While many compliance departments may have begun more as a command and control function, set up by lawyers to comply with anti-bribery laws such as the FCPA, UK Bribery Act or others; this type of leadership model is now becoming outmoded in today’s world. It is not that employees are interested in the ‘why’ they should do business ethically and in compliance with such laws but it is more that power is shifting inside corporations. In a HBR article, entitled “Understanding “New Power””, authors Jeremy Heimans and Henry Timms explore how leadership dynamics are changing and what companies might be able to do to harness them. I found them to have some excellent insights, which a CCO moving to CCO 2.0 or compliance practitioner might be able to garner for a compliance function.

The authors begin by noting that ‘new power’ differs from ‘old power’ in a bi-lateral dimension of intersection. This intersection is between the models used to exercise power and the values which are now embraced. It is the understanding of this shift in power, which will facilitate the compliance function moving more to the forefront of a business integration role. The new power models are fourfold. Under sharing and shaping a company is much more integrated with its customers and supply chain. Second is funding which continues this integration by adding a vertical component of funding, whether equity positions or some other type of funding. Third is producing in which “participants go beyond supporting or sharing other people’s efforts and contribute their own.” Finally, there is co-ownership, which is the most decentralized, pushing participation down to the lowest or most basic levels.

But beyond these new power systems, the authors believe that “a new set of values and beliefs is being forged. Power is not just flowing differently; people are feeling and thinking differently about it.” The authors call them “feedback loops” which “make visible the payoffs of peer-based collective action and endow people with a sense of power. In doing so, they strengthen norms around collaboration”.

The authors lay out five new values. They include the area of governance where the authors note, “new power favors informal, networked approaches to governance and decision making.” Next is in the area of collaboration where the authors believe that this new power value rewards “those who share their own ideas, spread those of others, or build on existing ideas to make them even better.” The next new value is DIO or do it ourselves. Under this value, there is a “belief in amateur culture in arenas that used to be characterized by specialization and professionalization.” Next is transparency which, while not a new concept, says that more permanent transparency between business and social lives will lead to a “response in kind from our institutions and leaders who are challenged to rethink the way they engage with their constituencies” specifically including their employee base. The final new value identified by the authors is affiliation, which means that new and younger employees are less like to “forge decades-long relationships with institutions.”

The authors have three prescriptions that I found could be useful for the CCO or compliance practitioner to incorporate into a mature and evolving compliance program moving forward. Compliance functions need to “engage in three essential tasks: (1) assess their place in a shifting power environment, (2) channel their harshest critic, and (3) develop a mobilization capacity.

Assess where you are

This prong is quite close to something compliance practitioners are comfortable with in their role, a risk assessment. However the authors suggest that the assessment be turned inward so you should assess the compliance function on this “new power compass—both where you are today and where you want to be in five years.” You can benchmark from other companies in responding to this query. Internally, you can begin this process with a conversation about new realities and how the compliance function should perform. More importantly such an assessment can help you identify the aspects of their core models and values that should not be changed.

Incorporate business unit interests

The authors note, “Today, the wisest organizations will be those engaging in the most painfully honest conversations, inside and outside, about their impact.” However, I think this question should be asked first by the CCO or compliance practitioner. For it is not only what you are doing to work with your business units but more importantly what are you doing to incorporate their concerns and suggestions into your compliance regime. If you are going to ask the business unit to be a significant partner or better yet be your business partner, you will need to have a mechanism in place to engage your business unit so there can be an inflow of input before the compliance function has an output of requirements. As the authors write, “This level of introspection has to precede any investment in any new power mechanisms” to which I would add any successful compliance function.

Mobilize your capacity

Here I suggest you consider contracted third parties and other third parties such as joint venture (JV) partners as an avenue through which the compliance function can bring greater benefits to an organization. Compliance expert Mary Jones, the former  Global Industries Director of Compliance, often discusses her training of the company’s third parties and how thankful they were that when she would personally travel to their locations and put on in-person training. Her efforts to travel to their locations, spend the money required to do so not only directly strengthened Global Industries’ compliance function but created allies for her efforts by giving these suppliers the information and training they needed to comply with their customers requirements. By reaching out in this manner, Global Industries used its contracted third party suppliers to create a stronger company compliance program.

As the anti-corruption compliance profession matures, it will become more a component of a company’s business function. This means less of a lawyer’s top down mentality of do it because I said to do it, to more collaboration. 

