This week in a special five-part podcast series on the FCPA Compliance Report, hosted by GAN Integrity, Inc. (GAN), we consider the evolution of compliance, from disconnected to connected. We explore why compliance is disconnected and what can be done to connect it, how to build a connected compliance program, how technology can help in this endeavor and, finally, what is the human side of compliance in the context of connected compliance. The series is a fascinating exploration of where compliance is in 2019 and where it is headed down the road.
I visited with Thomas Sehested, GAN founder and Chief Executive Officer (CEO), to discuss what he sees as connected compliance from his perspective as a serial entrepreneur in the tech sector. It is this perspective that Sehested brings to the compliance arena that I find so helpful to the compliance practitioner. He said that he sees many technological solutions to other corporate disciplines, such as Human Resources (HR), finance and sales, but he sees a lack of systems that integrate compliance work processes which enable a compliance professional to generate statistics to demonstrate to senior management to validate what the compliance function is doing on a day to day basis. He stated, “When we looked at compliance, we know we didn’t see that functionality. We saw a lot of great point solutions that would handle your hotline, gifts, travel and entertainment expenses and your training of your employees. The disconnectedness came from the situation where there really was not a system that had all of this in one platform.”
In Sehested’s view, connected compliance “enables a CCO and all those people in the organization working with compliance, to have one central place, a one system of record for everything they do.” This can be their whistleblowing hotline, case management, training of their employees or training of their vendors policy. It is literally connecting them all so they are running from one central location and these disparate systems can be monitored from one central location. He put it as, “really like getting everything under one roof.”
I was struck by that metaphor, “getting everything under one roof”, as one of the struggles many compliance officers have is that the information they need is literally siloed across different functions of the company. Information can be contained in the sales function, where there may be employee expense data, information on marketing expenses or charitable donations may be in the sales organization but it could be spread among other corporate functions as well.
The GAN approach is to plug into these systems and transfer the data to one platform, so that the Chief Compliance Officer (CCO) will have a consolidated view. From the technology perspective, this is designed to foster ease of efficiency for the compliance professional to access data. Sehested also believes this moves past simply the CCO or compliance function. It can elevate into senior management and the Board of Directors as well.
By having information on an integrated platform, presented in a visual format, a Board can more directly engage in its role of oversight of the compliance function. The Board can see the bigger picture at the strategic level and also drill down into the tactical level if it so desires.
For the C-Suite, it fosters a more effective compliance regime which can assist a business to run more efficiently and, at the end of the day, more profitably. Moreover, by having this data, a CCO can present information to those making business decisions to help them move the business forward to run it more efficiently. Sehested added, “information is really key here. If you are not dealing with all the information, it becomes very hard to make decisions. But if you consistently have a 30,000 foot view, a picture of your organization, you’re able to communicate that effectively, swiftly from your iPad, your phone, wherever you are to management when they need it. Not two weeks later.”
It is clear that the driving force for change in compliance is technology. The Department of Justice (DOJ) and Securities and Exchange Commission (SEC) have both talked about the need to incorporate technology into a best practices compliance program. Yet there still and will always be the need for human element in compliance. In many ways it is because a CCO or compliance practitioner is in a leadership position in an organization. I asked Valerie Charles, GAN’s Chief Strategy Officer, what qualities she thought made a top-notch CCO and she emphasized, “you have to be a strategic partner to the business and you have to be able to determine when your compliance team should be making judgment calls versus when you should be relying on kind of objective data.”
Obviously, this requires striking a balance, getting the uniformity so that you have predictability in the way that the organization is going to respond to issues. Charles stated, “as problems arise, this uniformity becomes important.” Yet the CCO must still factor in the human judgment. While you may have “this crazy technology that is fantastic, there’s no substitute for human judgment.” Where technology can come into play is around administrative or more rote tasks of the compliance professional. This means wedding the human judgement with the right set of data as inputs.
Charles sees the next step as “real-time transparency” where you are not simply setting up policies and procedures but overseeing them real-time, literally across the globe so that you are following compliance as it happens. This means the corporate compliance function has access and transparency, so that you are looking at objective data and have a close enough relationship with your eyes and ears and compliance team members on the ground where the business operates. This allows you to respond to things that are going on to change procedure, policy and react and even engage in discipline when necessary.
All of this is what the DOJ has articulated as operationalizing compliance. It first garnered attention in the February 2017 release of the Evaluation of Corporate Compliance Programs. Since that time, compliance practitioners have steadily worked to move their compliance programs forward onto the front lines of their business units. Connected compliance is one way to do so but it clearly requires a human element to not only interpret but to impart the appropriate or required compliance solution. Charles said, “I think operationalizing compliance means that you cannot have an annual or even quarterly update on what’s going on in the program. It must be operationalized in such a way that you are sharing information not only with the regional business units of floating up to the corporate compliance folks, but also sharing information back and forth with the other business units, procurement, finance and reacting in real time.”
Connected compliance also works towards elevating the compliance function within the organization. Charles said, “for compliance to be effective, you have an understanding of the business and even frankly a more fundamental way than the legal department. You need to know how money flows through the business to be able to figure out where controls need to be. You must know and understand onboarding and the full lifecycle of relationships with your employees, with your outside third parties and your business partners.” She concluded that if your compliance function does not have involvement and buy-in from at a minimum HR procurement, finance and audit, “you don’t really have a working program.”
We ended with exploring how can compliance professionals and compliance officers advocate for a more connected compliance program within their organization? Charles said it begins with recognizing you many need a solution without any glaring problem in front of you. If you have multiple reporting systems, that alone will create inefficiencies. What can you do to reduce this number? Consider implementing a standard platform that gives you the ability to have data feeds that would present a real-time graph or chart within a dashboard. All of these will help you to have both a more robust compliance solution and bring greater value to your organization.
The human side of compliance will never go away even as there is an enhanced technological solution. These factors help make compliance one of the most exciting and rewarding professions around. It is why I claimed the mantle of the Compliance Evangelist and why I am so passionate about the compliance profession.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2019