One of the lessons we have learned from various Foreign Corrupt Practices Act (FCPA) enforcement actions over the years is how complexity in business organizations can work to defeat compliance programs. Whether a corrupt employee is working to actively hide a pot of money which can or will be used to pay a bribe or an improper payment slips through the cracks; complexity can work to defeat a best practices compliance program. If a compliance function does not have visibility into a business unit, how it does business and where its payments are going; it may be due to designed or inadvertent complexity.
I was therefore interested in a recent Harvard Business Review (HBR) article which attacked this issue head on. It was entitled “Taming Complexity” by authors Martin Reeves, Simon Levin, Thomas Fink and Ania Levina. The first thing to understand about complexity is that it is not all a bad thing. Complexity can add to organizational resilience and even flexibility. It can also lead to adaptability, as sustained business and compliance performance requires new offerings and capabilities – which can be created by recombining existing elements in fresh ways. Finally, complexity can lead to better coordination by business units across geographic regions and product lines. The bottom line to all of this is that complexity is not only here to stay but in the increasingly global world of business, it is a necessity. How is the compliance professional going to deal with it going forward?
The authors list several ideas and concepts which you can employ. They start with a company using simple, common operating principles. That is, “simple underlying principles with which all elements and connections must comply. That increases the chances that new elements and connections will fit comfortably into the organization and also contains complexity.” They pointed to a company which ran its business on foundational principles, specifically including transparency. If you can move towards both transparency in all of your processes and protocols AND in the human element, so that personnel do not hide information, it can work to reduce complexity or at least make the complex less opaque.
Perhaps counter-intuitively, the authors also suggest relaxing controls. While this may actually sound antithetical to the compliance professional, a deeper analysis reveals this is actually the operationalizing of compliance. Instead of micromanaging each compliance decision, allowing employees the freedom to engage in constant, iterative experimentation can lead to more-powerful compliance outcomes than deliberately designing and tightly managing each step. This is particularly true in organizations whose environments are evolving in unpredictable and unprecedented ways.
The operationalization comes from the emergence of innovations. The more that autonomous small teams and even individual employees are experimenting with new elements and connections, the more options they create for the organization – as long as the innovations are properly codified and made available to all teams and groups. A great example of this was the GeoRegion Compliance Committees developed by BakerHughes Company. However, a critical element is that employees are required to document and then report their recommendations and predict outcomes. From this point, the compliance function can “serve as an enabler and a sounding board for the experimenters rather than to direct them precisely.”
Lastly is a step the authors call “fix, repair and prune.” While this step is closely akin to prevent, detect and remediate, it does present views not normally used by compliance professionals. Yet once again, if you think about it for any length of time, you can see that it will add robustness to a mature compliance program. Here the authors suggest creating a culture that encourages employees to look out for and eliminate obsolete processes. Of course this requires a true speak up culture and fully functioning reporting system. But if you have this the authors believe you will increase both the “level and pace of innovation.” Conversely, if you fail to do so, you might well “reach the point where nobody has a complete understanding of them.”
While it is true that complexity in an organization can accumulate “until it is intractable and hard to reduce through incremental action.” If your organization is in that situation, you will need to develop another set of processes to unstick the complexity and recycle resources to reduce the overall complexity. The authors impart “One way of achieving this is to establish new structures with a finite time horizon, identifying exit strategies in advance. By building in exit options at the beginning, rather than subjecting legacy elements to endless modification, leaders can avoid the accumulation of excessive complexity.”
While the authors believe that most companies say they “prefer simplicity over complexity, but the truth is that complexity is increasingly necessary for viability and competitiveness in today’s dynamic, unpredictable business environment.” I would say this is even more true for the corporate compliance function. As compliance moves into the 2020s, it’s a great decade of innovation and change is in front of us. Compliance is no longer lawyer-driven rules and regulations. Compliance is now properly scene as a business process and properly recognized, is not simply a business innovator but can also be a profit center.
Compliance is now in an era of brisk innovation and evolution. It is prone to technological change and rapid obsolescence of the lawyer-driven, spreadsheet and word document-based compliance program. Going forward the compliance professional needs to understand that a “package of resilience, adaptability, coordination, and inimitability becomes more attractive than the package of efficiency, understandability, manageability, and predictability.” The key is to learn how to harness complexity on a sustainable basis.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at email@example.com.
© Thomas R. Fox, 2020