Innovation 4What is the intersection of innovation in your compliance program and the requirements of an effective compliance program? I find the answer to be found in Hallmark 10 of the Ten Hallmarks of an Effective Compliance Program set forth in the 2012 joint Department of Justice (DOJ)/Securities and Exchange Commission (SEC) FCPA Guidance. Hallmark 10 states, “Finally, a good compliance program should constantly evolve. A company’s business changes over time, as do the environments in which it operates, the nature of its customers, the laws that govern its actions, and the standards of its industry. In addition, compliance programs that do not just exist on paper but are followed in practice will inevitably uncover compliance weaknesses and require enhancements. Consequently, DOJ and SEC evaluate whether companies regularly review and improve their compliance programs and not allow them to become stale.”

This ties directly into the articulations of DOJ Compliance Counsel, Hui Chen, when she discussed the operationalization of your compliance program. This means putting compliance into the fabric of your organization. Today, I want to discuss some techniques to innovate in your compliance function which fit directly into this Hallmark.

There are many ways to bring innovation to your compliance program. One of the more cost effective ways to do so is through the continuous improvement technique of internal inspection. Ben Locwin, a well-known Healthcare Industry Thought Leader, Author, Director at Biogen and compliance expert, discussed this method of innovation and other topics in a recent podcast the on the FCPA Compliance and Ethics Report, Episode 266.

Locwin cited to James Womack, founder of the Lean Institute, for the maxim, “Different isn’t always better, but better is always different.” He went onto to explain how innovation can come from a number of ways, some of which could be to reflect on your approach and then refine your process from that starting point. Another way Locwin expressed it was “We have a problem. Let’s not run away from it. Let’s embrace it.”

What you are really doing is looking at your program from the inside out. Locwin advocates beginning with such questions as “What can we do better? What can we do next?” He went on to explain “you’re looking for examination from an external and not an internal prospective. Internal perspectives tend to follow along the quotas. If you always do what you always did, then you’ll always get what you always got.” He went on to say “continuous improvement approaches benefit most from” its “frequent exposures to radical change.”

It is the willingness of the entity to look at itself that is the key to continuous improvement. Locwin said that while “typically these things come from external pressures and not from internal, incremental changes. It really takes a step back, and maybe several steps back to say, what are we actually trying to do, and are we reaping the value that we’re intending to get out of what we have. If we’re not, then we should look for this really systemic overhaul of things, and not just try to tweak a little thing here and a little thing there.”

Locwin provided the example of a root cause analysis, which is typically used after an incident to determine what happened to assess blame, can actually be used to strengthen the prevention prong of your best practices compliance program. He said that a company must “allow themselves that freedom to appraise things that have gone wrong and then address them rather than just saying, “Well, you know we had someone who made a mistake, let’s fix the person or get rid of the person. But really it’s about, let’s understand what’s actually happening here because, for the most part, people are not willfully ignorant and they try to do the right things, so it could just be that there was some clarity issues with how they understood their role or their work for otherwise.”

Locwin explained that a root cause analysis should not be used just simply to determine fault but, “It really should be a way to learn more about the process and what’s going wrong so that the systems and process itself can be changed because there is a thinking in the field which basically centers around the theme of, unless you have changed the process, then you’re going to keep getting similar or the same results.”

As Locwin further explained, “Until you change the process and the systems, you can basically expect that you’re going to have some sort of output that is going to repeat itself over and over again. That’s where finding blame doesn’t necessarily help and really you want to get deeper into those root causes. That’s, frankly, why it’s caused root cause analysis, so that you can drill down below the superficial pieces of the framework to fix, and into the things that are actually driving the outcomes and the behaviors.”

In the healthcare arena, the practice is called Corrective Action and Preventive Action (CAPA). Locwin noted, “when a root cause analysis is done, it really principally is there in order to develop preventive actions. A preventive action is something which by its name is to prevent recurrence of the problem. You can correct with a correction action, but ultimately what you’d like to do is to engineer out or somehow or other fix the system and processes where you don’t have the opportunity for that flaw to occur again. That’s really the preventive action approach.”


This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2016