On Campus Podcast – Professional Development Series – Episode 3: Radical Compliance in Corporate America

To easily navigate through our podcast, simply click on the ☰ icon on the player. This will take you straight to the chapter timestamps, allowing you to jump to specific segments and enjoy the parts you’re most interested in.

1. Podcast Introduction (00:00:06) Host introduces the podcast, its purpose, and provides a disclaimer about the views expressed.
2. Episode and Guest Introduction (00:00:31) Guest host, Andra Popa, and guest, Matt Kelly, are introduced, along with Matt’s background in compliance.
3. Defining the Compliance Profession (00:01:07) Discussion on the size, definition, and boundaries of the compliance profession.
4. Complexity of Compliance Roles (00:02:29) Exploring the diversity of compliance roles and challenges in quantifying the field.
5. Demand and Future of Compliance (00:03:31) Uncertainty about the profession’s growth, but confidence in its enduring importance.
6. AI in Compliance Work (00:04:34) How AI is changing compliance, including benefits and new risks.
7. AI and Job Applications (00:06:10) AI’s impact on job seeking, resume tailoring, and interview preparation.
8. Challenges of AI in Job Hunting (00:09:23) Problems caused by AI: scams, fake postings, recruiter overload, and applicant frustrations.
9. Personal Connections in Hiring (00:13:39) Anecdote illustrating the importance of networking and trust in compliance hiring.
10. Trust and Judgment in Compliance (00:15:53) The necessity of trust, judgment, and interpersonal skills in compliance roles.
11. Behavior Change and Organizational Good (00:16:06) How compliance officers persuade others to act ethically for the greater organizational good.
12. Reporting Structure and Board Access (00:19:56) Key questions for compliance professionals about reporting lines and board access during interviews.
13. Evaluating Corporate Culture (00:24:14) Using audit findings and regulatory reports to assess a company’s commitment to compliance.
14. Professional Associations for Compliance (00:25:44) Overview of key compliance associations and the value of networking in the field.
15. Using the Compliance Jobs Report (00:28:32) How Matt Kelly’s jobs report helps professionals track opportunities and industry trends.
16. Internships and Compliance Education (00:32:43) Discussion of compliance internships, educational programs, and clinics for students.
17. Industry News and Context (00:34:16) Matt’s approach to reporting compliance news and providing industry context.
18. Optimism for Compliance Careers (00:35:05) Encouragement for compliance professionals about the field’s future, despite regulatory and AI challenges.
19. Podcast Conclusion and Next Episode Teaser (00:40:43) Closing remarks, preview of the next episode, and thanks to the production team.

Ed Butch: Welcome to On Campus with CITI Program, the podcast where we explore the complexities of the campus experience with higher education experts and researchers. I’m your host, Ed Butch, and I’m thrilled to have you with us today. Before we get started, I want to quickly note that this podcast is for educational purposes only and is not designed to provide legal advice or guidance. In addition, the views expressed in this podcast are solely those of our guests. Welcome to On Campus. Today’s episode is the third and final installment of this season’s professional development series.

Guest hosted by my colleagues, Andra Popa and Anne Hawkinsbadge. Their guest today is Matt Kelly. Matt is the editor of Radical Compliance, a newsletter that follows the corporate compliance in audit fields. He has published Radical Compliance since 2016 and was the editor of Compliance Week for 10 years before that. He writes or speaks about corporate compliance issues often. And now take it away, Andra.

Andra Popa: Thanks, Ed. Hi Matt. Thanks for joining us today. We we’re wondering how do you see the current job market for compliance professionals? Do we even know how big the field is or how it’s defined?

Matt Kelly: Sure. Well, that’s an excellent question to start here. I would say no, we do not. And in fact, I think we still struggle to define even who is a compliance professional before we could even get to the count of how many there are. So I did look this up once that the Bureau of Labor Statistics at the Commerce Department, so they track compliance professionals and they had a projection that as of, I think it was 2023, there were roughly 423,000 compliance professionals, and they project that it would grow to about 5.5, 5.8% over the next decade, which gets you to, I think, 430,000 and change by 2033.

However, the Bureau of Labor Statistics really only defines compliance officers in a very narrow sense of how they help the company to comply with government contracts or corporate government contracting regulations and various laws. And that’s part of compliance for sure, but they don’t really talk about ethics and compliance in that definition. They don’t talk about say, data privacy. And if you’re at a big retailer, you could be a compliance officer and that’s all you worry about. But there is a separate category of, I think it was, IT analysts and they would be worried more about cybersecurity.

