One of the greatest things about the compliance profession is that it is only limited by its collective imagination. If you can think it up, you can probably do it. This has led not only continuing evolution of compliance programs but continuing innovation in the compliance function. As compliance programs evolve and innovate, regulators take note and the cycle becomes almost a continuous feedback loop. One technique new to compliance but squarely in the 360-degree view of communication is internal crowdsourcing, to enlist new ideas from employees, to open new sources of compliance innovation.

Internal corporate crowdsourcing was explored in  “Developing Innovative Solutions through Internal Crowdsourcing, where the authors noted, “It allows employees to interact dynamically with coworkers in other locations, propose new ideas, and suggest new directions to management. Because many large companies have pockets of expertise and knowledge scattered across different locations, we have found that harnessing the cognitive diversity within organizations can open up rich, new sources of innovation. Internal crowdsourcing is a particularly effective way for companies to engage younger employees and people working on the front lines.” They came up with seven key elements companies should use to aid in moving such an effort forward, which apply forcefully to the CCO and compliance practitioner.

  1. Keep the focus on innovation. You should use this technique for long-term initiatives and not short-term improvements. Establish the grounds for employee creativity with criteria such as (1) ability to meet employees’ unmet needs, (2) delighting the employee, (3) the solution’s newness, (4) marketability, (5) commercial viability, and (6) scalability.
  2. Give internal crowdsourcing participants slack time. If your company wants you focused solely and only on your day job, it will, by definition, limit your participation in a company crowdsourcing project to nights and weekends. This may not be when and where you do your best work. Companies must arrange to allow employees the time and space during working hours to participate meaningfully.
  3. Allow for anonymous participation. Trust is always a key issue in these types of project. Anonymous participation can help build and maintain that trust because when organizational identities are revealed in an internal crowdsourcing project, “some individuals may feel compelled to defend their formal positions.” Companies need to ensure participants “feel safe about contributing knowledge, regardless of their seniority or role in the company.”
  4. Take steps to ensure that company experts don’t exert their influence too heavily. Internal company experts will have their ideas given additional heft if their identities are known. This can have the unintended effect of intimidating others or lessening their voices in the process. Yet you must work to keep the process open to diverse perspectives, for internal crowdsourcing to produce innovative outcomes. You should have the company’s compliance experts operate as moderators and to do what they can to encourage others to come up with compliance innovations.
  5. Use a collaborative process for internal crowdsourcing. Much like Louis Sapirman’s use of social media to communicate with and obtain information from D&B’s employee base, use of an internal crowdsourcing project has the positive by-product of engagement, stating, “It’s also to build a system through which people within the organization share knowledge, learn from one another, and offer pertinent knowledge for use in new solutions.” If you can engage your employees in compliance, you will not only have a better chance of keeping them engaged, but you will also more fully burn compliance into the fabric of your organization or operationalize compliance in your organization.
  6. Design platforms that facilitate shared development and evolution of solutions. A key to internal crowdsourcing success draws inspiration from open source software. It is that employees need to see what other employees have contributed so they can build upon it. You must find a way to share knowledge among the employee base on an ongoing basis. The authors found three major benefits to such an approach: “(1) knowledge sharing among the crowd across a variety of knowledge types (not just ideas); (2) the opportunity for coevolution of solutions by the crowd; and (3) the degree to which feedback from the crowd helps to refine ideas.”
  7. Be transparent about plans for follow-up post-crowdsourcing. Not surprisingly, one major defect around internal crowdsourcing projects is lack of follow-up and lack of transparency for the employee participants. Simply put, employees not only want to know the results but they also want to know if their ideas were used. This can be a powerful motivator for future participation or the opposite. Companies need to make the process open and fair.

By internally outsourcing compliance function enhancements, a CCO can increase employee engagement in compliance. The entire process draws from your diverse employee base which brings both organizational learning and knowledge diffusion into the continuous improvement of your compliance program. Just as the data in your organization is your data, so you should not only utilize it but monetize it; your employee base can be a large and untapped source of information which can more readily be implemented and have a more rapid impact on your compliance program going forward.