Three Key Takeaways

  1. The lawyer driven command and control method for compliance is outmoded and outdated.
  2. A feedback loop can be used in the leadership function as well.
  3. Innovation in compliance leadership is recognizing the bi-lateral nature of power and communications in an organization.


This month’s podcast series is sponsored by Oversight Systems, Inc. Oversight’s automated transaction monitoring solution, Insights on Demand for FCPA, operationalizes your compliance program. For more information, go to OversightSystems.com.

Jay and I return for a wide-ranging discussion on some of the top compliance and ethics related stories, including: 

1. Telia settles massive FCPA enforcement action. See reports by Dick Cassin the FCPA Blog, here and here. The Telia resolution documents include SEC Cease and Desist Order, SEC Press Release, DOJ Information, DOJ Press Release and DOJ DPA. The Coscom settlement documents include the DOJ Information and Plea Agreement.

2. New concerns about money laundering in Venezuela for US commercial entities. See article in the FCPA Blog.

3. Airbus Launches Internal Probe Into Unexplained Payment. See article by David Pegg and Rob Evans in The Guardian.

4. ENI releases new information about allegations of bribery and corruption in Africa. See article by Jaclyn Jaeger in Compliance Week.

5. Compliance Week Editor Bill Coffin interviews Hui Chen. See Bill’s article in Compliance Week.

6. More details on the FCPA probe of Uber. David Ingram reports in Reuters.

7. Astros clinch the AL west.

8. Burner phones, Ole Miss recruiting scandal and compliance. Tom explores in Compliance Lessons from Burner Phones.

9. This month’s podcast series on One Month to a More Effective Compliance Program is in full production. In September, I am reviewing innovations for your compliance program. This week’s topics include superforecasting in your compliance program, OODA feedback loop, real-time v. right-time monitoring in your compliance program, improvisation in compliance and putting compliance at the center of business strategy. Oversight Systems is this month’s sponsor.  It is available on the FCPA Compliance Report, iTunes, Libsyn, YouTube and JDSupra.

10. The Jay Rosen weekend report preview.

The life of a Repo Man is always intense…

That was one of the greatest lines from one of the greatest movies from one of the greatest laconic actors of all time. Of course it was Harry Dean Stanton who died over the weekend. Along with Jack Elam, Stanton had one of the most expressive faces of any actor ever. The New York Times obituary, said of Stanton, he was “the gaunt, hollow-eyed, scene-stealing character actor who broke out of obscurity in his late 50s in two starring movie roles”. The tributes listed in this piece were simply exceptional. Vincent Canby had written that “Stanton’s “mysterious gift” was “to be able to make everything he does seem immediately authentic.”” Roger Ebert said, “Stanton was one of two character actors (the other was M. Emmet Walsh) whose presence in a movie guaranteed that it could not be “altogether bad.””

He was in some of the most memorable movies around, in addition to Repo Man his corpus included Alien, Pretty in Pink, Escape from New York, Cool Hand Luke and The Last Temptation of Christ. However, my favorite was Repo Man, one of the great satirical commentaries on the 70s “Me” generation. Rolling Stone said of the role, “Writer-director Alex Cox’s ode to classic Hollywood noir, bratty L.A. punk and Seventies’ midnight movies is perfect in pretty much every way. But the best choice Cox made was to hire Stanton to play a philosophical veteran repo man named Bud, who teaches the rootless hero Otto (Emilio Estevez) how to swipe deadbeats’ cars with no regrets. A devout believer of a social order – on his own terms, at least – Bud makes ruining poor people’s lives sound like a religious calling.”

Even if his life and roles were intense, Stanton never gave it away. Similarly, the life of a Chief Compliance Officer (CCO) can also be intense and the most powerful tool you have is persuasion. Stanton and his laconic acting style demonstrated that is often soft skills which win the day. This means a CCO needs to bring another skill set to bear to do their job. Jenny O’Brien, CCO at United Health Care, has talked about the techniques that a CCO can use to influence decision making in a company in order to do business in compliance and ethically. She has called these techniques of persuasion “Seven Steps of Influence” and advocates a CCO to employ to help influence decision-making within an organization.