Well, there’s many more of them, however, a lot of them are diehard cybersecurity people. So clients, professionals would say, “I know who those security people are, but that’s not us.” What about a lawyer at a law firm who had been a compliance officer is now at a law firm, might go back. So do we count lawyers? There are more than a million in the country, but a lot of them aren’t involved in compliance. What about a head of internal audit who also oversees compliance? That is a role. It’s not entirely common, but it’s not unheard of. And so do we count accountants as part of this number? And then of course I haven’t even gotten to, what about everybody in Europe?

What about everybody outside the United States? So I would say that corporate compliance is still a bit, you know it when you see it and you have various people who rotate through being a pure compliance professional. They work at a corporation and they have ethics and compliance in their role. But there’s all these others out there who might help, might not have that word in their title, but might do it in substance. They might be in a different profession, they might be in one for a while, but then rotate to another one and then they’re back into a corporation, then they go to a stint at a vendor and they’re providing consulting work.

So we don’t know, I do still think that the demand for compliance capabilities, and we can talk about what that means, but corporations I think still need help with a lot of what corporate ethics and compliance professionals do. But do we know how big the number is? No. Do we know exactly who would even qualify? I think we could probably spar about that all day long. And so therefore it gets hard to say, how much will this profession grow? I am confident it will endure. I’m confident it will become more important. It might change around the edges. We can talk a lot about that.

But overall, this is still a very formless, amorphous thing at the borders, if we can put it that way.

Andra Popa: Immediately think of how important it is now for healthcare institutions, for example, to have people on their team in compliance who know how to audit using AI or how to do data analysis.

Matt Kelly: Yes, I mean we could certainly talk about how AI is going to become more useful to compliance professionals. It would be great to help you write a policy or translate it into multiple languages. It would be great to help you monitor controls that you typically would study 10% of your transactions, see if they all feel right. And then you say, “The controls are or aren’t working.” AI will let you just monitor all the transactions all the time and then tell you which ones are strange. But then you have to worry about who monitors the AI. What if it learns a bad habit?

What if cybersecurity hackers out there poison the AI and convince it to do something else? What if a different part of your business is using AI and not telling you? What if they’re just using ChatGPT and they’re dumping all of your patients’ healthcare into ChatGPT to come up with a summary of major risks? And the risk there is that the law firm or your general counsel will have a heart attack because that’s a terrible thing. So AI will help compliance officers in some ways, it will drive you up the wall in other ways, it cannot be avoided, and it’s going to change what you have to worry about.

So I am not naive. I know AI is here to stay and we’re going to use it more and more often, but it is going to drive us crazy as much as it helps us and it’s going to change what we do quite a bit and probably in a lot of ways we haven’t even imagined yet.

Andra Popa: AI has really changed the process of applying for a job for new grads and job seekers. I’ve read that LinkedIn possibly has ghost postings where they’re not really looking actively to hire someone or even fake postings that are just looking to obtain information.

Matt Kelly: There’s a lot that we could unpack there. I will take each thing one at a time. So first, how can AI help new people or even mid-career people, how can it help you look for a job? I think that AI is great to help you get started in many ways. However, AI is not going to solve this problem for you. So it can help to identify job leads out there, but you’re still going to need to confirm that those jobs exist, which is a foreshadowing of the bogus job alerts that I’m going to get to in a few minutes. But you would need to confirm that do these jobs exist? AI could help you tailor your resume and your cover letter to exactly what that job posting says it wants.

It could help you send out many more of those, or you would still need to send them out individually, but you would be able to say, “Here are a hundred different postings that I want to apply for. Write up a hundred different cover letters, perfectly matched to them.” And AI would be able to help you do that in an hour or two. I am old enough to remember when we had to apply for jobs using paper resumes and print them out and put them in the mail and to apply for a hundred jobs. It would take me two weeks if I’m lucky now you could do it in two hours and all right. AI I think could help you prepare for an interview by coaching you on what are this company’s key issue.

But you still have to verify that the AI is telling you the truth and maybe it is hallucinating what the key issues are. It could help you think through what likely questions a manager is going to ask and what would the best answers be. But even if you memorize all of those great answers, if you come across in a very stilted robotic way when you are trying to form an interpersonal connection with the hiring person, that’s not going to do you any good. And AI is not going to help you be personable or be charismatic or be thoughtful and listen and demonstrate visually that you’re doing that with the job interviewer.

