Positioning Compliance Officers for Success in ABA Organizations

In ABA organizations, compliance failures are rarely the result of bad intentions or unethical behavior. More often, they stem from something far less visible: how the compliance function is positioned within the organization.

ABA is uniquely vulnerable to compliance risk. Revenue is tightly linked to clinical decision-making. Services are delivered through delegated models. Documentation, supervision, and billing are deeply intertwined. When compliance is underpowered, conflicted, or treated as an afterthought, risk doesn’t disappear—it simply goes undetected until a payer, regulator, or whistleblower brings it to the surface.

Positioning compliance officers for success isn’t about checking a box or naming a role. It’s about designing systems

What Compliance Officers Need to Succeed 

At its core, compliance is a governance function. For it to work, certain conditions must be in place.

Authority to make decisions
Compliance officers must have real authority—not just the ability to make recommendations. This includes the power to pause workflows, require corrective action, and escalate concerns when necessary, even if there is an impact on revenue. When compliance is treated as purely advisory, risk management becomes optional. This doesn’t mean compliance should have unchecked authority to halt operations entirely, but meaningful decision-making power is essential for the function to work.

Autonomy in their work
Effective compliance is proactive, not reactive. Compliance officers need the freedom to set priorities based on risk, initiate reviews, and determine where attention is needed. “Directed compliance,” where leadership decides what will and won’t be examined, undermines the very purpose of the role.  Compliance officers should work in concert with leadership, but not solely at leadership’s direction.

Psychological safety to push back
Compliance work often involves raising uncomfortable issues, challenging assumptions, and questioning decisions made by senior leadership. If compliance officers cannot safely push back without fear of retaliation or marginalization, the role becomes performative rather than protective. Pushback is not resistance—it’s protection and it's a core expectation of the job.

Reporting Structure and Access: Independence Matters

How compliance is positioned on the org chart sends a powerful message about its role.

Reporting to the right executive
Best practice is for compliance to report to the CEO or an equivalent executive leader. This signals organizational commitment and ensures visibility at the highest level. While compliance must work closely with legal counsel, it should not report to legal. Legal focuses on defense and privilege; compliance focuses on prevention, detection, and correction. Those functions overlap, but they are not the same, and at times, they are in conflict.

Independent access to the board
When an organization has a board, compliance should have direct, independent access to it. This doesn’t mean constant reporting, but it does mean having a clear path for escalation when issues cannot be resolved internally. Even periodic or structured access is better than none.

When a Full-Time Compliance Officer Isn’t Feasible

Many small and midsize ABA organizations cannot afford a dedicated, full-time compliance officer. As a result, compliance responsibilities are often shared across clinical, operational, billing, or administrative roles.

This reality isn’t inherently problematic, but it does require careful, thoughtful design to ensure compliance functions can be met and conflicts avoided.

Before assigning compliance responsibilities, organizations should take time to thoughtfully examine:

• The individual’s primary job duties
• The incentives tied to their role
• Where compliance expectations may directly conflict with operational, clinical, or financial pressures

For example, assigning compliance responsibilities to a Clinical Director who is evaluated on utilization and continuity of care can create pressure to overlook documentation or medical necessity concerns that might delay services. Asking a Billing Manager to audit claims they submit places them in the position of evaluating their own work, which can discourage escalation of billing errors or overpayments. An Operations Manager measured on efficiency and keeping services flowing may experience tension when compliance controls slow scheduling, billing, or onboarding processes. 

Similarly, senior behavior analysts or clinical supervisors asked to monitor compliance may struggle to objectively enforce standards when doing so conflicts with their role in supporting, coaching, and retaining staff or when a review shows deficiencies in the work of their peers, colleagues and supervisees. In smaller organizations, owners often assume compliance responsibilities by default, which can limit independence and cloud judgement when findings carry financial or reputational consequences. In each case, the risk is not lack of knowledge or intent, but the presence of competing contingencies that influence decision-making.

Just as importantly, these decisions should be revisited regularly. As job duties expand and organizations grow, add payers, widen geographically, or update service models, yesterday’s compliance structure may no longer be adequate. Compliance design should evolve and mature alongside the organization.

Mitigating Conflicts When Compliance Responsibilities Are Shared

When compliance duties are split across roles, safeguards are essential.

Some effective strategies include:

• Separating execution from oversight functions whenever possible
• Rotating audit or review authority so no one is solely responsible for monitoring their own work or the work of their team members and colleagues
• Using cross-functional or committee-based compliance review
• Clearly defining escalation pathways and decision-making authority

Let’s say the billing specialist is responsible for submitting claims, another role should periodically review billing trends or audit a sample of claims to avoid self-policing. When clinical supervisors oversee documentation and supervision, compliance review can be assigned to someone outside that supervisory chain or reviewed through a small cross-functional group. Some organizations rotate who conducts internal audits or chart reviews so that no single individual consistently evaluates their own area of responsibility or their own team members. A standing compliance committee—often including clinical, operations, and administrative representation—can be used to review findings and track corrective actions. In all cases, it should be clear when compliance concerns require escalation, who has authority to pause workflows or billing, and how final decisions are made.

Not all conflicts can be eliminated. When they can’t, they should be acknowledged explicitly. Documenting known conflicts, implementing compensating controls, using external reviews strategically, and reassessing decisions regularly all demonstrate intentional risk management.  Conflict itself is not a failure. Ignoring it is.

