The Evolving Role of a Chief Compliance Officer: Insights From Stephen Martin at Skillsoft
In recent years, the role of Chief Compliance Officers (CCOs) has undergone a significant transformation, influenced by a rapidly changing regulatory landscape and advancements in technology.
Today, on National Compliance Officer Day, Stephen Martin, Chief Compliance Officer at Skillsoft, offers a compelling perspective on these changes and shares his own experiences in navigating this dynamic environment.
A Shift in Responsibilities
When Martin joined Skillsoft in May 2022, the company had recently transitioned to a public entity. This shift necessitated a thorough evaluation and enhancement of the existing compliance program. “We moved from taking the basic steps required of a new public company to developing a robust, risk-focused compliance program,” Martin explains. This involved the implementation of comprehensive policies, controls, and ongoing risk assessment to ensure that the company was well-equipped to handle its new public company status.
A significant part of this transformation was the enhancement of the policy framework, particularly in key risk areas like artificial intelligence (AI). “Skillsoft is actively utilizing AI across the business to enhance the learning and training we provide to our customers,” says Martin. This has required the development of AI-related policies and the establishment of AI advancement and responsible ethical use committees to oversee compliance and ethics from a comprehensive standpoint.
Looking for advice on how to build your own organization’s AI policy? Read more.
Subscribe to the Skillsoft Blog
We will email when we make a new post in your interest area.
Building a Proactive Compliance Team
The role of the CCO at Skillsoft has expanded to include oversight of cybersecurity, enterprise risk management (ERM), ESG (Environmental, Social, and Governance), and data protection. Martin has brought in compliance and ESG professionals, a Data Protection Officer (DPO), and other key team members to create a cohesive risk and compliance unit. “Skillsoft has a fabulous team in place to help us reach the next phase in the future of work,” said Martin. “Our goal is to have visibility into key risk areas throughout the company and to be more proactive from a compliance standpoint in addressing risk.”
Data protection and privacy have become core focuses for Martin’s team, especially given the increasing amount of data companies handle and the stringent regulatory environment in Europe. “A DPO is critical to an effective compliance program, helping us navigate customer concerns both in contracting and throughout our relationship,” he emphasizes.
“Data protection is top of mind for regulators and companies in the U.S. and worldwide. Everyone is focused on enhancing data protection measures,” he observes. Additionally, the new Securities and Exchange Commission (SEC) reporting requirements for cyber-related incidents have added another layer of complexity to the compliance landscape.
Learn more on the world’s first major AI regulation act here.
A Day in the Life of a CCO
According to Martin, no two days are alike in his role. “A typical day involves various meetings and work on expected issues, but unexpected challenges always arise,” he says. These can range from corporate governance and contract issues to data breaches and whistleblower complaints. Despite the unpredictability, Martin finds this aspect of his job enjoyable.
Emerging issues, like AI and also gaining prominence. “Over the last year, we have accelerated our focus on ESG and now Skillsoft is sharing our metrics. We’ve developed and submitted ambitious science-based targets regarding our Scope 1, 2 and 3 GHG emissions in line with SBTi criteria. We are committed to demonstrating strong corporate citizenship,” Martin states, highlighting the importance of ethical considerations in compliance, not just meeting the letter of the law.
The Best Part of the Job
For Martin, the most rewarding aspect of his job is tackling interesting issues and learning about new topics. “It’s about figuring out how to be proactive,” he says. He believes that compliance programs must transition from being reactive to proactive. “How can you help the company perform better? How can you reduce risk? How can you introduce transparency into the business and assist people in doing the right thing?” Martin asks.
He emphasizes the importance of working directly with the business as a partner so that employees approach the compliance team early in new or challenging situations. This proactive approach helps in embedding compliance into the company culture.
Skillsoft’s unique position as a leading provider of compliance training to Fortune 500 companies allows it to mirror its teachings within its own organization. “We live our own compliance training in the same way we help customers do that around the world,” Martin explains. Skillsoft’s focus on value drivers and culture ensures that the company remains at the forefront of compliance best practices.
The Changing Compliance Landscape
Reflecting on the broader compliance industry, Martin notes that the focus has shifted from reacting to the aftermath of the COVID-19 pandemic to areas like data analytics and ongoing monitoring of risk and controls. “More compliance professionals are starting to use and understand the importance of data analytics,” he says. Tailoring risk assessments and training for company-specific and industry-related risks is now a priority, as well as early detection of potential compliance issues.
Continuous and ongoing monitoring, coupled with risk assessment, are areas ripe for improvement. “That’s where we get into effective use of data analytics in a compliance program. AI will help with advancing these important compliance program elements,” Martin asserts, noting that regulators are also keen on these advancements. Enhancing the effectiveness of compliance programs through these technologies is a key focus for the future.
Balancing compliance and legal responsibilities, Martin’s insights offer a valuable roadmap for compliance professionals navigating this evolving landscape. The journey from reactive to proactive compliance is challenging but essential for ensuring your company has a risk based and effective compliance program, fostering a culture of transparency and ethical behavior within organizations.