  1. Collaboration. As a CCO you need to know your company’s business. If you are new to an organization she said you must take time to learn the business. You should sit in on sales meetings and, when appropriate, you should go out on sales call. Channeling your inner Atticus Finch, you must walk in the shoes of the business leaders you are assisting. By doing so, you will not only understand the products and services that your company offers but also the challenges that your business development team will face out in the world.
  2. Listen. You must work constantly at active listening, which is listening, thinking and then speaking, and not just jump into the middle of a conversation, talk to people in a manner that will address their concerns. When you do speak, be prepared to make the case for the compliance proposition that you are trying to get across. As a CCO, strive to be relevant in every interaction you have with your senior management peers. This sometimes it means speaking up at meetings or other forums but sometimes it means listening. Develop a rapport with your business team and this rapport can lead to trust building.
  3. Relationships. This is not inter-personal relationships but those between the compliance function and other functions in an organization through a CCO or compliance practitioner can bring influence to bear. It all begins with building trust with others within your organization. Invest time to find others in your organization that you want to work and with those with whom you desire to build relationships. The key relationships that a CCO or compliance practitioner can develop are with the audit function, the legal department, Human Resources, IT and corporate communications.
  4. Humility. Humility is important because it empowers. It can empower others to expand the circle of influence and get others in a corporation to influence an ever-expanding circle on behalf of compliance. The CCO does not need center stage. Echoing the Department of Justice (DOJ) Evaluation of Corporate Compliance Programs requirement that compliance should be operationalized, business units should solve compliance issues, as compliance is just another business process. Through such influence where you can get the business unit resources to solve a compliance problem, you will hold down the costs of the compliance function. It is not about being right but about moving the compliance ball forward in the right direction.
  5. Negotiation. A compliance practitioner you need to learn the art of compromise. Negotiation is not about the dichotomy of winning and losing an argument or debate. A CCO should strive to redefine what a win might look like or what a win might consist of for a business unit employee. When faced with such a confrontation, try to determine what both sides wanted then give them something else in addition to what they thought they wanted. A CCO can be considered a mediator not just simply an enforcer or Dr. No from the Land of No.
  6. Triple ‘C’. Calm, cool and collected because all company employees, up and down the chain, are watching the CCO. For this reason, a compliance practitioner should channel their inner Harry Dean Stanton and have a laconic face, at all times. The Triple C’s are important because organizations look to the CCO to solve complex issues with simple solutions. When faced with a compliance issue or an obstacle you should endeavor to keep everything on an even keel and never let them see you sweat.
  7. Credibility. The final of the seven pillars was that the CCO role needs to be adequately scoped and that the accountabilities need to be clearly defined. Put another way, what is your job scope as the CCO and what is the function of the compliance department? What is your accountability to decide the resolution to an issue? As a CCO, you must demonstrate your value as a non-revenue function. This may require you to get out of your office and put on a PR campaign for compliance. A CCO needs to guard their independence in job function and reporting. You must make clear that you will have independent reporting up to the Board or Audit Committee of the Board.

Influencing, using persuasion is not a one-time activity. It is ongoing. Think of Harry Dean Stanton in Repo Man showing a young Emillo Estevez the ropes or perhaps as one of the crew of the Nostradamus in Alien; even the lost soul in Paris, Texas, who emerges from the desert and gradually reconnects with the family he abandoned. But think of Stanton and channel that inner ability to be great all the while keeping a cool face.


For a YouTube clip of the iconic line Repo Man’s always intense, click here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

The top compliance roundtable podcast is back with a wealth of new topics. Stayed tuned to the end where there are some great rants in this edition.

  1. Jonathan Armstrong considers the UK government’s response to GDPR. Jonathan rants about idiots on social media.

For the Cordery Compliance client alert and podcast on the topic see the following: 

UK Government publishes GDPR intentions

GDPR Intentions with New Criminal Offenses Published by UK Government

 2. Jay Rosen brings a detailed discussion of voluntary monitoring and contrasts it with the ISO 37001 standard. Jay rants on the Patriots lose in their season opener.

For Jay Rosen’s posts see the following:

Mayweather, Jr. vs. McGregor; Balboa vs. Creed and ISO-37001 vs. Voluntary Monitoring

Part II, with Mike Volkov and Matt Kelly’s remarks will appear next week.