So AI can help you get started on a lot of stuff and it can help to automate a lot of the more mundane tasks. However, to get the job, the closer you get to the offer, the less and less AI is going to be any good to you. And eventually I think at the final instance or the final round of interviews, it’s really going to be much more about the people across from you thinking, “Can I work with this person? Am I going to be able to stand working with the them eight hours a day, five days a week? Am I going to be able to handle going to a conference with them and getting dinner with these people?

Are they going to cook fish in the microwave because then I’m going to fire them right now?” All that sort of stuff. And so I would never want anyone to think AI is going to make this easier. AI is going to make it different, but there’s still going to be other parts of getting a job that AI is never going to help you on and you will need to work on by yourself as a human. Deep breath. Now let’s talk about all the ways that AI is driving everyone crazy in the job hunting process. And now that is true whether you are in compliance or probably any other white collar profession, probably a lot of blue collar ones too, whether you are a new grad or a older executive or mid-career or whatever.

The problem I think with AI is that it makes everything easier for everybody. So there are a lot of scam artists and a lot of morons out there who are going to do scams and dumb things. And if AI can let anybody do anything, eventually every idiot out there will do it and you’re competing with them. So I know recruiters who will post an ad online and they would easily get a thousand applications for one single job opening. Now I have no idea, nobody, I don’t think, has ever studied this, but they have to assume a vast majority of these people will be unqualified. They did not read the job interview. They just said to AI, “Please fire off a cover letter and help me apply for this job.”

And then they went to go get a soda and they didn’t do any of the stuff I just said is still really important. But that clogs up the recruiter’s experience. The recruiter has to wonder how many of these job applicants, which you listener, are competing against? Of these applicants, how many actually exist? And this is real, I’m not making this up. How many might be North Korean spies trying to pose as a western employee to gain access into a company and commit corporate espionage, which is not a fantasy. This is something that North Korea has actually done. Recruiters are worried about that.

Recruiters are worried if they have 1000 or 5000 applicants for one or two jobs, how much can they use AI to filter that down to a manageable level? So if you have 5,000 applicants, would you be comfortable having AI cut it from 5,000 to 2000? Probably. Would you be comfortable with having it cut it from 5,000 to 200? Maybe. And I’ve asked recruiters this. Recruiters generally say about 200 is the upper limit of what they could handle as a person. If you drop 200 resumes on their desk, they wouldn’t love it, but they’d understand this is the business we’ve chosen. I can get it from 200 to five.

But would anybody really feel comfortable having AI go from 5000 applicants to four finalists? And that’s what you get if you’re the recruiter. Most recruiters are terrified of that. So now we’ve defined the boundaries. It’s somewhere between cutting it to 2000. That’s okay. Cutting it to four. No, that’s not. So a lot of recruiters still they don’t know how to use AI either. What’s the right number? And they struggle with that. Now let’s switch gears, say to the applicant side. I know plenty of applicants who say, “I have applied to 900 different jobs and I haven’t gotten any callbacks.”

But I would say to them very respectfully, how many of those did you really apply to thoughtfully versus the instant apply? It’s very easy to just hit instant apply and the AI will extract the relevant keywords from your LinkedIn profile or your resume and then you go off into some automated applicant tracking system and who knows if you’ll ever hear back from them. As I mentioned before, back in the 1990s, if you wanted to apply to 900 jobs, it would take you months and now you could do it in a day. Therefore, it’s not surprising that you might not hear from 900 different recruiters because everybody else is applying for 900 different jobs.

You’re competing against all of them. The recruiters are overwhelmed. They don’t know who’s real, who’s not real. You might not know which job posting is real or not. Certainly there are unscrupulous people out there. They will post a job listing and the job listing doesn’t exist, the company doesn’t exist, the website you looked at doesn’t exist. It looks really cool because they used AI to fake it, but they are only there to harvest the personal data from your resume that you submit because you and a thousand other people are doing it and suddenly they are just gathering personal data for nefarious purposes.

So that’s a lot. And when you think about the totality of how AI is making things better or worse and easier or harder for job applicants, I would say it’s more clogging the arteries of the job hiring system. All of it is true for compliance officers, all of it is true for a lot of different people, a lot of different professions and I don’t have a good answer for it yet beyond the sort of cliche, it really depends on who you know. Can I give you a good example of what I mean here?

Andra Popa: Yes, that’d be great.

