Joseph Wiseman, was most famous for his role in the first James Bond film adaptation, playing the title character of Dr. No. In the compliance world, Dr. No is famous for many a business development (BD) specialists’ moniker of a compliance professional, that being “Dr. No from the Land of No”. Yet the character Dr. No was innovative, brilliant and marvelously evil, all the while originating a series of ruthless and diabolical Bond villains which continues up to this day.

How agile is your compliance program? How does this fit into the operationalization requirement laid out in the Department of Justice’s (DOJ) Evaluation of Corporate Compliance Programs (Evaluation)? While many have argued that compliance programs should lead to greater productivity and efficiencies, it may be that agility is equally critical. How often do you consider agility in the context of your compliance regime?

Agility begins with the ability to adapt and change to ever evolving business circumstances. The key to having such agility at the corporate level is a robust risk management process; consisting of forecasting, risk assessment and risk based monitoring. Jonathan Marks, a partner in the firm of Marcum LLP, said the following about risk assessments in his 13-step FCPA Compliance Action Plan, “A comprehensive assessment of the potential bribery and corruption risks – both existing and emerging risks – associated with a company’s products and services, customers, third-party business partners, and geographic locations can serve as the basis for the compliance program. The risk assessment determines the areas at greatest risk for FCPA violations among all types of international business transactions and operations, the business culture of each country in which these activities occur, and the integrity and reputation of third parties engaged on behalf of the company.”

It is through the understanding of these risks that allows a company to be agile. If you understand the risks, you can manage them through adequate monitoring more efficiently and at a level closer to your businesses front lines. A recent article by Andrew Hill in the Financial Times (FT) entitled “The drive for success: Michelin’s revolutionary experiment in trust provides some interesting fodder on how a company might drive such agility to increase efficiencies. The Michelin initiative was around the manufacture and sales of tires but I found it had several important insights into the compliance space.

The Michelin program is named responsabilisation and it is designed to shift responsibility to the company’s workers. An example Hill provided was that a “team plans production a week in advance, deciding how it should organise itself to meet targets and absorb absences. As a by-product, staff solve safety problems and cut waste more quickly.” This is the essence of risk management systems.

It all started with trust. It was trust that the workers knew what they were doing and, if given the right tools, they could plan out the details of the manufacturing process. Barbara Brooks Kimmel and her entity Trust Across America continually articulates the need for trust in business and the Hill piece reinforces that point yet again. Here the trust is that the team leader will trust the workers to get it right. This does not mean there is no oversight but it does mean managers do not micromanage. It also means there are metrics which can be verified by managers in an oversight role. It is mixture of both empowerment and accountability.

What are some of the benefits Michelin has observed? Hill reports these included “team agreement; shared knowledge; improving results; pride; team’s leaders trust”. Moreover, it allows the front-line business and other corporate functions to become more directly engaged in the doing of compliance. This is the very essence of operationalizing compliance. It is moving compliance down into the heart, fabric and DNA of your company.

It also allows a more holistic approach to compliance as each function discipline within an organization integrates compliance into their day-to-day operations. Consider the lifecycle of the employment relationship which Human Resources (HR) oversees. Not only does HR have more touchpoints to discuss corporate values, culture and compliance but you can further operationalize compliance into HR by having internal controls from the compliance perspective. If you are going to hire the family member of a foreign government official, such hiring decisions must be going through the regular hiring process without an exception being granted for a family member who does not meet your standard hiring requirements. If an exception is granted it must be explained in writing and have appropriate management and compliance oversight and sign-off going forward. If a red flag appears, such as a top regional BD person lobbying for such a candidate to be hired, a Chief Compliance Officer (CCO) should determine if there is contract or other business advantage the company is seeking to obtain through the hiring of the family member.

For the CCO or compliance practitioner, it means that in addition to oversight, there should be a focus on long term compliance strategy. Jean-Dominique Senard, the Michelin’s chief executive explained, “It’s not about delegating everything. Big strategic decisions are taken at the appropriate level. It’s not too much to do with self-management…it’s independence in a strategic framework.” For a CCO, this could be decisions about more or greater technological developments and tools or it could be greater efficiencies in the risk management process.

Just as Michelin had to overcome resistance to its responsabilisation program you may face push-back as well from groups who do not believe in the basic premise that a compliance based initiative will improve business agility and from those who do not understand how it all will tie together. This will require education from both compliance and management. It will also require front line BD folks to trust that management will support them with oversight and not micro-management or pronouncements from “Dr. No from the Land of No”.


This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2017