Today I consider the first ‘new’ Star Wars movie entry, Episode VII – The Force Awakens. I say it is a new Star Wars movie as it was the first one not created by LucasFilms, as George Lucas had sold his company to Disney, which produced the 2016 entry into the Star Wars oeuvre. It was directed by JJ Abrams and told the story of the Star Wars universe some 30 years after the destruction of the last Death Star.  It is this disruptive nature of the Star Wars franchise that I will focus on today as it relates to disruption innovation in compliance.

The film introduced several new characters: Rey, Finn and Poe Dameron, Kylo Ren and the First Order, the successor to the Galactic Empire. The film was largely one giant search for Luke Skywalker who had gone into isolation after his failure to re-establish the Jedi order. In addition to introducing the new characters, we are reunited with Han, Chewbacca and Princess Leia, who is now General Leia Organa. The First Order has developed new weapon, Starkiller, a deliciously worthy successor to the Death Star; the Rebel Alliance majorly disrupts the weapon and the First Order by destroying it, in the film’s climactic battle.

One of the key things the Department of Justice (DOJ) has communicated over the past few months is the importance of doing compliance rather than having a paper compliance program in place. In releasing the new Foreign Corrupt Practices Act (FCPA) Corporate Enforcement Policy, the DOJ emphasized the clear delineation of factors they will consider in determining if a company has an operationalized best practices compliance program in place in the context of a FCPA enforcement action. All of this has required disruptive innovation in compliance beyond the simple paper compliance program which until recently was seen as the norm.

All of this was driven home to me in an article I read in the Harvard Business Review (HBR), entitled “Disruptive Innovation?, by Clayton M. Christensen, Michael E. Raynor and Rory McDonald. The authors were concerned that much of the commentary around the phrase ‘disruptive innovation’ were “in danger of losing their usefulness because they’ve become misunderstood and misapplied.” To answer this critique, the authors revisited the central tenets to the theory and how it had developed over the past 20 years. In doing so they detailed three key elements of disruption theory, which fit the compliance context.

The first is that compliance is a process. While this may seem as about the most self-evident statement one can make, I was recently contacted by someone who wanted an ‘off the shelf’ compliance package. They wanted me to do a couple of interviews of senior management and then put in some canned software program so they could claim they had a compliance program.

This attitude demonstrates the continuing battle the DOJ and Securities and Exchange Commission (SEC) face when communicating their expectations around compliance programs. Compliance programs should evolve as business risks change. Just as disruptive innovation tends to focus on process, your compliance program should focus on your overall business process to be successful.

The second key point is that Compliance 3.0 is very different from compliance programs of the past decade. As compliance programs have matured and the structural changes brought about in the Compliance 2.0 model, as articulated by Donna Boehme and others, have now moved on to Compliance 3.0 where compliance is put into the fabric of an organization. The compliance function is moving from a solutions shop where all compliance functions are centered in the legal or compliance department to a process function where the front-line business team can use technology and other tools to operationalize compliance. The 2017 Evaluation of Corporate Compliance Programs focused on how well a company operationalizes compliance into the business functions. The authors point to new business models as disruptive and I think this concept translates into how compliance can be burned into the DNA of an organization rather than simply sitting in the corporate office in the US.

The third point is that not all disruptive innovations succeed. Here the authors write that disruption is only one step in both the creative and growth process. For the compliance practitioner, I think the key concept is what former SCCE President Roy Snell says are the three goals of any compliance program; to prevent, find and fix issues. You could also plug in here McNulty’s Maxims (What did you do to prevent it? What did you do to detect it? What did you do after you found out about it?). This is how compliance differs from legal, whose job is to protect the company; from compliance whose mission is to monitor, obtain the data and then use the data as a feedback loop back into the company.

Disruption innovation has come to the compliance arena. One of the best examples is Louis Sapirman, the Chief Compliance Officer (CCO) at Dun & Bradstreet, who has incorporated not only social media tools but also the concepts of 360-degrees of communications into his company’s compliance program. Another that springs to mind is Patrick Taylor, Chief Executive Officer (CEO) of Oversight Systems, who talks about seeing patterns in raked leaves as an analogy for the use of data in an organization.

As many compliance practitioners are lawyers, we are naturally reticent to embrace such change, however I think the pronouncements of the DOJ throughout the year have made even clearer the need for continued evolution of anti-corruption compliance going forward. In The Force Awakens, there were numerous disruptions. We saw the death of one of the most beloved characters in the series, Han Solo, the growing awareness by Rey of her powers and the return of Luke Skywalker. It totally disrupted the First Order and destroyed its most lethal weapon.

I hope you will be able to see The Last Jedi this weekend or sometime soon. Always remember as a compliance professional, the power of storytelling for your compliance message. To further demonstrate how well Star Wars can help to illustrate and inform compliance, Jay Rosen and I will celebrate the premier of the latest Star Wars movie, with a five-day podcast series next week May the Podcast Be With You.  A new episode will post daily at noon each day next week, where you can join us as we continue to explore the intersection of Star Wars and compliance, this time in the podcast format.

May the Force be with you.

Over on Compliance Building, Doug Cornelius is also leading up the premier of The Last Jedi with his own series on compliance lessons from Star Wars. Check it out.


This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2017