In the social media age, reputation is everything. What’s the fastest way to take a hit to your status and send your customers into the arms of competitors? Suffer a compliance failure. This might take the form of an expensive and public lawsuit. Your company might suffer fines and negative publicity from a government authority. Avoiding these problems requires a strong compliance program to keep your organization safe.
Do You Need Compliance Professionals?
Due to the increase in regulations and decreasing tolerance for risk, compliance has become a booming profession. That said; compliance professionals are not needed in every industry. In our experience, these specialists tend to be concentrated in a few specific industries. If you’re in one of these fields, you need to know about compliance certifications so you can equip your staff for success.
Financial Industry Compliance Certifications
Banking, insurance, and investment companies are required to operate under complex regulations. In the U.S. alone, you have regulations and laws at both the federal and state level. For example, the FDIC: (Federal Deposit Insurance Corporation) imposes various requirements on members to keep coverage, such as carrying out periodic bank examinations. More recently, the Dodd-Frank Wall Street Reform and Consumer Protection Act restricts certain investment activities, implements controls on payment cards, and imposes many other rules. To interpret these requirements and put them into effect, consider the following certifications:
- Certified Community Bank Compliance Officer (CCBCO): This broad certification is best for U.S. community banks. It covers “Developing a Compliance Program, Lending, Deposit, and Operations Compliance.” Note that the certifications cost several thousand dollars and require a test.
- Certified Regulatory Compliance Manager (CRCM): Offered by the American Bankers Association, this designation is best for compliance professionals looking to grow. Note that it requires three years of relevant experience, completion of an approved training program, and an exam.
- Certified Anti-Money Laundering Specialist (CAMS) credential: Preventing money from flowing to and from criminals, terrorists, and others designated by the authority is the focus of anti-money laundering. This credential is not open to everyone; applicants must have suitable professional experience, have industry references, and fulfill other requirements.
The above examples aren’t an exhaustive list; however, it’ll get started in understanding what’s available. The most important point? Robust certifications tend to have certain elements in common: formal training programs, exams, and some level of professional experience.
Healthcare Compliance Certification Options
In the financial industry, you face the risk of losing money and could be looking at fines and lawsuits. In health care, those problems are just part of the story. Failing to manage risk well may mean reduced funding and impact your ability to take care of patients. For example, failure to follow Medicare requirements correctly may trigger investigations (or worse) from the authorities. To reduce your compliance headaches, investigate the following certifications.
- Certified in Healthcare Compliance: Valid for a two-year period, this certification is a good introduction to US healthcare compliance. Before sitting for the exam, candidates must obtain appropriate work experience and complete 20 continuing education units.
- Certified Compliance Professional (CCP): Established in 1995, this compliance program includes testing, professional experience requirements, and an essay. Note that the sponsoring organization, Health Ethics Trust, offers additional healthcare certifications such as the Certified Compliance Executive (CCE) for those who want to grow in their careers.
- Certified Medical Device Compliance Professional (CMDCP): Implants and other devices are an important way to deliver health treatment. How can patients trust these medical devices will work as promised? Part of the answer lies in the oversight of specialized compliance professionals who hold credentials such as the CMDCP. The coursework for this credential includes three mandatory courses and one optional course where you can pursue your area of interest (e.g., clinical trial design for medical devices).
Outside of those industries, there’s still a need for compliance in technology management. We’ll turn to that area next.
IT Governance and Compliance Certifications
Unlike health care and financial services reviewed above, IT compliance is a new field. IT compliance expectations are shaped by regulatory requirements and partly by industry expectations. For instance, the Sarbanes-Oxley Act (“SOX”) applies a set of IT controls on the public traded companies. These requirements support the integrity and accuracy of the company’s financial statements. To get your staff up to speed, explore the following certifications.
- Certified in Risk and Information Systems Control (CRISC): Provided by ISACA, this certification covers areas such as IT risk identification, IT risk assessment, and risk monitoring.
- ITIL Expert: Initially associated with the British government, ITIL has become a standard IT management certification. Note that this certification requires that you earn a series of prior ITIL certifications before pursuing the “Expert” level.
- Certified in the Governance of Enterprise IT (CGEIT): Aimed at managers and executives, this certification has broad coverage. Even though it covers IT, it’s vendor neutral like the other certifications covered in this section. Your professional experience must include several areas of work, including benefits realization, risk optimization, and other areas. Keeping this certification requires credential holders to engage in continuing education.
Is there market demand for this expertise in IT management? If salaries are any guide, the answer is yes. As of mid-June 2018, there were more than 1,000 IT compliance jobs advertised on Monster.com. Employers seeking this talent include banks, shipping companies, consulting firms, and insurance firms. When you have IT compliance experts on staff, you’ll be able to get through IT audits easily.
Resource: Worried about what IT auditors might find in your department? Put that anxiety to rest by conducting your own “mini-review.” How do you do it? Read our article: “Get Ready for Your Next Access Governance Audit With 8 Questions.”
How to Improve Compliance if You Don’t Have a Compliance Department
If your organization has minimal regulation to operate under, you can get by without creating a compliance department. However, you should still make a few tactical moves to reduce your risk exposure. For example, to reduce your IT risk profile, use tools such as Compliance Auditor. This product automatically logs requests and maintains all records. It also supports multi-level approval for access, a key feature for highly sensitive accounts such as privileged users.