Three Key Takeaways

  1. In compliance, you are only limited by your imagination.
  2. Build trust and be transparent in your process.
  3. Through internally outsourcing compliance function enhancements, a CCO can increase employee engagement in compliance.


This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to


How can a Chief Compliance Officer use 360-degrees of communication with compliance stakeholders who are outside your organization, such as those in the Supply Chain? Obviously, the communications with those third parties about your compliance evaluation is a critical element for compliance program’s success. Just as 360-degrees of communication is more than simply a two-way street of passing information, a more holistic approach is needed when dealing with third parties as they can also be a key to more than simply adherence to a compliance program but also providing back to you valuable information and modeling the culture you expect going forward. Yet how can you achieve such a more holistic approach?

This issue was explored by Jennifer Blackhurst, Pam Manhart and Emily Kohnke, in a manner in their piece “The Five Key Components for SUPPLY CHAIN”. They began by asking “what does it take to create meaningful innovation across supply chain partners?” Their findings identified five components that are common to the most successful supply chain innovation partnerships which derive from the 360-degree approach to communications.

It is almost universally recognized that third parties are your highest compliance risk. What if you could turn your Supply Chain from a liability under the FCPA to an area that brings innovation to your compliance program? This is an area that not many compliance professionals have mined. The authors set out five keys to successful innovation spanning Supply Chain partners. They are: “(1) Don’t Settle for the Status Quo; (2) Hit the Road to Hit Your Metrics; (3) Send Prospectors Not Auditors; (4) Show Me Yours and I’ll Show You Mine; and (5) Who’s Running the Show?”

Don’t Settle for the Status Quo

You should not settle for simply the status quo. Innovation does not always come from a customer or even an in-house compliance practitioner. The key characteristics are to be “cooperative, proactive and incremental”. You need to be leading the innovation change rather than catching up from behind.” If a company in your Supply Chain can suggest a better method to do compliance, particularly through a technological solution, it may be something you should well consider.

Hit the Road to Hit Your Metrics

To truly understand your compliance risk from all third parties you should get out of the ivory tower and on the road. This is even truer when exploring innovation. You do not have hit the road with the primary goal to be innovation but through such interactions, innovation can come about organically. There is little downside for a compliance practitioner to go and visit a Supply Chain or other third-party partner and have a face-to-face meeting simply to get to know the partner better and precisely identify that partner’s compliance issues.

Send Prospectors Not Auditors

While an audit clause is critical in any Supply Chain contract, both from a commercial and compliance perspective, “Too often firms use supply chain managers as auditors when they are dealing with supply chain partners.” This is wrong as you should consider these types of managers’ innovation partners and not auditors. Every third party should have a relationship manager, whether that third party is on the sales or Supply Chain side of the business. Moreover, the innovation partners are “able to see synergies where [business] partners can work together for the benefit of everyone involved.”

Show Me Yours and I’ll Show You Mine

If there has been one key theme throughout this chapter, it has been trust. In the Supply Chain and third-party arena “Trust plays an extremely important role in supply chain innovation. Firms in successful innovations discussed a willingness to share resources and rewards and to develop their partners’ capabilities.” Moreover, “Through the process of developing trust, firms understand their partner’s strategic goals.” I cannot think of a more applicable statement about compliance. Another way to consider this issue is that if your partner has trust in you and your compliance program, they could be more willing to work with you on the prevent and detect prongs of compliance regimes. Top down command structures may well be counter-productive.

Who’s Running the Show?

This really means what is each side bringing to the relationship, both in terms of resources and capabilities. In the compliance regime, it could well lead to your partner taking a greater role in managing compliance in a specific arena or down a certain set of vendors. Your local Supply Chain partners might be stronger in the local culture, which could allow it to lead to collaborations by other vendors in localized anti-corruption networks or roundtables to help move the ball forward for doing business ethically and in compliance with relevant anti-bribery/anti-corruption laws.

