FCPA Compliance and Ethics Blog

August 12, 2015

Why Is It So Hard to Hire People in Compliance?

Filed under: Chief Compliance Officer,Compliance,Conselium,Maurice Gilbert — tfoxlaw @ 12:01 am

Maurice GilbertEd. Note-I recently asked Maurice Gilbert, founder and CEO of Conselium Executive Search if he would share some thoughts as to why and how a company should use an executive search firm when recruiting a C-Suite level executive, specifically a Chief Compliance Officer. Maurice graciously responded with the below post on how his company can assist in such a search and more importantly why companies should use a professional search firm in such situations. 


As managing partner of an executive search firm, I’m often asked how the sluggish economy affects our business.  Truth?  Not at all.  We place compliance officers, and our business is booming.

The demand for top-notch compliance pros is high, and the supply low. Hunting heads takes time, talent and chutzpah.  If it were easy, companies wouldn’t need us.

Here’s an example of a typical search:

The phone rings.  It’s the senior vice president of HR at a prominent medical device company.  Would we entertain a search for an EVP Chief Compliance Officer?

“Certainly,” I tell her. “When do you need to have this job filled?”


She goes on to explain they posted the job on their website five months ago and also added it to a few major online job boards.  When responses were sluggish, their internal recruiter joined the hunt (more on this later.) She had reviewed 17 CV’s before calling me – not one of which warranted an interview.

Our search began by calling and emailing compliance officers in our (vast) network.  We’ve spent a decade compiling contact info and building relationships with Compliance Officers.

Next step: Screening candidates.  We typically screen 100 professionals for every qualified candidate we present to a client.  In this case, we identified 5 candidates – so you can do the math there.  We screened over 500 applicants in this stage of the process.

One candidate in particular stood out.  So we called and left a message.  Then we called again.  Then we left another message.  Another call, another message.  Finally – his wife phoned us. Remember I told you this process takes diplomacy and chutzpah?  Turns out the candidate was working in a town his wife thought was unfit for raising their children.  The job we were offering was in a town she thought would be great for the family. Could we help get his career (and maybe the marriage) back on track?

Long story short, we got him the interview.  The candidate got the job, and my client got the compliance department problem solved.  Another happy ending.

It took three months, start to finish.  Should a busy C-suite executive or HR manager rely on a specialty search firm to get the job done?  Yes. We applied three full time dedicated employees to this search for the three-month period – that amounts to 360 hours.  So why was our client unable to hire the CCO by their own efforts?

Well, consider these facts:

  • The client posted the job to all the job boards, but only 15 percent of qualified professionals are actively looking for a job.  Most of them are too busy working.  They’re not scouring job boards.  That means 85 percent of qualified candidates aren’t actively looking for a new job — but they may be receptive if they’re personally contacted…in the right way.
  • The client did assign the job opening to an internal recruiter. But does the internal recruiter have a massive database of compliance professionals to tap and the personal relationship with them?  No way.  He had to start identifying candidates from scratch.
  • Does the internal recruiter have hundreds of hours to devote to one search?  No, an internal recruiter is assigned as many as 20 open requisitions to fill at any given time.
  • Does the internal recruiter have the expertise required to evaluate a compliance officer?   Typically not; most are generalists.
  • Does the internal recruiter have the resources to put together a compelling presentation to entice a candidate to listen to the opportunity?   Typically no.  A dynamic presentation to highly sought-after professionals requires a presentation that speaks to the positives of the company, the job, the culture, the career growth options, the community, etc.

So why do companies that want top compliance professionals retain our firm?  It’s just like retaining a law firm for litigation purposes. You’d never attempt to represent yourself in court without an attorney, right?

Hiring authorities work with Conselium to tap its vast network of top talent. It works to match a company’s needs with the right professional. For Candidates, those who work with Conselium get access to a “hidden” ’ job market of unadvertised positions. Finally, Conselium focuses on compliance, audit and regulatory counsel positions. To check out the company and get in touch with Maurice for your compliance search needs, click here.

February 12, 2015

Maurice Gilbert, CCI and Ten Questions A Board Should Consider About Compliance

Maurice GilbertFor those of you in the compliance world who do not know Maurice Gilbert, you should. I could probably write an entire post on the number of hats that he wears. For the Chief Compliance Officer (CCO) or compliance practitioner, two of the most significant are as Managing Director at Consileum Inc., which I consider to be one of the premier compliance related search firms in America and as Founder and Managing Editor of Corporate Compliance Insights, known as CCI in the compliance world (full disclosure – I blog and write for CCI). If you are looking for some of the country’s top compliance talent for a corporate compliance position Maurice should be about the first person you call when even thinking about such a task. He can help you to define the scope of the position and then craft the position to attract some great talent for you to consider. Of course, you should always know one of the country’s top compliance talent recruiters because you never know when the right opportunity might be presented by a client to Maurice and you could perfectly fill the bill.

