With the release of their Evaluation of Corporate Compliance Programs (Evaluation) in February, the Department of Justice (DOJ) emphasized yet again the importance of actually doing compliance and not simply having a paper program in place. The term which has come to the forefront is operationalization of compliance. The Evaluation followed the concepts around best practice compliance programs as articulated in the FCPA Pilot Program Guidance, released in April 2016. Following the Evaluation provides a legal reason for operationalization.
Today, I begin a week-long series on how a Chief Compliance Officer (CCO) or compliance practitioner might think about operationalizing a compliance program with other corporate functions and disciplines. I am joined in this exploration by Russ Berland, a well-known compliance commentator and practitioner who recently joined Dematic Inc., a Supply Chain optimization company, as it’s CCO. Today I want to articulate the business advantages for operationalization of compliance into a business.
The Evaluation, under Prong 2, asks the following questions, “Shared Commitment – What specific actions have senior leaders and other stakeholders (e.g., business and operational managers, Finance, Procurement, Legal, Human Resources) taken to demonstrate their commitment to compliance, including their remediation efforts? How is information shared among different components of the company?” Under Prong 4, the following questions are found, “Responsibility for Integration – Who has been responsible for integrating policies and procedures? With whom have they consulted (e.g., officers, business segments)? How have they been rolled out (e.g., do compliance personnel assess whether employees understand the policies)?”
Obviously, companies are in business to make a profit. But more than simply making a profit a company desires to continue to do business, preserve its value and, from the compliance perspective, not lose value due to compliance issues; including the failure to prevent, detect, to remediate issues. Yet when these goals are attempted solely by a compliance function, it will not reach its full potential because the compliance reach is not broad enough or deep enough to place it entirely across and through the breadth and scope of a multi-national organization.
Yet these limitations provide the opportunities to do so. More importantly, this same set of limitations also provides a company with a business solution which creates greater efficiencies within an organization. These efficiencies include the effective use of people and resources. It allows those with skills do the work with non-duplication of efforts. More gaps are filled and the converse is also true that fewer gaps are missed. Finally, these efficiencies include the leveraging of local resources and subject matter experts (SME’s) within an organization.
How does a CCO begin to operationalize compliance within an organization? It all begins with breaking down silos, through communications. Berland believes “the biggest obstacle is the same thing that faces us whatever we’re dealing with in corporations. It is if the relationships are not there; if the trust is not there; if the understanding of both what the other person is doing, how you can mutually benefit each other; if those are lacking then the opportunity to create these efficiencies, create effectiveness, create reach, all the things that this kind of cooperation entails, it’s very hard to get past that.” To overcome this lack of trust and structure defect of too many and too deep a silo, Berland noted, “the most effective compliance tool out there is pizza. Because when you are trying to build out these relationships and network … I’ve bought a lot of pizza in my time. It is about sitting down with people, and getting to know them, and building relationships. It’s not some sterile “My box is going to connect to your box,” it’s “This guy is going to get to know this guy and we’re going to make it work.” It’s really about relationships and communication.”
Berland termed many of these concepts as simply “old-school management stuff” yet it is still an effective way to think about operationalizing compliance. Many corporate disciplines have areas which are squarely within their core functions and compliance could utilize their talents and expertise to more effectively inculcate compliance into the fabric of an organization, yet in ways not often considered by a CCO or compliance practitioner.
Consider the role of Human Resources (HR) for anti-retaliation of whistleblowers. Obviously, no corporate function has more touchpoints in the employment lifecycle than HR. Berland related, “HR has a great opportunity is often when there’s a whistleblower involved, and there is some concern that there’s going to be retaliation for the whistleblower. Because, as we know, a lot of investigations into the identity of the whistleblower is either found out or guessed at by people who are being investigated. That HR person is the most likely one to be able to recognize retaliation.”
Through operationalization among the corporate functions, a CCO or compliance practitioner can pursue both the legal requirement for operationalization and the business opportunity to create greater process efficiencies for the company. When you consider this approach, it is the best use of resources within an organization. This can facilitate a compliance interaction by a SME but more importantly allows the person with the decision making and reporting obligation to put compliance at the forefront of the business. Overall, a company can realize business efficiencies because by breaking through typical corporate silos, the organization does not have two or three different departments with the attendant personnel unknowingly doing the same tasks.
When you can wed the cauldron of legal requirements to the brew of increased business efficiencies, you begin to put in place a superior business system. All of this works in your favor if your company becomes embroiled in a Foreign Corrupt Practices Act (FCPA) investigation. By demonstrating more integration of compliance into the business of your company, you can demonstrate to the government your commitment to and actual operationalized compliance program. When a solution has both business and legal benefits it works for the greater good across a wider variety of spectra.
Tomorrow I consider some of the obstacles you may face when operationalizing your compliance program and what steps you might consider to overcome them.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2017