Matt Kelly: I know a compliance officer who was looking for a deputy, she was a more senior executive. She’s looking for a mid-level person. So she posts online that she’s looking for a mid-level compliance person. Within a day, gets 300 responses and she did not have much recruiting help. So she had 300 responses, a hundred of them right off the bat she wondered who let these people out of the hospital or who took off their straitjacket because they were woefully unqualified or there are all sorts of crazy applicants that just discarded right away. They went then from 200 down to about 30 finalists and then 10 really good strong candidates, but they weren’t quite sure what to do.

And a lot of people were, they’re very hesitant to pull the trigger if you don’t know who the applicants really are. And my friend was kind of in that position and so she happened to be lamenting her situation to a fellow senior compliance officer who then said, “You’re looking for a mid-level person? I know John Doe over here. He’s great, you can trust him. Take a look at his resume.” She did, John Doe’s resume was great, just what she wanted and she brought him in and boom. I don’t quite know what to make of that, but she did all of this big rigmarole essentially for nothing. I will not say she wasted the applicant’s time either, but nothing came of all of those 300 submissions.

In the end, she wound up sidestepping all of the technology, all of the structure, all of the AI and just went to a peer and said, “I’m in this bind.” Wasn’t even particularly asking for help, but the friend did say, “I can help. Here’s a resume, just do it. He’s great.” So it was all about personal trust. I know that sounds great on one level, I know for a lot of really new graduates, they’re all going to say, “But nobody knows me. I don’t have a job yet. I’m only 22, 24. How do I get it?” I don’t have a good answer for that. But some of the tried and true ways, they’re tried and true for a reason.

AI is not tried. It is not true. It has some flashes of great potential. It has some flashes of being totally just vexatious in how it’s going to drive us crazy and we have to go through a lot of growing pains with that. It’s very challenging how AI has changed up and put the job seeking experience through a blender.

Andra Popa: You mentioned that there’s a level of trust when hiring someone and I think compliance is one of those professions as is perhaps medicine where you can have a degree and you can have the credentials, but you really have to have good judgment and people have to be able to trust you.

Matt Kelly: It’s funny that you mentioned medicine because I happen to be binge-watching old ER episodes lately, and so my… Immediately as I’m listening to you, I’m thinking it was about the bedside manner is really what makes a doctor successful. To a certain extent that is also a concept that applies with compliance officers. Remember that at the end you’re asking people to behave in certain ways that they might not want to behave in. I’m not saying even that they want to go out and be unethical and cheat and steal, but it’s more like, “I’ve always done this way. I have always paid this vendor in this form. Why are you asking me to take extra steps?”

You’re intruding on how they do their real jobs. And so an important point for compliance officers is how to explain that doing their real job in a different way is going to help the whole organization and it’s important that the whole organization do well. So you really need a lot of skill at understanding how does the business actually work? How does the business make money? How do these particular functions you’re dealing with, whether they’re in sales or finance or customer service. In healthcare, I guess it would be nursing and doctors, but customer service, IT, they all like doing things in certain ways.

They probably have good reasons for saying, “Well, we’ve always done it this way.” You’re going to need to learn how to work within that to guide them to realize doing it this other more ethical way in compliance with the law is better for everybody even if it means I in particular need to take one or two extra step, but the sacrifice is worth it for the greater good. Now that even sounds corny, just saying it out loud, but that is what ethics and compliance officers do and your ability to persuade people to do that is to be much more important really than understanding what is the actual anti-kickback statute or anti-bribery law.

That’s why you have outside counsel. They can tell you what that is. Soon enough, ChatGPT or its ilk will be able to tell you better than the law firm, but ChatGPT is never going to be able to coax people who don’t want to do something into understanding, “This actually is a good idea that I do it.” That’s what makes a successful compliance officer.

Anne Hawkinsbadge: I think your concept of gaining the trust of the individual is very, very important, especially when they have to change their behavior. And I also think that you have to take into account what’s in it for them and that’s how you have to deliver that change. So I’m very happy that you made those statements. That was excellent.

Matt Kelly: Thank you. It’s okay for people to ask, “What’s in it for me?” Well, your pay, your salary, your promotion, your prestige, but compliance officers have to convince them at the same time to think about what’s in it for us and who is the us? And a lot of the us at a large corporation, people you’re never going to meet, people you will never encounter at all. You’re going to stay in your own little function in your own office with a couple of dozen or maybe a hundred people.