However it is his other hat that I want to highlight today. As Founder and Managing Editor of one of the top online compliance resources, Maurice leads a team that continually generates and posts some of the most insightful and useful pieces of information around the entire panoply of issues related to compliance. From my world of anti-corruption compliance, to trade-compliance, corporate boards and governance, auditing and much more, CCI is a resource you should have on your favorites toolbar. It was through Maurice and CCI that I was introduced to the writings and assorted wisdom of Jim DeLoach, who is one of my favorite contributors to read on CCI.

DeLoach is a Managing Director with global consulting firm Protiviti. He regularly writes and blogs on issues relating to Enterprise Risk Management (ERM). He put out such great material and a plethora of it that Maurice persuaded him to put it together for us in an eBook, entitled “Making Risk Management Work for You. In the section entitled “10 Questions You Should Ask About Risk Management”, DeLoach lists 10 questions he says that a board and senior management should think about when considering ERM. I have used this section as a basis to reformulate the questions from a compliance perspective.

  • What are the company’s top compliance risks, how severe is their impact and how likely are they to occur? – Just as managing enterprise risk at a strategic level requires focus, the same is true for compliance. This requires you limiting your top risks to a handful so they can accurately be assessed and managed. DeLoach suggests that you should be emphasizing no more than five to 10 risks. Furthermore, “Day-to-day risks are an ongoing operating responsibility.”
  • How often does the company refresh its assessment of the top [compliance] risks? – As the Department of Justice (DOJ) continually reminds us, your compliance risk assessment process should be responsive to change in the business environment. It is now mandatory that teams have in place “a robust process for identifying and prioritizing the critical [compliance] risks, including emerging [compliance] risks, is vital to an evergreen view of the top risks.”
  • Who owns the top compliance risks and is accountable for results, and to whom do they report? – While this might seem self-evident in any best practices compliance program it is not always opaque within an organization. Clearly your CCO should own the top compliance risks and manage them but there should also be proper board oversight and reporting. DeLoach warns, “Gaps and overlaps in risk ownership should be minimized, if not eliminated.”
  • How effective is the company in managing its top [compliance] risks? – Just how effective is your compliance regime is a key question that any CCO or compliance practitioner needs to be thinking about on a regular basis. However, for the board and senior management level, there should be “a robust process for managing and monitoring each of the critical [compliance] risks.” Moreover, your “risk management capabilities must be improved continuously as the speed and complexity of business change.”
  • Are there any organizational “blind spots” around [compliance] warranting attention? – Some practitioners believe that the entire Foreign Corrupt Practices Act (FCPA) enforcement regime is a failure because companies are still engaging in bribery and corruption. But the simple fact is that since corporations are made up with people there will always likely be wrongdoers. DeLoach notes that “Cultural issues and dysfunctional behavior can undermine the effectiveness of [compliance] risk management and lead to inappropriate risk taking or the undermining of established policies and processes.” He cites several examples including “lack of transparency, conflicts of interest, a shoot-the-messenger environment and/or unbalanced compensation structures may encourage undesirable behavior and compromise the effectiveness of risk management.”
  • Does the company understand the key assumptions underlying its [compliance] strategy and align its competitive intelligence process to monitor external factors for changes that could alter those assumptions? – You might not think it could happen in a compliance regime but if a company fails to recognize that its business paradigm is changing, it could be too late to affect an appropriate compliance strategy for a new product line/service offering or breaking into a new geographic territory. Here DeLoach believes that while “no one knows for sure what will happen that could invalidate the company’s strategic assumptions in the future, monitoring the validity of key assumptions over time as the business environment changes is a smart thing to do.”
  • Does the company articulate its risk appetite and define risk tolerances for use in managing the business? – This is one area that always bears discussion. For some companies there is enough business in the middle of the road that they feel like they do not have to go up to the line of a FCPA violation to garner sales, while other companies have done deals that may have been lawful but, at the end of the day, had awful consequences for the business. Just because you can do something does not mean you should do it and a large part of such a calculus is round your risk appetite dialogue. DeLoach believes such ongoing conversations can assist to “bring balance to the conversation around which risks the enterprise should take, which risks it should avoid and the parameters within which it should operate going forward. The risk appetite statement is decomposed into risk tolerances to address the question, “How much variability are we willing to accept as we pursue a given business objective?” For example, separate risk toler­ances may be expressed differently for objec­tives relating to earnings variability, interest rate exposure, and the acquisition, develop­ment and retention of people.”
  • Does the company’s [compliance] risk reporting provide management and the board information they need about the top risks and how they are managed? – Compliance reporting should begin with relevant information about the critical compliance risks and how those compliance risks are managed. DeLoach believes that some of the questions you should be asking under this prong are along the lines of the following: “Are there opportunities to enhance the [compliance] risk reporting process to make it more effective and efficient? Is there a process for moni­toring and reporting critical [compliance] risks and emerging [compliance] risks to executive management and the board?”
  • Is the company prepared to respond to extreme [compliance] events? – DeLoach calls it an extreme event but I would ask, what will you do if your company is on the front page of the New York Times (NYT), Wall Street Journal (WSJ), Financial Times (FT) or any other similar media outlet for a compliance related violation or issue? Do you have a response plan in place? More so “Has it prioritized its high-impact, low-likeli­hood risks in terms of their reputational effect, velocity to impact and persistence of impact, as well as the enterprise’s response readiness?”
  • Does the board have the requisite skill sets to provide effective [compliance] risk oversight? – This goes to the heart of frustrations from both the compliance function side and the board side of the equation. Does your board and senior management have specific FCPA or other relevant anti-corruption training and understand your business model well enough to provide input regarding critical compliance risk issues on a timely basis? From the board’s perspective they may feel the information they receive is asymmetrical and that they do not receive enough material information to render good decision-making. From the CCO or compliance practitioner’s perspective, they may feel that they cannot get enough time in front of the board, audit committee or senior management to properly educate them on the issues.

