By Jamy Sullivan, JD, Executive Director, Legal Practice Group, Robert Half
At a time when organizations face rapidly growing and complex regulations and cyber threats, in-house general counsels and chief legal officers tell me they are struggling to keep pace and maintain peace of mind.
Today’s high-value data breaches and AI-generated scams mean leaders of corporate legal departments like you are spending more and more hours on compliance work to protect customers, employees and assets. But the challenge isn’t just a lack of time to focus on an ever-expanding range of compliance areas, such as cybersecurity and ESG reporting. Many say they also lack the specialty knowledge and required skill sets on their team.
Meanwhile, new federal and state laws, regulations and policies to help mitigate risks continue to increase. And the consequences of not adequately preventing, detecting and resolving risks only intensifies. Organizations face high fines and legal-related costs for wrongdoing due to heightened government agency scrutiny and expensive enforcement of compliance-related regulations. This is especially true for companies in the highly regulated finance, energy and healthcare industries.
In light of the current high-risk and heavily regulatory environment, more general counsels and chief legal officers are hiring legal professionals dedicated to this area, like compliance directors, managers and analysts and data privacy experts. In the past, this talent was often viewed as adding an extra layer of protection. Today, they’re increasingly essential.
Whether you want to hire a compliance analyst or a data privacy or cybersecurity specialist in the legal space, you often have to convince your leadership or C-suite team first. Here are some tips on how to make the case for hiring compliance specialists:
If you have recently completed a compliance gap analysis that showed deficiencies, you can use some of this information to help justify the need for more resources. If not, you might want to ask yourself these questions to evaluate your organization’s state of compliance and flag where you could use additional support and expertise:
What regulatory requirements and obligations are we not adequately adhering to, if any, and why? If the reasons boil down to workload and/or lack of required skills, include this pertinent information.
Are we accurately identifying and quickly addressing issues when conducting risk assessments and audits? If not, specify areas for improvement.
Are we staying sufficiently abreast of the compliance implications of new data protection laws, industry-specific regulations and technologies?
Do we possess the specialized skill sets, like data privacy, cybersecurity or ESG reporting, to develop the policies and processes needed to manage existing and emerging risks and regulations? If not, what skills gaps exist?
To close these gaps, what kind of talent do we need? For example, if your organization is in a heavily regulated industry, it may be worth hiring a compliance director, who could build out a small team. Or, if you need to address expanding or new risk areas sustainably, a permanent compliance officer, manager or analyst with specialized skills may be a good option. If you only have short-term compliance projects or needs, a contract professional could help.
Answering the above questions can shape your staffing plans and goals and form the foundation for making your case for more talent.
Consider quantifying the financial losses your company could incur if your current compliance capabilities cannot keep up with managing risks due to understaffing.
For instance, estimate the price to your organization of resolving an enforcement action through potential fees and penalties. You can also present the estimated costs of engaging outside legal counsel or agreeing to a settlement if the company had to defend itself in an investigation or lawsuit.
Next, focus on the operational costs of your organization being caught out of compliance and ordered to pause core business operations. What would the daily and weekly costs be of shutting down operations until regulators believed the compliance policy had been correctly implemented?
A corrective period could also place a product release or potentially lucrative partnership on hold or redirect resources away from growth activities. Such scenarios could cause revenues to decline, so consider adding these costs to your case.
Not adequately managing compliance risks could also damage your company’s reputation and bottom line. For example, a data breach could destroy the hard-earned trust you’ve built with customers and partners, who may then turn to your competitors.
When comparing the above potential costs of noncompliance to the costs of hiring additional support, it is usually less costly and risky in the long term to bring on the data privacy specialists or other compliance talent you seek. Summarize your findings and concerns related to financial penalties, legal repercussions and reputational damage.
Additional compliance talent can do more than help you to stay on the right side of the law; they can build a more robust, proactive and successful compliance function overall.
A key benefit of investing in compliance includes increasing efficiency. For example, specialists in keeping customer data safe can identify what compliance-related processes can be automated and oversee their implementation. This can lead to better risk monitoring and management while reducing the time and costs associated with manual compliance-related work.
A stronger compliance team can also help increase employee understanding, education and training around risks, which have become more challenging with staff working remotely. They can play an instrumental role in building the type of culture where your employees want to follow both the letter and spirit of compliance. This safeguarding of customers, partners and the public can generate trust and goodwill, boosting your organization’s image and brand in the marketplace.
Because compliance is often viewed as “the department of no,” it can be helpful to offset this thinking by framing your compliance discussion within the organization’s larger growth and revenue objectives. For example, if your C-suite is focused on keeping a competitive edge, break down how a robust compliance function could allow the organization to embrace exciting business opportunities that would otherwise seem too risky.
By centering the conversation around the business’ current priorities, you can increase the likelihood your leadership views your request to invest in your compliance function as an investment in strategic growth. And they view you as a strategic partner doing everything you can to champion this growth while protecting your organization.
Follow Jamy Sullivan on LinkedIn.