Finally, as a rule, utilization increases through innovation. Imagine if you could increase your compliance process performance by considering innovations from your third parties? From the 360-degree perspective, it could lead to (1) trust and culture alignment strengthened, leading to future innovations and improvement; (2) seeing what is needed in other partners to facilitate their role in compliance innovations; and (3) both sides reaping rewards in a low cost, low risk, highly achievable manner.  Your company’s Supply Chain is literally there at your fingertips, why not tap into them with a 360-degree approach.

Three Key Takeaways

  1. 360-degree approach to communication in compliance includes stakeholders outside your company.
  2. Remember the five keys to successful innovation spanning Supply Chain partners.
  3. Your company’s Supply Chain is literally there at your fingertips, why not tap into them with a 360-degree approach.

This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to

Yesterday I paid tribute to Malcom Young, co-founder of AC/DC. Today I go in another musical direction to pay tribute to Paul Buckmaster who, according to his New York Times obituary, brought power and poignancy through orchestral arrangements to signature songs by David Bowie, Elton John, the Rolling Stones, Carly Simon and countless other rock, pop, country and jazz stars. His early work was with Elton John on John’s second album, simply titled Elton John.  Buckmaster arranged the hit single “Your Song” which became John’s first signature hit. John said ““He helped make me the artist I am,” calling Mr. Buckmaster “a revolutionary arranger” who “took my songs and made them soar.”” In many ways, he brought the human element into arrangement.

Buckmaster was classically trained, having shown a gift for music at an early age. “His mother tutored him in piano and music theory and signed him up for cello lessons when he was 4. He won his first cello competition in the 5-and-6 age group at a youth music festival. He later studied cello in Italy, and at 17 he was awarded a scholarship to the Royal Academy of Music in London.” He worked with artists as diverse as David Bowie to Guns N Roses to Miles Davis to Dwight Yoakam. Ben Folds summed it up best with this tribute posting on Facebook “I don’t want to disparage all of the brilliant arrangers out there but there was Paul, and then there’s everyone else.”

I thought about the work of Buckmaster, adding the incredible arrangements to song writers and singers work when reading an article in the Financial Times (FT), entitled “Best practice needs the human touch”, where Brian Groom posited that “resilience in business is rooted in paying heed to staff behavior.” He stands the myth of the rogue employee on its head by saying “policies and procedures count for very little if they ignore the human element.” He ties all of this into the risk management process, as it is through the management of risk that companies not only innovate but also succeed.

The key begins with leadership, where top management needs “to define the corporate culture and standards of behaviour, and improve capabilities in technology and processes. They also need to build trust among customers, suppliers and employees.” This extends to technology, which brings new challenges. Groom cites to John Ludlow, chief executive at Airmic, “If you think about kids and cyber bullying, do you think adults are going to be any different? Relationships are more detached and I think people will feel naturally easier about bullying another company with which they just have a digital relationship.”

Many issues turn on the work of two Israeli psychologists Amos Tversky and Daniel Kahneman, who Michael Lewis’s wrote about in his seminal book The Undoing Project: A Friendship that Changed Our Minds. It was the story of two Israeli academicians who authored a series of papers on humans’ decision making process. Lewis, a well-known author of such works as Liar’s Poker and The Big Short, first heard of the two psychologists after publishing his book Moneyball. Indeed, it was another paper in response to Moneyball which directly led to The Undoing Project.

The main thesis for Moneyball was that baseball was inefficient because judgers and raters of baseball talent misjudge that talent due to their mind’s biases. However, this thesis was developed by Kahneman and Tversky almost 30 years ago. They were so well known in the academic community that Kahneman won a Noble Prize in Economics. The book should be studied by every compliance professional for its insights into how the human mind works, or in some cases fails to work, when forming judgments and making decisions. In short, people do not always make rational decisions.

The implications for anti-corruption compliance programs under the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. Often one hears legal types advocating simple rules and regulations as a compliance program. They opine a compliance professional only must understand the law and then communicate that understanding to employees in a corporation to create an effective compliance program. In short, the rational mind will always make the rational and rules based decision.

