Design thinking is another innovation which can help the Chief Compliance Officer (CCO) move forward in a cutting-edge manner to make a compliance program not only more robust but also operationalize it into the fabric of the company. Such a mechanism would help to drive compliance into the operational nature of a company, which is where the latest pronouncement from the Department of Justice (DOJ), in their Evaluation of Corporate Compliance Program suggest a company should take their compliance regime.

Design Thinking can bring innovation in a number of ways to your compliance program. Jon Kolko discussed this innovation in a Harvard Business Review (HBR) article entitled “Design Thinking Comes of Age. Kolko’s insight that, “the approach, once used primarily in product design, is now infusing corporate culture” is one that any CCO or compliance practitioner can use in redesigning your compliance program for your internal customers, i.e. your employees and third parties that may fall under your compliance program. All of these groups have a user experience in doing compliance that may be complex and interactive. You need to design a compliance infrastructure to the way people work so that doing compliance becomes burned into the DNA of a workforce.

The first component of design thinking is to focus on the users’ experience with compliance. Kolko stated that designers need to focus on the “emotional experience” of the users; he explained that this concerns the “(… desires, aspirations, engagement, and experience) to describe products and users. Team members discuss the emotional resonance of a value proposition as much as they discuss utility and product requirements.” For the compliance function, this could be centered on the touch points the employee base has with the compliance function and that this should be “designed around the users’ needs rather internal operating efficiencies.”

The next step is to create something design thinkers use called “design artifacts”. While this is usually thought of as a physical item they can also be “spreadsheets, specifications, and other documents that have come to define the traditional organizational environment.” Their use is critical because “They add a fluid dimension to the exploration of complexity, allowing for nonlinear thought when tackling nonlinear problems.” Whatever the compliance practitioner may use, Kolko said, “design models are tools for understanding. They present alternative ways of looking at a problem.”

The next step is to “develop prototypes to explore potential solutions.” In others words, build a part of your system and test it from the users’ perspective. Here the author quoted innovation expert Michael Schrage for the following, “Prototyping is probably the single most pragmatic behavior the innovative firm can practice.” I think this is because “the act of prototyping can transform an idea into something truly valuable” through use, interaction and testing. Simply put, prototyping is seen as a better way to communicate ideas and obtain feedback.

While it may initially sound antithetical to the CCO or compliance practitioner, a key component for design thinking is a tolerance for failure. I realize that initially it may appear that you cannot have failure in your compliance program but when you consider that design thinking is an iterative process it becomes more palatable. Kolko quoted Greg Petroff, the chief experience officer at GE software, about how this process works at GE, “GE is moving away from a model of exhaustive product requirements”, adding “Teams learn what to do in the process of doing it, iterating, and pivoting.”

However design thinkers must “exhibit thoughtful restraint” when moving forward so that they can have deliberate decisions about what processes should not do. This means that if a compliance process is too complicated or requires too many steps for the business unit employee to successful navigate, you may need to pull it back. I like the manner in which Kolko ends this section by stating that sometimes you lead with “constrained focus.”

Kolko ended his article by noting three challenges he sees in implementing design thinking, which I believe apply directly to the CCO or compliance practitioner. First is that there must be a willingness to accept more ambiguity, particularly in the immediate expectation, for a monetary return on investment. A more functional or better compliance system design may not immediately yield some type of cost savings but it may be baked into the overall compliance experience. Second, a company must be willing to embrace the risk that comes from transformation. There is no way to guarantee the outcome so the company leaders need to be willing to allow the compliance function to take some chances in directions not previously gone. Third is the resetting of expectations as design does not solve problems but rather “cuts through complexity” to deliver a better overall compliance experience. This in turn will make the company a better-run organization.

Kuldeep Singh, writing in the SCCE magazine Compliance and Ethics, in an article entitled “Design Thinking: Creating an ethics-based compliance governance solution”, helped to put some flesh on these concepts. I found a key insight from Singh was that rather than simply concluding that violations of anti-corruption laws such as the Foreign Corrupt Practices Act (FCPA) were engaged in by bad actors, it is rather good people doing bad things such as engaging in bribery and corruption.

Using design thinking to improve your compliance regime by building from the ground up rather than a legalistic top-down approach favored by most lawyers. For Singh, it all starts with the employees, not simply the problem. So you begin by asking questions, lots of questions. From this point he suggests that you formulate the proposed solution as a “problem statement”.

From this point, you are ready to begin brainstorming to come up with some solutions. There are four steps Singh lays out. First is to “state the problem to be solved with enough clarity of specificity.” The second is to “identify the objectives of the problem solution.” The third step is to “generate alternative solutions and create a list of alternatives prior to having a group discussion.” And finally, you end with collectively generating alternative solutions.

The final step is to test the proposed solutions, or as Singh puts it “test, test, prototype and test again.” The key is to avoid prejudgments so he advises to “let the tester interpret the prototype” and obtain their feedback. It is incumbent to iterate through the process multiple times, which allows you to narrow the scope of the solution and to “move from working on broad concepts to nuanced details.”

Singh puts this design thinking protocol to use to help create a more effective ethics and compliance training model. He uses employees to provide the initial input to improve its effectiveness and relevance to the front line employees. The compliance team then implements several proposed solutions until the most operative one or ones becomes apparent. These are then rolled out companywide for better and more effective compliance training. As the entire process is documented, when the regulators, such as the DOJ or Securities and Exchange Commission (SEC), come knocking, you will have the ability to not only explain your training but also demonstrate its effectiveness. 

Three Key Takeaways

  1. Design thinking concepts are not simply for product innovation but for culture innovation as well.
  2. Design thinking works around the users’ needs rather internal operating efficiencies. For a compliance program, this means employees, third parties and customers.
  3. Design thinking works to improve your compliance regime by building from the ground up rather than a legalistic top-down approach.


This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights on Demand for FCPA, operationalizes your compliance program. For more information, go to