mose-allisonIt turns out that music can be a salve for pretty much any situation. This week I have used the music of recently deceased giants, Leonard Cohen and Leon Russell, to help get me through the first couple of weeks since the election. Unfortunately, we lost another great from the recording industry this week, whose music influenced multiple generations of musicians and songwriters, yet was hardly a household name. I refer, of course, to Mose Allison, a Southern infused jazz singer of what his New York Times (NYT) obituary called, “plain-spoken, pungently observant songs.”

Allison’s influence in musical circles was huge. His songs were recorded or covered by the likes of the following: Jimi Hendrix, The Rolling Stones, Tom Waits, The Yardbirds, John Mayall, J. J. Cale, Leon Russell and even The Clash. The Yardbirds and The Misunderstood both recorded versions of his song I’m Not Talking. Manfred Mann also recorded a version for the BBC. Of course, my personal favorite was The Who, which credited My Generation roots in Allison’s Young Man Blues, which in turn was a staple of their live performances. All I can say is there is some heavy music playing in the Great Beyond Club in the sky this week.

I continue what has now become a week-long explanation of why the compliance function in a corporation and the compliance profession in general is not going anywhere, even with the election of Trump as President and a full GOP Congress to ram its legislative agenda through unobstructed. Today the reason is driven by the business response to the legal requirements of laws such as the Foreign Corrupt Practices Act (FCPA). But more than simply the business response, it is the evolution of compliance programs from both the business and legal enforcement perspective. Just as compliance programs sprang up, grew and began to evolve and mature in the middle of the last decade; the sophistication of the regulators has also increased. We most clearly see this in the appointment of the Department of Justice (DOJ) Compliance Counsel, Hui Chen.

With her initial public remarks, in November 2015, at the New York University Program on Corporate Compliance and Enforcement, Chen provided insight into how she would consider the effectiveness of a compliance program. Her key point was companies should operationalize their compliance program by tying it to functional disciplines within your company. This means that Human Resources (HR), Payment, Audit, Vendor Management and similar corporate disciplines should be involved in the operation of your compliance program in their respective areas of influence. Then in April 2016 under the remediation prong, with the initiation of the DOJ Pilot Program around FCPA enforcement, the DOJ once again emphasized the operationalization of a company’s compliance program as a key metric in determining benefits under the program. You must actually be doing compliance going forward.

This evolution in the DOJ’s thinking and its sophistication of compliance program analysis is in clear response to how the market initially responded to the requirement to have a compliance program back in the 2004-time frame. More recently, each Deferred Prosecution Agreement (DPA), in Schedule C under the details of a best practices compliance program, has required the company to take “into account relevant developments in the field and evolving international and industry standards” in upgrading their compliance program. This requirement has led companies to keep abreast of best practices and continually evolve their compliance program forward. The DOJ in turn, has upped its game and now requires companies to operationalize compliance.

Compliance is a service within your organization, yet under the operationalized model, compliance is a profit generator for a business. Just as law departments generate business by doing transactions, compliance can be viewed as delivering services not only to the business unit but also third parties with whom the company does business. This means not only traditional transaction partners such as sales agents, representatives and distributors but also joint venture (JV) partners, teaming partners and others. Compliance can deliver compliance related services to these third parties as a profit center.

Doing compliance means doing business. There are multiple types of risks in a business; operational, regulatory and reputational, just to name a few. The effort to measure and then manage each of these risks can be led by the compliance function. The more efficiently these risks are measured (i.e. assessed) the more easily and efficiently these risks can be managed. This means that the business is not faced with a binary 1/0 or Go/No Go decision on risk but if compliance moved into measuring and the managing risk through the operationalization of compliance into the business unit; the process would help you to do business more efficiently and with greater profitability.

Compliance is a platform to make your company not only a better run organization but can also demonstrate the thoughtfulness and effectiveness of your compliance program should a regulator ever come knocking. This is because if you operationalize compliance into the fabric of your organization, compliance internal controls will touch every aspect of the employment experience in a way that is not obtrusive and will not slow down what you are trying to achieve.

Take compliance as a platform in HR. At every point in talent management, HR can insert compliance into the cycle. Those points include the pre-employment interview and screening, the interview process with progressively higher senior management, the initial on-boarding process, the quarterly, semi-annual or annual performance review, annual bonus review, assessment and award, promotions and even exiting of an employee. The platform of compliance can record each of these touch points and you now have an internal control burned into HR which is a compliance internal control. Further, if there is any attempt to circumvent or over-ride one of these HR internal controls involving the hiring of a son or daughter of a foreign governmental official, a red flag can be raised and sent to the compliance function for further review.

Compliance is a marketing platform. Some attention has been paid to the use of compliance as a recruiting and hiring tool for millennials. One of the facts of their generation is they want to work at companies which are seen to be doing business ethically, all the while making money. Moreover, as Ethisphere demonstrates annually with its World’s Most Ethical Company awards, businesses which win those awards, on average, exceed the New York Stock Exchange (NYSE) blue chip average for profitability. It will be interesting to see the results of ISO 37001 certification on financial profitability.

Compliance embraces public advocacy. The Volkswagen (VW) emissions-testing scandal is one of the largest corporate scandals of the past few years. One thing that makes the VW scandal so unique is that it is one of the few scandals where a company’s actions were so transgressive they damaged the reputations of its competitors. As a response to the VW scandal, Ulrich Grillo, President of the German industry association BDI, recognized that compliance is the answer. He urged companies to check their management processes, including compliance and control systems. He suggested one of the key questions to ask should be “Are we doing everything right?” When you have the President of a national industrial association saying compliance is the answer, you need to sit up and take notice.

As we move from the legal based model of compliance to the more mature understandings that compliance may best well be thought of as a business process, we begin to see how compliance can fit seamlessly into a business. This integration will allow a business to move more nimbly and with greater acumen. Compliance has been driven largely by legal requirements. The enactment of the FCPA in 1977, the implementation of the 1992 US Sentencing Guidelines, the passage of Sarbanes-Oxley (SOX) in 2002 and Dodd-Frank in 2010 have all led to development and innovation in compliance. Now the DOJ is moving the bar again by talking about the operationalization of compliance and this development will continue to advance the corporate compliance function. When the regulators come to recognize and indeed advocate the business application of a legal solution, that solution will not go away but will continue to grow.


This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2016