I have only scratched the surface of DeLoach’s thoughts on ERM. I urge you to go to the CCI site and download the entire work. Did I mention the best thing about CCI and DeLoach’s book? It is free on the CCI site. So after you download DeLoach’s book, stick on the site and noodle around to find something that interests you or could be of assistance in your compliance practice. Don’t forget to check out CCI’s job listing because Maurice has that other hat that he wears as well.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

March 19, 2013

Interview with the Founder-Maurice Gilbert of Conselium and Corporate Compliance Insights

1.         Where did you grow up and what were your interests as a youngster?

I grew up in Detroit, Michigan, and my interests as a youth centered on playing competitive tennis. My dream was to make it on the Pro tour.  My other interest was listening to Motown music:  Marvin Gay, Supremes, Temptations, etc.

2.         Where did you go to college and what experiences there led to your current profession?

I went to Eastern Michigan University; I studied sociology and general business. I also played on the tennis team.  On summer breaks I taught tennis at camps and tennis clubs.  What eventually lead me to the executive search business were primarily two things: first, my knowledge of business, having spent 20 years in corporate America with the likes of GE, and second, my desire to coach and mentor professionals with their career. I remembered how gratifying it was teaching tennis and helping with a person’s development.  In short, I took my passion for coaching and applied it in the business setting I became familiar with.

3.         Can you explain the philosophy of Conselium and what do you believe makes it stand out from similar firms?

When our clients engage us they usually are already experiencing exposure to risk by not having the appropriate hire on board.   That means there’s a level of urgency about filling a position. For us, exceptional customer service means putting our client first and responding to that urgency.  We work weekends, holidays — whatever it takes to meet or exceed expectations.

Another unique factor that contributes to our success is that we have developed our brand by specializing in a very narrow niche: our focus is placing Compliance Officers and Legal Counsel in highly regulated environments. The narrower your focus, the more you set yourself up as subject matter experts. We have even developed our brand on a global footprint due to our specialization.  I recommend anyone interested in the subject of branding read “The 22 Immutable Laws of Branding” by Al Ries.

The third thing I think that makes our search firm unique is the development of Corporate Compliance Insights. Having this online publication has afforded us an opportunity to expand the network of the search business while developing relationships with Compliance and Legal professionals throughout the world. CCI gives compliance experts a place to come together every day to share ideas and opinions.  It keeps all of us on top of the issues that are important in this niche, and it gives Conselium access to the best and the brightest.

4.         What led you to start Corporate Compliance Insights and what do you hope to bring to the compliance community through this resource?

We decided to develop the publication because we met several GRC professionals like you with a wealth of information who needed a platform to share ideas and showcase their knowledge.  CCI has really exceeded our expectations, which for us reinforces that there was a void in this space.  As we look to the future, we see CCI as a leader in providing rich content for useful/practical solutions to fellow GRC practitioners, an aggregator of GRC events and an aggregator of GRC jobs.  We also have a vision of building a CCI community that facilitates greater interaction among our readers, because we sense there’s a desire in the compliance community to have regular, meaningful dialogue about issues and best practices.

5.         With your dual roles at Conselium and CCI, where do you see the compliance field going in 2013 and beyond?

The compliance field is still in the “toddler” stage, and there is still much to be done.  I am a real proponent of education; specifically the Compliance Officers have to educate management about the benefits of having a robust ethical & compliant (E & C) environment.  There is information available that having a robust E & C actually contributes to the bottom line.   Think about it: a solid program attracts employees, vendors, investors, customers, etc.  It’s just good for business.  We must do a better job at educating so that more compliance officers have a seat at the “C” suite.  Having a Compliance Officer report to the General Counsel or other management executive and not directly to the Board has the potential for significant conflicts of interest.

So what I am saying is there is significant opportunity to grow our profession provided we are vigilant in educating those around us.   Speaking of education, there are some universities that provide some undergrad courses on ethics/compliance.  We at CCI have developed a relationship with the HAAS School at UC Berkeley in helping their visibility with an Executive Ethics & Compliance Program.  It is the hope of the HAAS program to get sufficient interest to create a graduate program in Ethics & Compliance.   We do need a feeder system from our universities much the way we have law schools and other graduate programs that provide young professionals with the basics before entering the workforce.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Blog at WordPress.com.