Design thinking is another innovation which can help the Chief Compliance Officer (CCO) move forward in a cutting-edge manner to make a compliance program not only more robust but also operationalize it into the fabric of the company. Such a mechanism would help to drive compliance into the operational nature of a company

Design thinking can bring innovation in a number of ways to your compliance program. Jon Kolko discussed this innovation in a 2015 Harvard Business Review article, entitled “Design Thinking Comes of Age”. Kolko’s insight that, “the approach, once used primarily in product design, is now infusing corporate culture” is one that any CCO or compliance practitioner can use in redesigning your compliance program for your internal customers (i.e., your employees) and third-parties that may fall under your compliance program. These groups have a user experience in doing compliance that may be complex and interactive. You need to design a compliance infrastructure to the way people work so that doing compliance becomes part of the workforce DNA.

The first component of design thinking is to focus on the users’ experience with compliance. Kolko stated that designers need to focus on the “emotional experience” of the users; he explained that this concerns the “(… desires, aspirations, engagement, and experience) to describe products and users. Team members discuss the emotional resonance of a value proposition as much as they discuss utility and product requirements.” For the compliance function, this could be centered on the touch points the employee base has with the compliance function and this should be “designed around the users’ needs rather internal operating efficiencies.”

The next step is to create something design thinkers use called “design artifacts.” While this is usually thought of as a physical item they can also be “spreadsheets, specifications, and other documents that have come to define the traditional organizational environment.” Their use is critical because “They add a fluid dimension to the exploration of complexity, allowing for nonlinear thought when tackling nonlinear problems.” Whatever the compliance practitioner may use, Kolko said, “design models are tools for understanding. They present alternative ways of looking at a problem.”

The next step is to “develop prototypes to explore potential solutions.” In other words, build a part of your system and test it from the users’ perspective. Here the author quoted innovation expert Michael Schrage for the following, “Prototyping is probably the single most pragmatic behavior the innovative firm can practice.” I think this is because “the act of prototyping can transform an idea into something truly valuable” through use, interaction and testing. Simply put, prototyping is a better way to communicate ideas and obtain feedback.

While it may initially sound antithetical to the CCO or compliance practitioner, a key component for design thinking is a tolerance for failure. I realize that initially it may appear that you cannot have failure in your compliance program but when you consider that design thinking is an iterative process it becomes more palatable. Kolko quoted Greg Petroff, then Chief Experience Officer at GE software, about how this process works at GE, “GE is moving away from a model of exhaustive product requirements”, adding “Teams learn what to do in the process of doing it, iterating, and pivoting.”

However, design thinkers must “exhibit thoughtful restraint” when moving forward so that they can have deliberate decisions about what processes should not do. This means that if a compliance process is too complicated or requires too many steps for the business unit employee to successfully navigate, you may need to pull it back. I like the way Kolko ends this section by stating that sometimes you lead with “constrained focus.”

Kolko ended his article by noting three challenges he sees in implementing design thinking, which I believe apply directly to the CCO or compliance practitioner. First is that there must be a willingness to accept more ambiguity, particularly in the immediate expectation, for a monetary return on investment (ROI). A more functional or better compliance system design may not immediately yield some type of cost savings but it may be baked into the overall compliance experience, providing greater operationalization. Second, a company must be willing to embrace the risk that comes from transformation. There is no way to guarantee the outcome so the company leaders need to be willing to allow the compliance function to take some chances in directions not previously gone. Third is the resetting of expectations as design does not solve problems but rather “cuts through complexity” to deliver a better overall compliance experience. This in turn will make the company a better-run organization.

One of the key insights to developing a best practices compliance program is that rather than simply concluding that violations of anti-corruption laws were engaged in by bad actors, it is rather good people doing bad things such as engaging in bribery and corruption. Using design thinking to improve your compliance regime by building from the ground up rather than a legalistic top-down approach is favored by most lawyers. This means it all starts with the employees, not simply the problem. So, you begin by asking questions, lots of questions. From this point, he suggests that you formulate the proposed solution.

From this point, you are ready to begin brainstorming to come up with some solutions. First is to articulate the issue to be solved with specificity. The second step is to determine what you want to achieve, your objectives. The third step is to “generate substitute solutions and create a list of alternatives”.  And finally, you end with collectively generating alternative solutions.

The final step is to test the proposed solutions. The key is to avoid prejudgments, allow the professionals to interpret the results and obtain their feedback. You should go through the process multiple times, which allows you to narrow the scope of the solution.

This design thinking protocol can help to create a more effective ethics and compliance training model by using employees to provide the initial input to improve its effectiveness and relevance to the front-line employees. The compliance team then implements several proposed solutions until the most operative one or ones becomes apparent. These are then rolled out companywide for better and more effective compliance training. As the entire process is documented, when the regulators, such as the Department of Justice (DOJ) or Securities and Exchange Commission (SEC), come knocking, you will have the ability to not only explain your training but also demonstrate its effectiveness. 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2020