The members of the Everything Compliance panel include:

  • Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
  • Mike Volkov – One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com.
  • Matt Kelly – Founder and CEO of Radical Compliance, is the former Editor of Compliance Week. Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong – Rounding out the panel is our UK colleague, who is an experienced lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com

Last week, I was interviewed by David Banks, the Senior Content Marketing Manager at NAVEX Global, for the firm’s blog. One of the questions he posed to me struck me and it was “When it comes to contributing to a greater good, is there a distinction between ethics and brand building?” My immediate response was, “There is no distinction between ethics and brand building. Put another way, your organization’s brand is its ethical behavior.” I was therefore intrigued by a recent article in the Harvard Business Review (HBR), entitled “Competing on Social Purposeby Omar Rodríguez Vilá and Sundar  Bharadwaj. The authors posited that companies could gain greater market share and have financial success by tying social purpose missions to growth. That seemed to me quite like tying ethics and brand building.

The reality of today is that a company doing business with ethical behavior and having an ethical culture is a market differentiator. It can not only drive customer behavior in a positive manner but equally significantly millenniums place large stock in companies which are seen to do the right thing. It has led to an expectation that companies will do the right thing. Clearly, this is not something which happens overnight but having an effective strategy can create value for an organization by building adjacencies and can be used to mitigate the risk of both negative associations and threats to an organization.

The article had several concepts which I thought gave resonance to compliance and which a Chief Compliance Officer (CCO) could use going forward to advocate for ethics and compliance within an organization. The first is an ethical heritage, which can be used to identify opportunities to demonstrate the brand’s commitment. We have seen that here in Houston in the wake of Hurricane Harvey with companies which could respond immediately garnering a huge wave of positivity and increase in brand share.

The article identified challenges which are applicable for a CCO. Obviously, a course, once set is hard to change. While most companies are aware of the Foreign Corrupt Practices Act (FCPA) and are attempting to do business in compliance, changing perceptions in an organization can still be difficult. Not only does it require steadfast support of senior management but the CCO and compliance department must accomplish the day in and day out execution of a compliance regime.

It can be difficult to gauge the effect of an ethics program on a business. Return on Investment (ROI) for an ethics and compliance program is still in many ways viewed as the Holy Grail of a compliance program. While surveys can help project out how a company is perceived, it can lead to unreliable estimates of market response and growth based upon the ethics function of an organization. Finally, all parties must not get distracted and keep their eye on the compliance ball going forward.

One example from Houston after Hurricane Harvey is that of H-E-B who demonstrated the next key asset of a robust and functioning ethics and compliance program; the ability to move into adjacent businesses. The company was the logistical leader in delivering both food and supplies. It was the logistics solution which was so powerful for the organization. An effective ethics and compliance program allows a company to manage more risk because the risk management strategies are so much stronger and work better. It is the same reason you have brakes on a car; not to slow down but so you can take more risks by driving faster. To gauge whether your ethics and compliance program can help you move into an adjacent business, consider these three questions:

  • Does the strategy reinforce existing brand attributes?
  • What new and valuable brand attributes might it create?
  • Would the strategy be difficult for competitors to imitate?

The next area is stakeholder acceptance. This is more than simply responding because the law says we must do so. There is one major driver of negative reaction for stakeholders around a company’s ethics and compliance program. It is where there is inconsistency between word and deed. Quite simply if you talk the talk, you must walk the walk. If there are inconsistencies in the two, they should be quickly addressed and resolved.

The article ends with four prescriptions which I believe translate well for the compliance practitioner going forward to help inculcate ethics and compliance into your company’s brand. The first is to generate resources for ethics and compliance. This means you should pair your compliance regime to other corporate functions to increase resources. For example, use Human Resources (HR) for touchpoints on compliance throughout the lifecycle of employee involvement with your company. But also partner with such other functions for technological solutions which benefit the company.

Second, use your ethics and compliance program as a way to do business differently. This was an original goal of the drafters of the FCPA, to provide US businesses with a reason (and excuse) not to pay bribes. Here you can take your company’s words, deeds and actions a step further by engaging in ethical and compliance behavior through all of its dealings. People will notice and it will make a difference. Next, get the word out about your ethics and compliance programs. One of the most powerful ways is to apply for Ethisphere’s World’s Most Ethical Companies designation. This can be an influential way to get the word out about your company’s program.

Finally, constantly work to upgrade your ethics and compliance program through continuous improvement. This is a by-word from the regulators but it also allows your organization to face new business opportunities in a more agile, more nimble manner going forward. Both greater opportunities and greater rewards can come through continuous improvement and innovation in your compliance regime.

Competing on your company’s ethics and compliance program requires buy-in from the company, the stakeholders, your partners and your customer base. However, the potential benefits are great and well worth the effort for your brand going forward.


This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017