Why is innovation so critical in every compliance program? Is it simply because the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) say it is so; or are there other reasons? After all, there are still commentators who believe that compliance programs should be maintained in the same state today as they were in 1977 when the Foreign Corrupt Practices Act (FCPA) was enacted into law. The reason compliance programs must continually innovate is that businesses continually innovate, risks continually change and the bad guys out there who are prone to engaging in bribery and corruption are coming up with new and different ways to lie, cheat and steal their ways into bribery and corruption, illegal under the FCPA.
Begin by considering the starting point, which is an innovation strategy. In the most recent DPAs and NPAs issued by the DOJ they all include an element along the following strictures:
The Company will conduct periodic reviews and testing of its anti-corruption compliance code, policies, and procedures designed to evaluate and improve their effectiveness in preventing and detecting violations of anti-corruption laws and the Company’s anti-corruption code, policies, and procedures, taking into account relevant developments in the field and evolving international and industry standards.
The 2012 FCPA Guidance stated, “Finally, a good compliance program should constantly evolve. A company’s business changes over time, as do the environments in which it operates, the nature of its customers, the laws that govern its actions, and the standards of its Guiding Principles of Enforcement industry. In addition, compliance programs that do not just exist on paper but are followed in practice will inevitably uncover compliance weaknesses and require enhancements”. Both of these statements mean that the DOJ and SEC expect innovation in your compliance program to keep up with evolving international and industry standards. This requires you to implement an innovation strategy.
Yet even more importantly, you must have an innovation strategy for your compliance program to keep up with business changes and the changing nature of fraudsters. The key to success is something that every CCO or compliance practitioner should take to heart; a compliance practitioner must be able to lay out an innovation strategy for compliance that details the efforts that will support the overall business strategy. This means creating an innovation strategy for compliance that will create value for customers of compliance (i.e., employees), third-parties, and the customer; show how the company will capture that compliance value going forward; and, finally, which types of compliance innovation to pursue.
In a 2015 Harvard Business Review article, entitled “You Need an Innovation Strategy”, author Gary P. Pisano said a “strategy is nothing more than a commitment to a set of coherent, mutually reinforcing policies or behaviors aimed at achieving a specific competitive goal.” If you have a good innovation strategy for your compliance program, it can promote alignment among diverse groups in a company, help to clarify objectives and priorities and guide your focus on those objectives. It can also be modified as necessary with sufficient feedback.
There are several questions you need to consider in connecting innovation to strategy. Initially, how will innovation create value for the customers of compliance; i.e., your employees and relevant third-parties? Your innovation can make compliance faster, easier, quicker, nimbler and more agile. Focus on that creation of value going forward. Next what types of innovation will allow the company to create and capture value, and what resources should each type receive, such as a change in technology and a change in a business process? Both are equally valid.
Obviously senior management has a key role around innovation in compliance, as innovation can be driven downward or backward if there is not sufficient management support. This means not only must there be sufficient resources allocated but management must also incentivize the business units to proceed with implementing the innovations. Another area where senior management is critical is with making trade-offs. A supply-push approach comes when your innovation is focused on something that does not yet exist, for example if you are initially implementing a FCPA compliance regime. A demand-pull approach works more closely with your existing customer base to determine what they might need and work to implement innovation around those needs.
You must recognize that your compliance program will have to be innovative. Start with a strategy which has senior management buy-in and support, then move to implement. Finally, use data in a feedback loop to fine tune your innovations. Innovation in compliance is one of the key differences between those who advocate static compliance standards embodied in a written compliance program and those who advocate an operationalized compliance program. It is that the latter that creates an active, vibrant and effective compliance program. That is the bottom line for innovation of your compliance program going forward.
The above is excerpted from my latest book, The Complete Compliance Handbook, which contains an entire chapter on Innovation in Compliance. For more information on this topic and the full panoply of the design, creation and implementation of an operationalized compliance program, check out my book on Amazon.com.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2018