How can I interview a compliance or risk officer and figure out if they are the right candidate?
First, they need to be a personality match to you specifically. The compliance or risk officer role is a trusted advisor position. You are looking for someone who can give you the advice you need, which is not always the same as the advice you want. This person will challenge how the business’s time, resources, and money are spent to achieve a business objective with risk in mind. While it will take time to build this trusted advisor relationship, this position should be filled by someone you believe wants the business to be successful so you can work collaboratively with them to achieve that success.
Once you have found the group of candidates that you want to work with, ask the questions you would ask any candidate about their knowledge of your company and the company ethos. When it comes to the technical questions about how they execute their job, this becomes harder because they are supposed to be the most knowledgeable person about risk management. We suggest that you interview based on your desired outcome for this position.
How are you Protecting the Business?
A trusted advisor in the compliance or risk officer position should have considerable technical skills, but the best can simplify what they are doing and why to work with all stakeholders. At a minimum, they should be reducing compliance risks that expose the business to reputational, administrative, civil, and criminal fines and penalties. Depending on their expertise, they should also protect you from the same risk exposure for money laundering, illicit cannabis market, supply chain, and operations. Finally, they should have a detailed strategy to reduce the exposure for the business and its stakeholders using an approach recognized by the business’s regulators and investors. ACCCE advocates for a risk-based approach.
How will you Enable Others to do Their Job?
Compliance and risk professionals are in careers, not first jobs. They should know the business they are in, and how compliance and risk management enable that business’s objectives. The candidate should explain how they will qualitatively and quantitatively identify risks related to your business objectives; this is called a risk assessment. A compliance or risk officer should know to share the executive summary, also called the risk profile, with executive management and the board to inform all decision-makers of the most likely and impactful risks to the business as the group works towards achieving their business objectives. A risk profile creates an environment that enables all employees to make informed risk-based decisions while protecting the company from risk.
How will I Know if this Risk Strategy Works for my business?
A trusted advisor is always trying to refine their strategy to be the best one for this specific business. There is no specific answer they should give, and you should wait until the end of the interview to ask. A trusted advisor should have picked up from the interview what is essential to you and the business, and they should be able to tell you how they think their strategy should be judged. While the answers will vary, they will likely point to
- Reduction in inspection findings or the severity of findings
- Reduced wasting of licensed cannabis products for non-compliance
- Reduced cost from professional service providers
- Increased service and product offering from professional service providers
- Enhanced ability for the business to enter into higher-risk products and services
- Enhanced ability for the business to expand in current or new markets
- Increased valuation
- Higher likelihood of achieving business objectives
Candidates Should Know how to Enable the Business for Success
Compliance and risk professionals are marked by their ability to enable a company to compliantly achieve business objectives within the business’s risk appetite. They should know their profession in such detail that they can tell you how they will save the business time and money. If their answers don’t make sense, they may not be the right fit. At the end of the interview, ask yourself
- Could I trust this person enough to want their advice, even if I don’t like it?
- Does their risk management strategy make sense for me and my business?
- Do I think this person will be able to train all stakeholders to make informed risk-based decisions appropriately?
Finally, don’t rush into a decision. Having a trusted advisor in this position should provide you peace of mind at night because you believe them when they tell you that your reputational, administrative, civil, and criminal risks are what you think they are.
Join ACCCE as a member to access tools and resources that will save you time and money when implementing a risk-based approach. https://accce.org/commercial-cannabis-businesses/