But if you’re a large business of a hundred thousand employees, still quite possible for a small number of people to cause enormous trouble for everybody else at a large corporation. So you really do have to be skilled at articulating what is the greater good for the whole organization and people have to like their organization, which gets back to why would I want them to trust this business? Because it’s ethical. And we could go on from there all day long if we want it, but I’ll get off my soapbox for-

Anne Hawkinsbadge: No, I think you need to stand on your soapbox. I think it’s very important for people to understand this because what you’re asking them to do is change your thinking. And having said that, I guess you made another good point about, at least I interpret it like reporting structure. So what specific question should a compliance professional ask during interviews to determine if the compliance role reports to leadership such as the CEO or the board rather than reporting into work potential conflict could occur should the compliance professional find something wrong?

Matt Kelly: Well, certainly you can just flat out ask that question if it’s not clear even just from a job posting. To whom does the compliance officer report? In the ideal world, the compliance officer would report to the CEO with regular and easy access to the board. Here in the real world, that still happens a fair amount of time, but I would bet that a majority of time the compliance officer reports into the general counsel. That is for various reasons I think not optimal. There are various lawyers out there who would disagree with me. There are generally general counsels, but you could just ask to whom does this compliance officer report on a regular basis?

On a daily basis, who’s my boss? And if it is the general counsel, you could also then ask what is the compliance officer’s exposure to the board and how often does the compliance brief the board on what the compliance officer does? What the current state of ethics and compliance is? I think for example, could you go to the board every quarter and report to them for five minutes on here’s how many hotline complaints we got, here’s how many we’re investigating, here’s how many are serious. Sure you could do that. That’s just really compliance telling the board how busy you are, which is not really all that useful.

The board wants to know do we have any big issues? So I would say if you report to the board once a year for an hour where you talk about here’s how our internal reporting structure works and here is what happens, the natural flow of a allegation of misconduct. How does it come into the company? When it does, how does it get rooted to this person? What steps do we take to figure it out that it’s legitimate or not substantiated? What issues would result in me pulling the fire alarm and marching right into the audit committee immediately versus the run-of-the-mill stuff where you probably never even need to know that it’s coming up.

And if you could spend an hour, a year talking with the board on some big element of the compliance program and how it works, I would say that is a healthier relationship. Then you get trotted out at the end after they’ve been meeting for five hours on something else and basically they’re going to say, “Is anybody getting indicted?” “No, you’re doing great. See you next quarter.” That’s not good. So think about that. Certainly you could do your homework and try to figure out who is the compliance officer who left? Why is this position vacant? Maybe that compliance officer, if you can track them down, maybe they’ll be forthright about their opinion of the company.

You might have to have an off the record conversation about that. But nonetheless, compliance officers are generally good and healthy and supportive people and I think it’s not a huge world. I know compliance officers who have worked at company A and it’s been a disaster, and then a friend of theirs wants to hold that same job two years later and they will tell that friend, “Well, company A has these issues and here’s why I got driven out.”

And you could certainly do more research on websites such as a Glassdoor and Blind and others that will give you insights into the corporate culture and sometimes they are, I will say, quite unvarnished, pimples and all. And that would help you understand how either to ask really tough pointed questions about the corporate culture or at least know when you are being fed peaches and cream and it’s not true. So you can think about that as well. But there are multiple ways you can try to get a line on, am I reporting to the right person? Do I have access to the right people even if my reporting structure isn’t ideally what I would like, could I still reach the right people in an emergency?

Which is also important to know. A quick example, I think, if you are applying to be a compliance officer to major corporation and the chairman of the audit committee of the board says, “You shouldn’t call me, you should go to the general counsel.” No, the red flag is visible from the moon. The only people who are the chair of the audit committee should say, “You can call me anytime day or night.” Chief compliance officer, general counsel, maybe the head of internal audit. Audit committee chairs should have all three of those people’s phone numbers programmed in. You should be able to call them 24 hours a day.

And if the answer is ever no, you can’t, drop that company like a hot potato. But there are various ways that you can try to get a bead on is this company one that takes the CCO role seriously or not?

Andra Popa: I also look at the reporting to government agencies. If it’s the same issue reported year after year, millions of dollars in settlements year after year for the same thing, it for me is a red flag that something isn’t working with the compliance department.

