It has been nearly 18 months since the Department of Justice (DOJ) released its Evaluation of Corporate Compliance Programs (Evaluation) document and to operationalize became a by-word in compliance. While most compliance practitioners have considered operationalization of compliance to be more top-down driven, there is another way to look at operationalization and another approach to take in thinking through burning compliance into the fabric of your organization. That is design thinking.

In a 2015 article by Jon Kolko, entitled “Design Thinking Comes of Age, heposited, “the approach, once used primarily in product design, is now infusing corporate culture.” For the Chief Compliance Officer (CCO) or compliance practitioner this means recognizing your customers, i.e. your employees and third parties, that may fall under your compliance program. All of these groups have a user experience in operationalizing compliance that may be complex and interactive. As a CCO, you will need to design a compliance infrastructure to the way people work so that operationalized compliance becomes burned into the DNA of a workforce.

The first component of design thinking is to focus on the users’ experience with compliance. Kolko stated that designers need to focus on the “emotional experience” of the users; he explained that this concerns the “(… desires, aspirations, engagement, and experience) to describe products and users. Team members discuss the emotional resonance of a value proposition as much as they discuss utility and product requirements.” For the compliance function, this could be centered on the touch points the employee base has with the compliance function and that this should be “designed around the users’ needs rather internal operating efficiencies.”

The next step is to create something design thinkers use called “design artifacts”. While this is usually thought of a physical item they can also be “spreadsheets, specifications, and other documents that have come to define the traditional organizational environment.” Their use is critical because “They add a fluid dimension to the exploration of complexity, allowing for nonlinear thought when tackling nonlinear problems.” Whatever the compliance practitioner may use, Kolko said, “design models are tools for understanding. They present alternative ways of looking at a problem.”

The next step is to “develop prototypes to explore potential solutions.” In others words, build a part of your system and test it from the users’ perspective. Here the author quoted innovation expert Michael Schrage for the following, “Prototyping is probably the single most pragmatic behavior the innovative firm can practice.” I think this is because “the act of prototyping can transform an idea into something truly valuable” through use, interaction and testing. Simply put prototyping is seen as a better way to communicate ideas and obtain feedback.

While it may initially sound antithetical to the CCO or compliance practitioner, a key component for design thinking is a tolerance for failure. I realize that initially it may appear you cannot have failure in your compliance program but when you consider that design thinking is an iterative process it becomes more palatable. Kolko quoted Greg Petroff, the Chief Experience Officer at GE Digital, about how this process works at GE, “GE is moving away from a model of exhaustive product requirements.” Kolko added, “Teams learn what to do in the process of doing it, iterating, and pivoting.”

However design thinkers must “exhibit thoughtful restraint” when moving forward so that they can have deliberate decisions about what processes should not do. This means that if a compliance process is too complicated or requires too many steps for the business unit employee to successfully navigate, you may need to pull it back. I like the manner in which Kolko ends this section by stating that sometimes you lead with “constrained focus.”

Kolko ended his article by noting three challenges he sees in implementing design thinking, which I believe apply directly to the CCO or compliance practitioner. First is that there must be a willingness to accept more ambiguity, particularly in the immediate expectation, for a monetary return on investment. A more functional or better compliance system design may not immediately yield some type of cost savings but it may be baked into the overall compliance experience. Second, a company must be willing to embrace the risk that comes from transformation. There is no way to guarantee the outcome so the company leaders need to be willing to allow the compliance function to take some chances in directions not previously gone. Third is the resetting of expectations as design does not solve problems but rather “cuts through complexity” to deliver a better overall compliance experience. This in turn will make the company a better-run organization.

James de Vries, in an article entitled “PepsiCo’s Chief Design Officer on Creating an Organization Where Design Can Thrive”, focused on PepsiCo’s Chief Design Officer Mauro Porcini. Porcini believes there are three key elements to embed design thinking in an organization’s culture. First there must be “the right kind of design leaders” because the discipline is so broad it requires a broader horizon than many traditional finance grounded or legal grounded corporate types possess. You need a leader with a “holistic vision who can manage all aspects of design in a very smart way.” Second, there must not only be senior management buy-in but active sponsorship because of the inherent resistance to change in any organization. Finally, there must be “as many external endorsements as possible – from a variety of entities” to demonstrate to your organization you are moving in the right direction.

In design thinking, the key concept is the user experience. How often do we focus on the user experience in the compliance arena? If there is one concept to work towards the operationalization of compliance through, it is with design thinking. Why not try it for your next compliance initiative?

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2018