressing these, organizations remain vulnerable.
  • Policy and training updates. Post-crisis reviews should feed directly into compliance programs. If a whistleblower report was ignored, revise reporting protocols. If a sanctions violation occurred, strengthen third-party screening.
  • Board education. Provide directors with debriefs on regulatory trends that emerged during the crisis. For example, if a DOJ enforcement action shaped the company’s response, explain the broader implications for future oversight.

By institutionalizing lessons learned, the CCO helps the board convert a painful episode into a competitive advantage.

4. The CCO as the Board’s Crisis Sherpa

PwC notes that boards must balance guiding management while not being overwhelmed themselves. In practice, this requires a trusted advisor who can translate complexity, cut through the noise, and flag issues that rise to governance levels. That advisor is often the CCO.

The CCO’s Role:

  • Regular briefings. Establish quarterly “crisis readiness” updates for the board, led by compliance. These sessions review recent regulatory developments, whistleblower trends, and geopolitical risks.
  • Committee alignment. Work closely with the audit or risk committee to ensure that crisis oversight responsibilities are clearly defined and understood. In some cases, a compliance liaison may be designated to report directly to the board during a crisis.
  • Tone from the top. Model ethical courage in board communications. If executives resist disclosure or push spin, the CCO must be willing to articulate the risks of opacity. The board relies on the unvarnished truth, even when it is uncomfortable to hear.

The CCO, in essence, becomes the board’s crisis sherpa: guiding directors through treacherous terrain with foresight, facts, and fidelity to values.

5. A CCO’s Checklist for Board Crisis Preparedness

To translate this into action, here’s a compliance-focused checklist adapted from PwC’s recommendations:

  1. Ensure crisis plans are compliance-inclusive. Integrate regulatory, ethical, and third-party risks into enterprise crisis planning.
  2. Broaden board exercises. Advocate for tabletop simulations that extend beyond cyber—encompassing fraud, sanctions, whistleblower events, and activist campaigns.
  3. Define escalation triggers. Codify the process for escalating compliance issues to the board.
  4. Champion transparent communication. Push for fact-based, values-aligned messaging during crises.
  5. Include employees. Make internal communications as robust as external messaging.
  6. Drive post-crisis reviews. Lead root cause analysis and ensure findings inform compliance program updates.
  7. Educate directors. Keep the board informed about current regulatory expectations and cultural red flags.

Preparing the Board for the Crisis That Hasn’t Happened Yet

As PwC observes, a crisis is no longer hypothetical; it is cyclical. Boards that prepare systematically will emerge stronger. But preparation is not solely the task of directors or management. The Chief Compliance Officer must bridge the gap by embedding compliance into resilience plans, guiding directors during responses, and ensuring that lessons are institutionalized after the fact.

The next crisis will come. We don’t know whether it will be a cyber, regulatory, or reputational issue. But we do know this: the boards that succeed will have a compliance leader at their side, someone who combines regulatory expertise with cultural insight, and who can guide directors through the storm with clarity and integrity.

That is the CCO’s role. And it may be the most important contribution compliance makes to long-term corporate resilience.