Matt Kelly: That’s an excellent point and one good metric I think of does this board take corporate culture and ethics seriously, look at outstanding findings from internal audits and if the internal audit team has been flagging the same thing for five years, clearly the board has not strangled the appropriate person to say, “Fix this now.” So if there were some way you could see that, unaddressed internal audit findings are a wonderful metric to show that senior management does or does not take ethics compliance and good business conduct seriously.

I don’t know if you could get that insight from the outside, but if you found it once you’re on the inside, you’d have to think long and hard about what’s going on. But it’s a great point to raise. Regulatory agencies that might put out reports about companies or something like that. Maybe you could ask for it in the interview process. “If you really want me, I want to see these reports.” Sign the non-disclosure agreement, go from there. But yes, that’s another excellent avenue to explore.

Anne Hawkinsbadge: I think, again, one of the things that you’ve just said or alluded to is the networking both inside and out. So as a young individual entering into compliance or as an existing compliance professional, are there any associations that are very good that they should join or be a part?

Matt Kelly: There are a bunch, in fact, yes. If you are in healthcare, there’s the Healthcare Compliance Association, which many thousands of members, maybe as many as 20,000, you can find them online. They hold a big national conference every year in the United States. It will typically get a couple of thousand attendees. They hold small local roundtables and conferences around the United States, one-day events, chapter events that might pull in one or 200 people. A great way, very cost affordable way as well, to meet some of the local people in your city. If you are not in healthcare, but you are in compliance, they have a sister organization, the Society of Corporate Compliance and Ethics SCCE.

That is basically the compliance association for everybody else who is not in healthcare, although their membership is also outside the United States, but they have a big annual conference. This year it’s in September in Nashville. They have local chapter meetings and the parent organization for both of these. They also have routine online webinars and virtual forums. If you are specifically in banking and you’re worried about anti-money laundering compliance, there is a group called ACAMS, which I think is the Association of Certified Anti-Money Laundering Specialists.

They have a big conference. If you are corporate compliance in finance, so banks, insurance, hedge funds, registered investment advisors, things like that, they have their own group too. The Society of Corporate Compliance Professionals. You could crash a Institute of Internal Auditors conference or two if you want. A lot of what they discuss is very similar to what compliance officers worry about and they’re not going to throw you out if you show up even though you’re a compliance person, and you could even get certifications in various of these. I think all these organizations have a certification that you could get.

You have to pay money for it, take a few courses with them, it boosts your resume. But all of those groups and more, there are local compliance officer associations that they get together once a quarter or so to have a couple of beers after work. I know on my website I have a list of a bunch of them for US cities. If anybody listening is part of one and you check it out, you see I don’t have the listing, you can always let me know. I will add it to my list. But what I like about corporate compliance officers is that they are so supportive of each other. I think partly because there aren’t a lot of really highly classified issues in corporate compliance.

If you have a great way to encourage a speak up culture or a great policy for anti-corruption, you want to share that with everyone. It’s not classified intel, so why not? Which is not always the case for other corporate professions where industry information or proprietary information is a bigger concern. It’s really not a big concern here. So this field, they tend to be quite supportive and helpful to each other, and it’s really nice to see.

Andra Popa: Your weekly compliance jobs report highlights career moves and openings. How can recent graduates as well as more seasoned professionals use this to identify both entry-level opportunities as well as more advanced opportunities and stay informed about trends in compliance?

Matt Kelly: Well, it’s funny. So that is… I’ve been doing that now for 10 years or so, I think 10 years this August, and it started as a lark where I had nothing to write that day. So I realized I saw a couple of updates on LinkedIn for my connections that they had new jobs. So I said, “I’ll post a rundown of that. Why not?” And I had enough at the end that I couldn’t run them all in one column. It would’ve been too long. So I said, “All right, I’ll put aside the rest and I’ll do it the next week.” And 10 years later, I’m still doing it every week. You could use it in a couple of different ways.

A lot of people use it just to see who has accepted a new job, because I typically say Susan Doe from ABC Company has now taken a new job at XYZ Company as chief compliance officer. Well, you can pretty much understand then that might mean that her old job at ABC Company is now vacant, so you could use it that way. I do every week include a couple of interesting job posts. Interesting as defined by me, which is a terribly subjective standard. So sometimes compliance officers I know who are hiring, they will send me a job posting and say, “Could you do me a favor and include this in your weekly report?”