In his book, Lewis explains the research and publications of Kahneman and Tversky to destroy and debunk this myth. There are wide variety of other factors which go into an employee’s decision making process, least of which could be summarized as ‘What’s in it for me?’ The work of Kahneman and Tversky also explain not only why you must have a compliance program but why a company must do compliance for the rules and regulations to gain and hold effectiveness.

In his FT piece, Groom spoke with Hersh Shefrin, professor of finance at Santa Clara University who “believes companies are not taking sufficient heed of the behavioural roots of risk-taking.” Professor Shefrin said, “What we know from psychological advances in the last 40 years is that people are highly imperfect when it comes to making judgments about risk. It’s important to understand how to improve decision-making, to identify vulnerabilities, by bringing together the quantitative tools of risk management with the qualitative psychological perspective.”

Individually, the “problem usually starts with a bias towards excessive optimism, where people expect the future to be rosier than it is likely to be, and overconfidence, where they are too sure of their capabilities and tend to under-assess risks. In organisations, there is a tendency towards collective biases such as groupthink, where people reinforce and magnify individual biases.”

Groom’s article and Lewis’s book point towards another key insight. A rules based approach, focusing simply on policies and procedures which employees will follow is not enough. There must be a human element which not only fine tunes the compliance regime but also understands that employees do not always act as rational actors. Managing the human risk in compliance requires much more than a simple legal perspective to effect.


This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2017

One of the ways that CCOs and compliance practitioners can better use 360-degrees of communication is through Twitter. In “How Twitter Users Can Generate Better Ideas”, authors Salvatore Parise, Eoin Whelan and Steve Todd found “employees with a diverse Twitter network – one that exposes them to people and ideas they don’t already know – tend to generate better ideas.” Their research led them to three interesting findings: (1) Employees who used Twitter had better ideas than those who did not do so; (2) There was a link between the amount of diversity in employees’ twitter networks and the quality of their ideas; and (3) Twitter users who combined idea scouting and idea connecting were the most innovative.

I do not think the first point is too controversial or even insightful as it simply confirms that persons who tend have greater curiosity tend to be more innovative. The logic is fairly-straightforward, good ideas emerge when new information received is shared with what a person already knows. In today’s digitally connected world, the amount of information in almost any area is significant. Yet by using Twitter, “the potential for accessing a divergent set of ideas is greater.”

The key concept for the compliance profession are the roles of Idea Scout and Idea Connector. An idea scout isan employee who looks outside the organization to bring in new ideas. An idea connector, is someone who can assimilate the external ideas and find opportunities within the organization to implement these new concepts.” It is the ability to identify, assimilate and exploit new compliance ideas, which makes this concept so powerful. However to improve your compliance innovation, “you need to maintain a diverse network while also developing your assimilation and exploitation skills.”

For the compliance practitioner, Twitter is a gateway to solution and a way to obtain different perspectives and to challenge the status quo in one’s thinking. The key is not your number of followers on Twitter but rather the diversity within your Twitter network, as “Diversity of employee’s Twitter network is conductive to innovation.” An Idea Scout will “identify external ideas from experts and resources on Twitter.” The compliance practitioner can take advantage of experts within the anti-corruption compliance field, but there is an equally rich source of innovation from those outside this arena.

Even with modern social media tools, the first key to good leadership is to listen. Listening can be enhanced, through the “breadcrumb” approach of finding innovation leaders and thought-provokers. This entails listening to colleagues and industry leaders who are Twitter “including what they are tweeting about, who they are following and replying to on the platform, who is being retweeted often”.

Equally important to this Idea Scout is the Idea Connector, who is putting the disparate strands from tweets together. For the compliance function, this will be someone who identifies compliance best practices or other information from Twitter ideas, can then put them together and direct the information to the relevant company stakeholders. Finally, such a person can “Curate Twitter ideas and matches them with company resources needed to implement them.”

