Some of the most interesting innovations in compliance come from folks who do not have a background in either compliance or legal training. I have found it is because their perspective is so different that they spot things that we legally trained compliance professionals often do not spot. That insight was reinforced when I recently interviewed Thomas Sehested, co-founder and Chief Executive Officer (CEO) of GAN Integrity Inc., (GAN) for an upcoming podcast series, sponsored by GAN. Sehested has been a world champion Windsurfer, became a tech entrepreneur in the antipiracy world and now works in the compliance space.

While in business he had felt (like many business folks) that compliance was the Land of No and Chief Compliance Officers (CCOs) largely inhabited as Dr. No. Yet when he looked more closely into the compliance space he saw a profession that had been largely lawyer driven yet seemed to be more focused on business process, something that lawyers are certainly not trained for nor have the tools to accomplish. Moreover, the breadth and scope of requirements for a corporate compliance function are almost endless as it literally touches every other corporate discipline.

I found Sehested’s insight very interesting, that compliance professionals are faced with a pretty rigorous set of things that they need to live up to, “it’s really kind of a minefield in terms of what they need to focus on as a team”. However, he felt they lacked the tools to do this efficiently. He also saw “very small teams, two or three people, managing compliance for thousands of employees and thousands of third-party vendors.” To actively manage this number of persons and entities without a technological solution is well-nigh impossible. Sehested saw an opportunity to create technological solutions to remedy this anomaly. This is what he set out to do when he created GAN. Sehested not only wants to put more technological solutions in the hands of the compliance professional to manage the tasks they have at hand but also give them methods to present that information to senior management and the Board of Directors.

I asked Sehested what a compliance professional might consider to focusing on initially from a tech standpoint. Interestingly, he noted that even with the wide range of company sizes and industry foci, “you want to look at what you do on a day to day basis and automate that so that you, as a compliance professional, can focus on what you’re good at and that’s making the strategic decisions about how your company should handle compliance. It should not be about chasing people down and making sure that they filled out their questionnaires and trainings.

This means you should consider automating the typical administrative tasks which fill so much of our day-to-day work. Sehested believes “All of that should be automated. If you have a lot of third-party vendors, you should make sure there’s a solid system in place to deal with the vast majority which do business in compliance. In that way, you can use your bandwidth to deal with the few rotten eggs that are likely to kind of float to the top.” The same is with employees from the compliance perspective, you should be “focused and dedicate your attention to where it’s needed. You need something to present you with the daily view of your organization from a compliance perspective to make sure you can dedicate your time to that.” The bottom line is that a compliance professional should consider the work they are doing today and see what can be automated.

I found Sehested’s perspective quite thought-provoking. As a compliance professional you should assess what is in your portfolio that can be automated for greater efficiency. By starting here, you can put together a business case about how a tech solution will save your organization money right out of the gate. From there you can move to higher level functions and duties in your department. This approach also has the benefit of incremental process improvements. You are not reinventing the compliance wheel in your organization but rather improving the business process. That is something that not only senior management and the Board looks for but the regulators as well.

From a more strategic approach, a compliance professional might consider Edward Deming’s well-known adage, “In God We Trust, all others bring data.” By using a tech solution to move a compliance function away from mundane administrative tasks, you begin to create a culture around data. This weans a corporate compliance function from the legalistic approach, largely taught in law schools, to an evolving business process approach.

From this perch it is easy to see that all the data flowing through (or at least should flow through) a compliance function. It can range from employee gift, travel and entertainment (GTE) spend, charitable donations, commissions paid to third-party sales agents, corporate social responsibility (CSR) information, marketing spend and overall sales figures. If this amount of data can be accessed and then analyzed, you would have a well-spring of information to make your company run more efficiently.

It all begins with multiple sources of data which flow through the compliance function but moves from there. If someone actually looked at the data, you could see where the inefficiencies in your own sales process were and actually increase efficiencies in your sales process. With such data, the compliance function could partner with other corporate functions to help determine greater business efficiencies, all while maintaining and even enhancing a corporate culture around doing business ethically and in compliance. A corporate compliance function should be closely aligning with multiple other departments, sales, procurement, finance and internal audit to name a few. Yet even the work with outside stakeholders, such as third-part sales agents or distributors, can be a part of this regime by sending out questionnaires and communications around compliance.

The opportunities for the compliance function to improve overall business efficiencies are only beginning to be appreciated. Moving from the legalistic approach to a more data driven business process is what the Department of Justice (DOJ) intoned in its 2017 Evaluation of Corporate Compliance Programs (Evaluation). As compliance programs and the compliance function continue to evolve into the 2020’s; those who are truly innovative will use the data to help drive business ethics. Having insights from someone outside the compliance space, such as Thomas Sehested, can help drive that innovation.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2018