Design ThinkingIn many ways the migration from Chief Compliance Officer (CCO) 1.0 to 2.0 and beyond is more than simply about the technical aspects of a CCO to the internal and external delivery of a compliance solution by the compliance function. The Department of Justice (DOJ) and Securities and Exchange Commission (SEC) both have consistently articulated that a Foreign Corrupt Practices Act (FCPA) anti-corruption compliance program should be an evolving solution, dynamic not static. Compliance as a business solution to a legal issue and must also evolve to meet the ever-changing business dynamics of a progressively globalized marketplace and international enforcement of anti-bribery laws. To think that the drafters of the FCPA foresaw every business challenge that would appear over the intervening 35+ years belies the path of legal and commercial developments in that time frame.

One of the areas of development that can be of use to the compliance practitioner is design thinking in your compliance program. This issue was explored in a series of articles in the September issue of the Harvard Business Review (HBR). In an article by Jon Kolko, entitled “Design Thinking Comes of Age, he posited, “the approach, once used primarily in product design, is now infusing corporate culture.” For the CCO or compliance practitioner this means recognizing you have customers, i.e. your employees, and third parties that may fall under your compliance program. All of these groups have a user experience in doing compliance that may be complex and interactive. As a CCO 3.0 or further, you will need to design a compliance infrastructure to the way people work so that doing compliance becomes burned into the DNA of a workforce.

The first component of design thinking is to focus on the users’ experience with compliance. Kolko stated that designers need to focus on the “emotional experience” of the users; he explained that this concerns the “(… desires, aspirations, engagement, and experience) to describe products and users. Team members discuss the emotional resonance of a value proposition as much as they discuss utility and product requirements.” For the compliance function, this could be centered on the touch points the employee base has with the compliance function and that this should be “designed around the users’ needs rather internal operating efficiencies.”

The next step is to create something design thinkers use called “design artifacts”. While this is usually thought of a physical item they can also be “spreadsheets, specifications, and other documents that have come to define the traditional organizational environment.” Their use is critical because “They add a fluid dimension to the exploration of complexity, allowing for nonlinear thought when tackling nonlinear problems.” Whatever the compliance practitioner may use, Kolko said, “design models are tools for understanding. They present alternative ways of looking at a problem.”

The next step is to “develop prototypes to explore potential solutions.” In others words, build a part of your system and test it from the users’ perspective. Here the author quoted innovation expert Michael Schrage for the following, “Prototyping is probably the single most pragmatic behavior the innovative firm can practice.” I think this is because “the act of prototyping can transform an idea into something truly valuable” through use, interaction and testing. Simply put prototyping is seen as a better way to communicate ideas and obtain feedback.

While it may initially sound antithetical to the CCO or compliance practitioner, a key component for design thinking is a tolerance for failure. I realize that initially it may appear you cannot have failure in your compliance program but when you consider that design thinking is an iterative process it becomes more palatable. Kolko quoted Greg Petroff, the chief experience officer at GE software, about how this process works at GE, “GE is moving away from a model of exhaustive product requirements.” Kolko added, “Teams learn what to do in the process of doing it, iterating, and pivoting.”

However design thinkers must “exhibit thoughtful restraint” when moving forward so that they can have deliberate decisions about what processes should not do. This means that if a compliance process is too complicated or requires too many steps for the business unit employee to successful navigate, you may need to pull it back. I like the manner in which Kolko ends this section by stating that sometimes you lead with “constrained focus.”

Kolko ended his article by noting three challenges he sees in implementing design thinking, which I believe apply directly to the CCO or compliance practitioner. First is that there must be a willingness to accept more ambiguity, particularly in the immediate expectation, for a monetary return on investment. A more functional or better compliance system design may not immediately yield some type of cost savings but it may be baked into the overall compliance experience. Second, a company must be willing to embrace the risk that comes from transformation. There is no way to guarantee the outcome so the company leaders need to be willing to allow the compliance function to take some chances in directions not previously gone. Third is the resetting of expectations as design does not solve problems but rather “cuts through complexity” to deliver a better overall compliance experience. This in turn will make the company a better-run organization.

Another article in the same HBR issue by James de Vries, entitled “PepsiCo’s Chief Design Officer on Creating an Organization Where Design Can Thrive”, focused on PepsiCo’s Chief Design Officer Mauro Porcini. Porcini believes there are three key elements to embed design thinking in an organization’s culture. First there must be “the right kind of design leaders” because the discipline is so broad it requires a broader horizon than many traditional finance grounded or legal grounded corporate types possess. You need a leader with a “holistic vision who can manage all aspects of design in a very smart way.” Second, there must not only be senior management buy-in but active sponsorship because of the inherent resistance to change in any organization. Finally, there must be “as many external endorsements as possible – from a variety of entities” to demonstrate to your organization you are moving in the right direction.

HBR also featured an article by Adi Ignatius, entitled “How Indra Nooyi Turned Design Thinking Into Strategy”, which profiles the PepsiCo Chief Executive Officer (CEO) who brought Porcini into the company and sponsored his work. One of the things she talked about was the user experience for Pepsi customers. I thought about that concept in the context of a CCO or compliance practitioner. How often do we focus on the user experience in the compliance discipline? I think as we move towards CCO 3.0, we will need to do so to help burn compliance into the fabric of an organization.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2015