I conclude this exploration of the uses of social media in doing compliance by exploring why the compliance function is uniquely suited to using social media tools. Long gone are the days when Chief Compliance Officers (CCO) or compliance practitioners were lawyers housed in the Legal Department or the General Counsel’s (GC’s) office writing policies and procedures and then putting on eight hour training programs on same. Donna Boehme has written passionately about CCO 2.0 and the structural change to separate the CCO role from that of the GC because of the differences in focus of a CCO and GC. Simply put, a GC and legal department is there to protect the company while the CCO and compliance function exists to solve problems before the company needs protections from them.
Freed of the constraints to write policies and procedures by lawyers for lawyers, the profession has moved to integrating compliance directly into the fabric of the company. I often say that a Foreign Corrupt Practices (FCPA) compliance program is a business solution to a legal problem. The problem is how to comply with the FCPA and other anti-corruption regimes. The solution is to burn compliance into the DNA of your company so that it is not only owned by the business unit but also acted on by the business unit in its day-to-day operations.
I think this means that we are now moving to CCO 3.0 where a CCO or compliance practitioner is putting compliance into the forefront of how a company does business. The example of safety comes to mind when every corporation I ever worked at made clear that safety was everyone’s responsibility, literally from the shop floor to top of the company. I once heard of a Executive Vice President (EVP) of a major oil and gas operating company, while touring a contractor’s facility, stop the tour to point out that a contractor carry two bags of trash down a set of stairs was an unsafe practice and required the employee to carry one bag at a time so she could hold the handrail while descending the stairs. That is the level of the awareness of safety now.
The evolution of compliance is just as dramatic. Moreover, the compliance function should be on the cutting edge of moving it forward within your company. The important thing to remember about social media tools is precisely that; they are tools that a CCO, compliance practitioner or any company can use to communicate with their employee base. Put another way, social media is but one part of the communication ecosystem which can be used to market the message of compliance.
Last week I wrote that there are still many companies who do not allow their employees access to the most popular and useful social media tools at work or even on company computers. While these companies always claim it is due to security issues, the reality is that they simply do not trust or even respect their employees. In such a company, management is much more concerned about what employees might say about an organization than trusting that they not only want to do the right thing but will execute such a strategy when provided the opportunity to do so, through the mechanism of social media. This means that companies which trust and respect their employees do not have to worry about employees releasing confidential data through social media channels because there are plenty of other ways that employees can release confidential information if they were so inclined. Indeed think of the Dodd-Frank Whistleblower provision and how many employees who report to the Securities and Exchange Commission (SEC) reported or tried to report internally before going to the SEC. Simply put if a company does not trust and respect its employee base, communicating the message of compliance throughout an organization will be more difficult but that is clearly not the signal senior management is sending to its employees.
The compliance function must engage with its customer base, AKA the employees in a company. Charlene Li, in her recent work “The Engaged Leader”, said in the introduction “In order to be truly effective today, leaders in business and society must change how they engage, and in particular how they establish and maintain relationships with their followers via digital channels.” The same is true for the compliance function. She believes that technology has changed the dynamic between leaders and their followers. In The Engaged Leader she explains:
- Why leaders need to master a new way of developing relationships, which begins by stepping out of traditional hierarchies
- How to listen at scale, share to shape, and engage to transform
- The art of making this transformative mind shift
- The science of applying the right tools to meet your strategic goals
Li believes that “This transformation is not optional. Those who choose not to make this change will be abandoned for those who inspire people to follow them.” In an interview for the podcast HBR Ideacast, entitled ““Social Media Savvy CEO” is no Oxymoron”, Li further expounded on these views. She asked why a leader would be afraid to engage with those in his or her corporation? But more than simply engagement, she asked why would a leader want to cut themself off from the best source of information for them and available to them; their employee base, through social media. After all, every company strives to have an active engagement with their customer base so why not have it with employees.
Now change out Li’s language from ‘leaders’ and insert ‘CCOs or compliance practitioners’. I think it is even more critical for the CCO or compliance practitioner because doing compliance is something that should occur in the business units. Yes a CCO can put those policies and procedures in place but it is the folks in the field who must implement them going forward. If social media can be a tool to help facilitate doing compliance why not embrace it for communications, training, input, problem identification or resolution?
Yet there is another reason for the compliance function to embrace social media going forward. One of my favorite thought leaders around innovation in the legal arena is Professor David Orozco. In a blog post, entitled “Innovation in the Legal Sector”, he said, “Innovation is a big deal. It’s been a big deal ever since customers rewarded differentiation and punished companies that failed to maintain their creative edge.” The same is equally, if not more so, applicable to the compliance arena. The Department of Justice (DOJ) has consistently made clear that FCPA compliance programs should be evolving and using the newest and best tools available. That sounds suspiciously like social media to me. So if these tools are available to you and at a very reasonable cost (i.e. free) why not consider using them. If you are afraid of information getting out of your company, why not consider using the social media concepts behind your firewall in your company intranet system?
Finally, even if you cannot use some of the publicly available tools discussed earlier, there is no reason that you cannot incorporate the concepts into your compliance program. By that I mean you can use the communication ideas inside of your company for your compliance program. You can create the equivalent of a Tweet-Up where the CCO or others answer questions that employees submit. Similarly, you can live stream a Q&A session using the concepts articulated by Meerkat and Periscope for social media live streaming. Pinning compliance reminders or other information in some type of internal company bulletin board is using the basic concept of Pinterest. I am sure that you can accomplish the same by using SharePoint. Why not create an internal compliance reminder video series using the same tools that a millennial would use to create a Facebook post?
Think all of this sounds far-fetched? Think again. In this month’s issue of the Compliance Week magazine, Guest Columnist Raphael Richmond, the CCO at Ford Motor Company, in an article entitled “Compliance? There Should Be an App for That!”, detailed how the company has created an app for iPhone and Android devices that “allows users to access compliance information quickly, including brief, easy-to-understand policy summaries and answers to frequently asked questions (FAQs). The app also has a “Can I … ?” tab that acts as a quick decision tree for finding specific answers to commonly asked questions. Topics in our app address a range of compliance issues, from anti-bribery guidance to Ford’s approach to gifts and favors, meals, travel, and social events. Individuals can also report a suspected violation directly from the app to the Corporate Compliance Office.” It will certainly be exciting to see how Ford develops this tool going forward.
I often say that as a CCO or compliance practitioner you are only limited by your imagination. The use of social media in your compliance function is one that is crying out for imaginative usages. As we move to CCO 3.0, the compliance function will need to avail itself of all the tools it can to communicate the message of compliance. The DOJ currently requires companies that enter into Deferred Prosecution Agreements (DPAs) to keep abreast of technological innovations in compliance. How long do you think it will take for the DOJ to start asking how much compliance communication you have both up and down the chain? If you are not using a social media tool or even a social media technique you may already be behind the 8-ball and you certainly will be left behind in the marketplace of ideas going forward.
I hope that you have enjoyed this six-part series on the use of social media in your compliance program as much as I have enjoyed researching it, writing and posting it. If you are currently using social media tools, concepts or techniques in your compliance program please contact me, as I would appreciate the opportunity to learn more about what your organization is up to in that realm. Also, please remember that I am compiling a list of questions that you would like to be explored or answered on the use of social media in your compliance program. So if you have any questions email them to me, at email@example.com, and I will answer them within the next couple of weeks in my next Mailbag Episode on my podcast, the FCPA Compliance and Ethics Report.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2015