This week I am engaging in a week-long series on how a Chief Compliance Officer (CCO) or compliance practitioner might think about operationalizing a compliance program with other corporate functions and disciplines. I am joined in this exploration by Russ Berland, a well-known compliance commentator and practitioner who recently joined Dematic Inc., a Supply Chain optimization company, as it’s CCO. Today I want to discuss some of the obstacles you may face to operationalizing your compliance program and what you might do to overcome them.
Incentive and Metrics
It is often noted that what is incentivized in a corporation is what takes priority to be accomplished and what is measured is what gets done. This may mean that within your organization, performance metrics are creating corporate silos. Berland contrasted the overall benefits of compliance with more measured goals by noting, “If you’re talking about something that would have a long-term benefit to your group, benefit other groups, benefit the company itself, but not go into your performance evaluation, or to your group’s performance evaluation, those things tend to get shuffled to the bottom of the pile.” This can lead people to understand and even admit that overall compliance health is “a really good idea, we ought to pursue that, but I’ve got certain metrics I’ve got to meet today, and this week, and this month, and this quarter,” and those become the laser beam focus of the group.”
To overcome this short-term thinking, senior management must be able to give disparate functions within an organization, the guidance of strategies the business should follow. The creation of a compliance charter to provide roles, responsibilities and accountabilities is one response of a CCO. Such an approach could occur through compliance strategic planning with senior management so there exists a mission statement to guide the process going forward.
It can also lead to a matrix determination of who within an organization might be best suited to operationalize compliance within the company. Berland believes that by considering “who has ultimate responsibility? Who has accountability? Who needs to be consulted? Who needs to be informed?” you can create an effective and efficient way to determine where an operationalized issue may best be handled. Berland when on to point out, “When you have a written memorandum or understanding after you spend time building out a RACI, then it’s pretty easy. Just look on the matrix and go.”
From such a document, you can determine not only which corporate function should handle the area but also which corporate area should be held accountable going forward. This allows the compliance function to deliver as much assistance to the proper corporate function as is warranted. He cautioned this is not a static document but dynamic based on the issues which arise, stating, “It’s a constantly evolving document as new issues come up, or new problems or tasks come up.”
An even more pedestrian problem is corporate inertia as corporate employees simply get used to performing tasks the same way and it is too easy simply not to change. How many times have you, as a CCO or compliance practitioner, heard something along the lines of “But we have always done it that way”? Berland noted, “We tend to drill holes exactly where we’re standing. I don’t think of them as silos, I think of them as pits. You know? Everybody’s building their own foxhole and there’s no way of connecting them.” By this he meant that “if you’ve been doing the same task over and over again for two years, it’s difficult to see beyond that. Being able to kind of pull your head up and look around and say, “Wait a minute, there’s better ways of doing this,” that’s a real skill and not everybody has that in the same measure.” Operationalizing compliance may take some time because of this type of resistance but that is where the pizza comes in so handy. Both the pizza you previously bought and the pizza you will purchase going forward.
In many corporations, the front line or even second or third lines within an organization are simply too busy to consider adding compliance to their portfolios because they are so busy putting out the daily, weekly or larger fires which always seem to arise in the corporate world. There are some employees who simply lack organizational skills to do work in any other manner except constant firefighting but most often it boils down to a lack of resources. This can even impact the compliance practitioner who is trying to devolve their compliance portfolio into other corporate disciplines.
From the CCO or compliance practitioner perspective, Berland conceded “That’s got to be one of the toughest things there is for a compliance person, for two reasons: one is because there’s someone screaming that something has to happen immediately, and the second is those fires tend to be sort of the sexier events.” On the former Berland noted, “Executives have focused on this task and we need to be able to report to the board in two weeks on it. That’s the stuff that gets your adrenalin going, and so it’s certainly easy to do that.” An internal investigation can also meet this description, particularly if the compliance professional is a lawyer; investigations are simply more interesting.
When it comes to operationalizing compliance, through a thorough understanding of the root cause of the process, as Berland noted “When it gets to the harder part it’s the stuff that … Again, it tends to slip to the bottom of pile.” Execution is where the rubber meets the road in compliance and if you cannot put the appropriate controls in place to do compliance because you do not know what they should be or do not have time to perform a gap analysis and remediate them, it stops the operationalization of your program.
Tomorrow I will consider how a Human Resources department could operationalize a best practices compliance program.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2017