There are a variety of ways an Idea Connector can use Twitter. One is to try to sift through your Twitter feed and look for trends and relationships between topics. You bring value when you stamp your own analysis and interpretation on it. Another method is to focus on analytics and one user “filtered specific subsets of the topic for different stakeholders” at his company. Another method was to create “social dashboards or company blogs based on the insight” received thought Twitter. Interesting, one of the key requirements for successfully mining Twitter was in finding ways to share its content “since many employees, especially baby-boomers don’t use the platform themselves.” Conversely by mining information from Twitter and presenting it, this can allow these ‘technologically challenged’ older employees to ascertain how they can target millennial’s.

But as much as these concepts can move a CCO or compliance practitioner to innovation in a compliance program, it can also foster additional communication through the following of your own employees. It is well known that Twitter can facilitate greater communication to and between the compliance function and its customer base, aka the company employees. The use of Twitter to enable this same type of innovation because it “is different than email and other forms of information sources in that it enables continuous engagement”.

Twitter was created to allow people to connect with one and other and communicate about their activities. However the marketing potential was immediately seen and used by many companies. Now a deeper understanding of its use and benefits has developed. For the compliance practitioner one thing you want to consider is to align your Twitter and great social media strategy with your compliance strategy; match your Twitter strategy to your compliance strategy.

Twitter can be powerful tool for the compliance practitioner. It is one of the only tools that can work both inbound for you to obtain information and insight and in an outbound manner as well; where you are able to communicate with your compliance customer base, your employees. You should work to incorporate one or more of the techniques to help you burn compliance into the DNA fabric of your organization.

Three Key Takeaways

  1. Twitter can be powerful tool for the compliance practitioner.
  2. Data mine twitter for not only best practices but see what the regulators may be saying.
  3. Curiosity may have killed the cat but it makes for a far better and more effective compliance practitioner.


This month’s podcast series is sponsored by Dun & Bradstreet.  Dun & Bradstreet’s compliance solutions provide comprehensive due diligence reporting and analysis to reduce your risk of working with fraudulent companies by accessing a company’s beneficial ownership, reputation risk and more.  For more information, go to

Jay and I return for a wide-ranging discussion on some of the top compliance and ethics related stories of the week, in our special holiday edition.

  1. The DOJ/SEC FCPA Guidance turned 5 years old this week. For the compliance practitioner, it is the seminal document on how to do compliance. See Tom’s article in the FCPA Compliance Report.
  2. Wal-Mart reserves $283MM to settle its outstanding FCPA matter. See article by Dick Cassin in the FCPA Blog. Henry Cutter reports in the WSJ Risk and Compliance Journal.
  3. Tom Fox and Matt Kelly explore the intersection of shareholder activism and the structure of a compliance program. See Matt’s blog posts on Radical Compliance Part I and Part II. See Tom’s blog post here. Finally Tom and Matt took a deep dive into the issue in Episode 60 of Compliance into the Weeds.
  4. The FIFA trial is ongoing in NYC. It has featured anonymous jurors, threat against witness and claims that Fox Sports paid bribes. See stories in the WSJ Risk and Compliance Report, The Daily Mail, and Reuters.
  5. Mike Volkov has a four-part series on putting ethics back into corporate culture. Part I; Part II; Part III and Part IV.
  6. Tom visited with Marc Havener and Bryan Belknap about using movie clips to expand your compliance training classroom. See Tom’s blog post here.
  7. Will there ever be another corruption conviction of a politician in the US? Sam Rubenfeld explores this question in light of the hung jury in the Menedez mistrial in WSJ Risk and Compliance Journal.
  8. SEC report indicates hundreds of millions in whistleblower bounty awards coming. See article in National Law Review.
  9. Join Tom’s monthly podcast series on One Month to a More Effective Compliance Program. In November, I consider how a 360-degree view of communications can enhance your compliance program. This month’s sponsor is the Dun & Bradstreet. It is available on the FCPA Compliance Report, iTunes, Libsyn, YouTube and JDSupra.
  10. The Everything Compliance gang put together an eBook of their reflections from the recent SCCE 2017 Compliance and Ethics Institute. It is available for download free on JDSupra. It is also available on the Affiliated Monitors site by clicking here.