George KennedyGeorge Kennedy died this week. He was one of the few actors who went from playing tough guys to being a hit in comedies. According to his obituary in the New York Times (NYT), Kennedy played “vicious killers, bumbling lawmen, saddle tramps, bank robbers, scowling bullies – anybody you’d be foolish to mess with or trust in an emergency who played tough guys, oafs, G.I.’s and a bonanza of cowboys as one of Hollywood’s most versatile and durable character actors. He portrayed them all in more than 200 films and television productions in an acting career that spanned nearly five decades. He also won an Oscar as the best supporting actor of 1967 for his performance in the Paul Newman film “Cool Hand Luke”(pictured left).

In a late career twist he moved to ironic comedy starring in the “cult favorite “The Naked Gun: From the Files of Police Squad!” (1988) and its sequels, “Naked Gun 2 ½: The Smell of Fear” (1991) and “Naked Gun 331/3: The Final Insult” (1994), Mr. Kennedy played Capt. Ed Hocken, wincing and grimacing at the wreckage wrought by Mr. Nielsen’s bumbling Lt. Frank Drebin.” Sometimes to win all you need is a real cool hand.

One of the things Chief Compliance Officers (CCOs) and compliance practitioners face is how to scale up a compliance program for dramatic growth, which can occur organically and sometimes inorganically through acquisitions. However, in both situations a CCO, who is a single compliance resource for a company, may need to scale up quickly. A recent Harvard Business Review (HBR) article authored by Ranjay Gulati and Alicia DeSantola, entitled “Start-Ups That Last”, looked at this scalability issue in the context of start-ups.

I found that their insights could be useful for the compliance professional who might confront the issue. This is because scaling up your compliance function does not mean the CCO should disavow who is personable and accessible. Nonetheless you need to be prepared to manage that corporate growth and to learn new ways of operating and behaving. This will provide a stronger and more effective compliance program in the long term.

For a single source compliance functionary, who knows everyone and is accessible to everyone in the organization, it is sometimes difficult to begin to delegate out. The egalitarian nature of such an operation cannot be denied. Moreover, there tends to be consistency when one person makes the decisions. However this situation can lead to bottlenecks when there is simply too much work to do. The authors note, “organizations spin out of control as centralized authority becomes a bottleneck that hinders information flow, execution and decision making.”

Hierarchy is not always bad. The key is to put structures in place that remain flexible enough to keep the company moving forward in the right direction but does not discourage solo contribution. However, the CCO must work to keep from having too many layers in the decision making process while provided the second set of eyes and that any best practices compliance program requires. You should try to find the balance between formal structures with informal communications up and down your chain. Such a communication system can help streamline and make more efficient the process of compliance. Finally, this will help you to embed compliance within the fabric of your organization.

The next area the authors discuss is not one usually considered by a CCO or compliance practitioner. It is planning and forecasting with discipline. In the compliance realm, we usually will posit a risk assessment and use the results as a road map for a 1, 3 or 5 year game plan. However, if you can move from this process to more robust forecasting, you can have a framework in place that allows you to test how new compliance initiatives are received and also react more dynamically to the business market, “with an eye towards larger objectives and sustaining” compliance.

You need to begin with strategic planning. This is moving beyond simply ‘what I want to be when I grow up’ to regular goal-setting to build your long-term compliance vision for the company. You can sit down with your business lead counter-parts and ask what is there strategic vision for both products and markets? If they identify Brazil as a huge growth opportunity, then you will need to forecast out what their team will need from the compliance perspective. More pointedly, what processes and protocols can you put in place that will allow the business team to move into Brazil seamlessly, both on the operational and tactical level?

Here technology can be a real leg up for you and your compliance program. By using both data analytics and transaction monitoring, you can be more nimble to deliver a proscriptive compliance solutions going forward. Further, once a solution is determined you can then scale that solution companywide, as circumstances dictate. The authors note, “Setting clear goals and guidelines, systemically gathering and sharing information to shed light on performance and enable better forecasting, and creative processes instead of relying on key individuals” are all hallmarks that your program is running more efficiently.

A final area the authors consider is how to sustain a culture when scaling up. This is something near and dear to every CCO or compliance practitioner’s heart as we are motivated to do the most business in compliance with our company’s ethics and ethos. Obviously it will be important to sustain this cultural ethos during times of rapid growth. You must work to codify and then reinforce this cultural ethos going forward. Obviously a robust Code of Conduct and written compliance programs are important first steps but they must be reinforced in the face of rapid business and personnel growth. Indeed, it starts with the hiring process as your first touch point to communicate the company’s expectations around compliance and weed out those who may not have the same business ethics that you stand for going forward.

Equally important is to continue this communication, with founding members or senior executives of the company being ambassadors for compliance. This is more than simply good tone at the top. This is senior management holding town halls around your ethical culture, holding compliance moments and using social media tools to talk to and listen to employees about issues around compliance.

I once worked at a software company that held ‘Final Friday’s’ where employees could all get together and visit with senior management. Initially these were held weekly. However, as the company grew they were moved to monthly and then quarterly and even as they became less frequent, they actually gained in popularity because it not only reminded everyone of some far off nostalgic days that may never have actually existed but it allowed everyone to get together in a collegial atmosphere. You can try something like that through the social media tools of Blab or Periscope.

As a CCO who is the sole member of a corporate compliance department, you may have created something very special and unique. The authors end with the comment, “Between the extremes of ad hoc and prescriptive organizing, there’s a useful middle ground.” By moving towards this place, you, as the CCO, can make your company more nimble, more efficient and may well provide to your company a market differentiator.


This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2016