Sure, happy to do it. If I don’t have any, I just look around at what seems cool and interesting. For example, lately I have been paying more attention to compliance jobs at AI businesses. I’ve been looking at more trade compliance or tariff compliance jobs, which five years ago I probably never would’ve encountered any of those listings. But what is challenging, what is new? You could also look at what companies have suffered a major enforcement action lately where they have promised to spend more on their compliance programs. I will name some names here, but TD Bank, they had a huge anti-money laundering scandal in ’24.

They agreed that they would dramatically beef up their compliance hiring. So they’re always looking for people right now. RTX, which is the parent company of Raytheon and a couple of other defense contractors, they also had a big anti-corruption settlement. So no surprise, they’re hiring. I think if you are just looking at any large company, you could go to their careers’ website, Google compliance, see what comes up. Most of them are at least have job postings listed almost every week. Now are they listed because that’s the policy and they already have an internal candidate and outsiders might not get the job?

That’s possible, but for a lot of large businesses, they’re constantly having these mid-level and junior-level jobs that they are looking to fill. So especially for younger graduates, I would just say you could maybe look on what are the compliance jobs that come up. Don’t apply through LinkedIn. Go then to the job that you think sounds interesting. Go to that company’s website, find the actual opening, apply there. Or even better if you happen to know somebody at that company or could get an introduction because personal connections, like I had mentioned earlier, they still are a big part of success. I have friends who are recruiters.

I know recruiting is not an easy job. With all due respect, however, recruiters don’t really know a lot about the jobs they’re hiring. Sometimes they get job descriptions, they have marching orders that they follow, but a recruiter is fundamentally an HR sort of person. They will recruit for that role that they have been told to recruit for. If you can find the compliance office, that person is going to be the one who says, “I need somebody who can do this, this, and this.” They’ll be able to give you much precise and clear and correct answers about are you a good candidate or not? That’s another important point for young compliance officers to think about.

But anyways, yes, the job support. If you have new jobs, you want to announce it, you want the world to know, send me that you got a new job. I’m happy to include it all the time, and I am happy to make the jobs report as useful as possible. So if you have a better idea of what I could do with this information, let me know and I’m happy to make it a better resource for the compliance community.

Anne Hawkinsbadge: Matt, I have a question. Would you ever post internships in your report if colleges provided that to you or agencies provided?

Matt Kelly: Nobody’s ever asked me that before. Sure. Yes. Per what I just said, if somebody has a good idea I’d never thought of, and this is a good one. I am happy to do that as the bandwidth allows. It’s interesting that there are now a lot of colleges that are offering, I don’t know how many offer majors in corporate compliance, although I wouldn’t be surprised if some do. And there are a lot of law schools or graduate business schools that offer master’s programs in compliance for those who might not necessarily want to get a law degree. And if you’re 45 and you’ve been working in compliance for 20 years kind of by happenstance, I don’t know that going back to school to get a law degree in the three years in the expense of that would really be all that useful to a continuing mid-career compliance person.

But taking a one-year night course or online course at a college that offers a graduate program through the law school to help non-lawyers understand what the law is without the burden of getting a JD, there’s a lot of schools that do that. And if they have programs that are looking for internships, I once came across a school that offered a compliance clinic, kind of like where some law schools offer public defender clinics to help their law students cut their teeth. Boston University had a compliance clinic for a few years to help corporate compliance programs cut their teeth with their law students. I’m always open to interesting things like that.

Andra Popa: You broke news that people didn’t know in the industry in your newsletter.

Matt Kelly: Way back when, I used to be a newspaper reporter at the start of my career. Back when people still worked at newspapers, I still consider myself a reporter first and foremost. Now in the modern news cycle and what compliance officers have to deal with, I try to focus more on how did this thing that has happened at this company, how is that related to what you might worry about at your company over there? Trying to put it more in a context. The Wall Street Journals and Reuters of the world are always going to beat me most of the time on big news events, but they don’t know what the significance of that would mean for compliance officers, and I try to do that. Now if I can also occasionally break news-

Anne Hawkinsbadge: Is there anything you’d like to sum up or say as we conclude this podcast?

Matt Kelly: Yes, I will now get on my soapbox again. And I still think compliance officers should have an optimistic perspective on this career, and I want to take a few minutes to explain why, because I do know that a lot of people are unnerved about a couple of different forces. Now, clearly, the Trump administration is retreating from a lot of vigorous regulatory enforcement. Lighter touch approach to enforcement trying to repeal a lot of rules, and there were compliance officers who back in January at the start of the Trump wondered if, “Does this mean that I will no longer have a purpose and will all be unemployed by July or August?”