Leadership Sets the Conditions for Compliance Success

No compliance structure can succeed without leadership support at the highest level of your organization. Leaders don’t just approve compliance programs—they actively shape whether those programs function as intended.

Leadership demonstrates support for compliance when they treat compliance findings as information, not inconvenience. This includes responding to identified risks with curiosity rather than defensiveness, and viewing corrective action as part of responsible operations rather than a failure of staff.

Prioritizing compliance also means protecting the independence of the compliance role. Leaders reinforce this by respecting compliance decisions, avoiding pressure to soften findings, and supporting escalation even when it affects revenue, schedules, or growth plans. When compliance officers are consistently overruled—or learn that raising concerns leads to negative consequences—the message is clear, regardless of what policies say.

Resourcing is another concrete signal of leadership commitment. Effective compliance requires time, staffing, access to data, and tools that match the organization’s size and complexity. Leadership prioritizes compliance when it budgets for proactive monitoring, allows protected time for compliance work, and revisits resourcing decisions as the organization grows or changes. Compliance maturity is reflected less in the number of policies an organization has and more in what leadership is willing to fund, staff, and prioritize.

Leadership also sets expectations through visibility and follow-through. When leaders ask about compliance trends, track corrective action to completion, and hold managers accountable for implementing changes, compliance becomes embedded in the organization’s operating rhythm. When findings are acknowledged but not acted upon, compliance becomes symbolic.

Finally, leadership support shows up in how concerns are handled. Clear non-retaliation expectations, safe reporting pathways, and consistent responses to identified issues reinforce that compliance exists to protect clients, clinicians, and the organization—not to assign blame.

In short, compliance culture is not created by policy alone. It is reinforced daily by what leadership chooses to notice, support, and prioritize.

Additional Considerations as ABA Organizations Grow

As your organization scales, compliance must shift from a single role to a coordinated function.

Managing a compliance team
Larger organizations require dedicated compliance staff with clear roles and centralized coordination. Scattering compliance duties across departments without oversight leads to fragmentation and blind spots.

Adequate resources and infrastructure
At scale, under-resourcing compliance results in reactive, crisis-driven work. Effective compliance requires time for proactive monitoring, access to appropriate technology, and staffing aligned with organizational complexity.

Compliance’s role in investigations
Organizations must clearly define when compliance leads investigations, when it supports them, and how it coordinates with HR, legal, and clinical leadership. Compliance must be empowered not only to investigate concerns, but to act on findings and recommend corrective action—without pressure to influence outcomes.

Collaboration without compromise
Compliance must collaborate closely with clinical leadership, billing, operations, and IT. Collaboration, however, does not mean consensus. Compliance retains decision-making authority in matters of risk.

Access to data and systems
At scale, risk rarely appears in isolated errors. It emerges in patterns. Compliance must have direct access to clinical documentation, billing data, scheduling records, and supervision logs in order to identify trends before they become liabilities.

Red Flags That Compliance Is Poorly Positioned

Even well-intentioned organizations can undermine compliance without realizing it. Certain patterns tend to emerge when compliance lacks authority, independence, or leadership support. Recognizing these red flags early allows organizations to correct course before risk becomes visible externally.

• Compliance findings are filtered before reaching leadership
• “No issues found” is treated as success
• Corrective actions are informal or undocumented
• Compliance concerns are routinely overruled without escalation

A Quick Self-Check for ABA Organizations

Recognizing these red flags isn’t about assigning blame or judging past decisions. In many cases, they reflect growth, changing demands, or well-intentioned workarounds that have outlived their usefulness. A brief self-check can help organizations assess whether their compliance function is positioned for success.

• Can our compliance role say “no”?
• Who reviews the reviewers?
• Where do unresolved compliance concerns go?
• Does compliance have the resources to do proactive work?

Final Takeaway

Compliance is not a job title—it is a system.

Whether an organization is small, midsize, or enterprise-level, compliance officers succeed when they are positioned with authority, independence, resources, and safe escalation pathways. What changes with size is not the need for these elements, but the complexity required to support them.

Strong compliance protects clients, clinicians, and the long-term sustainability of ABA services. Designing for it intentionally is one of the most important leadership decisions an organization can make. Positioning compliance officers for success isn’t about perfection—it’s about intention, structure, and thoughtful leadership.

Compliance leaders shouldn’t have to navigate these challenges alone.

If this article raised questions about how compliance is positioned in your organization, that’s a good thing. These are not always easy issues to spot from the inside—and they rarely show up clearly until risk is already building.

To help you take a closer look, we’ve created an ABA Compliance Structure Self-Assessment. This tool walks you through the key elements discussed here—from authority and reporting structure to conflict risks and resource gaps—so you can evaluate whether your current design truly supports effective compliance.

And if you find that your structure needs refinement, you don’t have to work through those decisions alone.

The ABA Compliance Collective is a community for ABA leaders and compliance professionals who are actively building and strengthening their compliance programs. Inside, you’ll find practical guidance, real-world discussion, and a space to work through complex challenges like role design, governance, and audit strategy with others facing the same decisions.

Start with the self-assessment, then explore how the Collective can support you in turning those insights into a stronger, more sustainable compliance system.