Willie ‘Stretch’ McCovey died this week. For anyone who grew up watching baseball in the ‘60s or ‘70s, McCovey was about as close to ‘The Man’ as anyone could be. Tall and lanky, he hit some towering, massive and mammoth home runs for the San Francisco Giants, in the old Candlestick Park. According to his New York Times (NYT) obituary, he was “Known as Stretch for his 6-foot-4-inch, 200-pound frame and his long arms, McCovey was a fearsome left-handed pull hitter.” He hit 521 home runs in his career (when 500+ home runs meant something). Yet he may be most famous for one he did not hit. He also introduces today’s topic of embedding compliance.
In the 1962 World Series, the Giants were playing the Yankees. With the Yankees up 1-0 with two outs in the 9thinning of Game 7, McCovey came to the plate with runners on 2ndand 3rdbase. “He ripped the ball, but second baseman Bobby Richardson was standing in exactly the right spot and snared it chest high.” McCovey said after the game, “One foot higher, or either way, and I guess I would have been a hero.” Even Charlie Brown bemoaned this out in his comic strip, as “That December, Charles M. Schulz voiced his sympathy for McCovey in a “Peanuts” comic strip. Charlie Brown sits, hands on chin, through three panels, then lifts his head and asks, “Why couldn’t McCovey have hit the ball just three feet higher?”” There was Mantle and Maris, but for us National League (NL) following mavens, it was always Mays and McCovey.
McCovey’s career (and one noted failure) inform today’s blog post on how to more fully operationalize your compliance program. It all begins with setting up a process which is fully documented and is fully auditable. While many businesses will use their first available dollars on Research and Development (R&D), new product or service offerings, QA/QC or a similar exercise, this is short-sighted as many compliance issues can grind businesses to a halt as expeditiously as a safety hazard or on-site workplace injury. However, the landscape is changing from traditional and omni-present corporate scandals to more cross-cultural movements such as #MeToo. Now the unfortunate thing about this reality is that the landscape is unlikely to change unless we, the participants and practitioners of this, make the change. I believe that by operationalizing compliance you can achieve many significant stakeholder goals.
As a Houstonian, living on the Gulf Coast, I am often reminded of the apocryphal story about the homeowner who purchases flood insurance aftera hurricane hits his hometown. The insurance industry exists in order to insulate oneself or an entity from risk. Yet the all-too-human reaction of waiting until after the event to purchase the insurance to protect you from the event is absolutely contrary to the whole notion of how insurance works. Unfortunately, this is often the same for a compliance program. If you are not operationalizing compliance and making it a key part of the business equation you are simply planning to fail. Compliance maven and guru, Ben Locwin has stated, “On average there will be a compliance gap of note, whether it’s relatively small or absolutely critical, there’s something that’s going to happen… and making compliance non-discretionary prevents these issues from rearing their heads.”
On the practical level, Locwin believes you need to move compliance down into all the levels of the organization; from the lowest levels to the highest levels and across all the verticals. This provides the compliance function with its greatest visibility and impact because if you do embed compliance, you will see a lot of different things being exposed and escalated from different levels in the organization. This will work to expand the reach of your compliance function so compliance is not just the job of a Chief Compliance Officer (CCO) or a handful of people in the corporate office trying to scan across the business, which may operate in many countries.
Embedding compliance acts as a key means to expand the reach of your program in other ways as well. Locwin stated, “detectability is one of the key problems within compliance. You simply cannot possibly detect all of the issues you need to know about – and be aware of – from the corporate office. For multinational companies, there is a great likelihood that many of the things that are potentially going wrong do not have adequate detectability. By embedding compliance across all the functions and down into the levels, it provides you, the CCO, with a mechanism where you are able to uncover issues when they happen and hopefully earlier than you ever would have uncovered them before.”
Another reason for embedding compliance is the professional backgrounds of many compliance professionals, who came out of the General Counsel’s (GCs) office. While their training was legal, it did not focus on the more quantitative components of business processes. By embedding compliance at the operational level, you can draw on not only the process experience of your front-line troops but also the quantitative nature of your sales team. Your front-line people not only do compliance, but by embedding it, it makes their business processes more efficient. This can be a key part of the business equation of operationalizing compliance – not only embedding it, but also actually using it as a business-positive factor for the organization.
Locwin agreed, noting that in addition to the corporate office not having the “bandwidth to be able to see everything that needs to be seen and uncover everything that needs to be uncovered, after you embed the process closer to the front line of the business, and you train those persons in doing compliance; the entire process will become more efficient.” Embedding compliance allows the front lines of an organization to assess and manage risks more closely and takes the information from risk-based monitoring and loops it back into your compliance processes to “systematize” your findings for continued benefit. I have found that by embedding compliance more closely to the business frontline, you actually have the ability to be more agile and nimble to manage risk more efficiently.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at email@example.com.
© Thomas R. Fox, 2018