Well, July or August is here, and I actually find that a lot of compliance officers are saying either nothing has changed or, “The Trump administration’s approach has actually made my job more complicated.” Because as you repeal various rules, then they change from a rule to a… The risk does not care whether it’s regulated or not. I’ll give you a quick example. So we really don’t enforce anti-corruption law in the United States as much as we used to for the last 20 years. If you bribed a foreign government official to win a contract overseas, that was a big deal.

That was a violation of the Foreign Corrupt Practices Act, and heaven help you because your company would be under investigation for eight years. You would wind up with a compliance monitor and you’d pay a $200 million legal fine. So FCPA compliance was a big and vigorous thing even through the first Trump administration. The administration has now said, “We’re really not going to enforce it all that much.” However, if you are a corporation, do you really then want to start embracing a pro-corruption stance? Because that’s a terrible idea.

Immediately, every corrupt official around the world is now going to see that there’s a big sucker mark on your forehead and be hitting you up for more bribes. But even then, if you repeal all of the compliance apparatus that you’ve had to prevent foreign corruption, you have repealed a lot of very important things for proper corporate accounting. You still have employees who will lie, cheat, and steal, and embezzle from you and the mechanisms you would use to prevent them from doing that bear a striking resemblance to the FCPA stuff that you have built up over 20 years. So there’s a lot of that, and plus there’s a lot of regulatory enforcement that has not gone away.

If you are involved in a lot of exports of sensitive materials and technologies overseas, you are worried night and day about export control issues. If you have a large workforce that is a high turnover and a lot of immigrant workers, you are sweating night and day for when there might be an ICE raid and do you have proper worker documentation processes in place? That’s going to be a big thing. So there’s still a lot that compliance officers or that corporations have to worry about. I think artificial intelligence would be another example. How are we supposed to regulate AI? Look, nobody knows. We have some good ideas at the state level.

We have some good ideas in Europe. We may or may not have a good idea at the federal level, but employees are embracing AI as quickly as they can. What are the risks of that? Well, we don’t know. How are we going to prevent employees from adopting AI in a reckless and dumb manner that might bite us on the rear end? We have to think about that. Those capabilities a company would need to think through those risks, they are all the same sort of compliance capabilities that we’ve been building up for the last 20 years.

Studying regulations, developing policy, training people on policy, doing investigations when they don’t follow the policy anyways, dealing with third parties, contractors and whatnot who are working on your behalf who might not even know your policy. All of that is still here. I would say all of that is going to get even more important by the year 2035. Show me the economy and how it evolves so that any of that becomes less important. We are not going to stop training people. We are not going to stop soliciting calls on the employee hotline and tell employees, “If you see the building on fire, don’t bother telling anybody.”

We are not going to cease using third party contractors. All of this is going to go up and up and up still. So while we might be in an odd moment for compliance officers, I don’t think it’s necessarily bad. While we might go into a recession, and that might make employment bad for everybody for a while where you might have a string of bad luck and you in particular might have a bad career for a period of years, I can appreciate that. I’ve gone through all of these things myself. None of that is the same as saying compliance capabilities are going to become less important in the future. This is a bad career choice.

AI is making it a difficult job search, but that’s not the same as saying there are fewer and fewer jobs. The need for what compliance officers can bring to a corporate organization, I think that is going to go up and up and up. You’ll need to reframe how you describe it. You’ll need to reframe what your value proposition is, but this is not something where you are a horse and buggy maker in 1915, wondering about the Model T. Is it going to cost you your job or not? That is not where we are. I don’t foresee anything like that anytime soon.

My closing point, and then I will get off the soapbox, but I’ve been in this business long enough now that I have some friends who have children who are college age, and they have asked me, “Geez, do you think they should go into compliance too? Is this really going to be something that they could still build a career on in 25 years?” Absolutely, wouldn’t blink an eye if either of my two young children went into compliance in the future. I think it’s fine. This has been a great conversation.

Andra Popa: Now we’ll turn this back to you, Ed.

Ed Butch: Thank you Andra and Anne for that great conversation. Now be sure to tune in next month for our season wrap-up of the Engaged University, and then in January we’ll kick off season four. See you then. I invite all of our listeners to visit citiprogram.org to learn more about our courses and webinars on research, ethics, compliance, and higher education. I look forward to bringing you more expert guests to discuss what’s happening on campus. Special thanks to our line producer, Evelyn Fornell. Production and distribution support provided by Raymond Longaray and Megan Stuart.