StrategyOne thing that is often difficult for Chief Compliance Officers (CCOs) is to look at compliance strategy rather than the tactical aspects of compliance. This is because it is usually the day-to-day aspects of doing compliance that are your full time job. However, the more you can think strategically about your compliance program the more you and your company will benefit going forward. I thought about this as I read an article in the MIT Sloan Management Review, entitled “Mastering Strategy”, where editorial director Martha Mangelsdorf spoke with David Yoffie and Michael A. Cusumano who recently released a book entitled “Strategy Rules: Timeless Lessons From Bill Gates, Andy Grove and Steve Jobs. These men headed Microsoft, Intel and Apple, respectively.

One of the more interesting initial observations was “that strategic thinking is a capability that leaders develop over time — and that these executives, whom we know as having made some great decisions, didn’t necessarily start off as such accomplished strategists.” Grove began as a scientist, working in a laboratory, then moved into operations and became Intel’s Chief Executive Officer (CEO). The authors viewed Gates as a natural strategist, yet he learned about “execution and organization. He learned he couldn’t personally run whole areas of the company.” The authors viewed Jobs as having “great product instincts, but he had to learn to master strategy in a high tech world.”

The meat of the book is five important strategic lessons the authors learned from studying these individuals. I will use them as a jumping off point for their application for the CCO or compliance practitioner.

Strategy Rule #1: Look Forward, Reason Back

As a lawyer, I certainly understand studying the past to try and learn about the future or at least prevent the mistakes of the past. However the authors believe, “real strategists are like great chess players or great game theorists: They need to think several steps ahead towards the end of the game and then reason back to what that means about what they need to do today. As a strategist, you need to think about where you want your business to be two, three, five, seven years down the road and then figure out what are the priorities and boundaries of what you need to do as a company today to get there.”

Stephen Martin, now a partner at Arnold & Porter LLP, often talks about having a 1-3-5 year compliance strategic plan. He says this gives you a guidepost to aim for and a track record for documentation purposes. Martin believes this is a disciplined way of thinking through both several steps ahead and what they might mean for the company.

Strategy Rule #2: Make Big Bets, Without Betting the Company

The authors note that all three executives made “big bets, but they never really bet the company.” For the CCO or compliance practitioner, the corollary is that with an effective compliance program the business can move very fast and take risks it might not otherwise be able to do so safely. I once heard former Citibank CEO John Reed say the reason you have brakes on a car is so you can go fast, not simply to slow the car down. This is what compliance can provide if you not only think strategically but also manage your compliance program thoroughly.

Strategy Rule #3: Build Platforms and Ecosystems – Not Just Products

For the CCO or compliance practitioner, I can think of no better example here than to cite to Jon Rydberg, head of Orchid Advisers, and his innovations around the term Compliance Ecosystem. Rydberg developed a lifecycle of compliance around the integration of written policies and procedures, personnel and technologies. While this sounds close to a formulation such as the Ten Hallmarks of an Effective Compliance Program, Rydberg takes the concept into the realm of strategic thinking by demonstrating that by putting an entire ecosystem in place, a company could move towards replicating each step in the process without reinventing the wheel or with additional costs. The authors point to Gates who understood that a computer was a platform and Microsoft operating system was the key element of that platform.

The Volkswagen (VW) emissions-testing scandal is the most current example I can posit where if an effective compliance program had been in place it may well have helped to prevent, detect and remediate the issues, which came before the company. However, for any competitor, compliance would have been required to demonstrate, with transparency, compliance with applicable laws. That is using compliance strategically.

Strategy Rule #4: Exploit Leverage and Power – Play Judo and Sumo

I found this rule quite interesting as it might apply to the compliance arena. The authors noted, “If you’re going to be a great strategist, you’ve got to be able to execute at the tactical level. The things that you do every day, day-to-day with your customers, with your competitors, and with your partners become critical in your ability to execute your longer-term strategy.” For the CCO or compliance practitioner I think this translates into the requirement that you deliver on the tactical or day-to-day slogging of compliance. You have to work to put the written Code of Conduct, policies and procedures in place, train on them and monitor them going forward. This allows you to have the ability to move forward strategically because you will have the strength of credibility.

Strategy Rule #5: Shape the Organization Around Your Personal Anchor

Here the authors noted a distinct paradox, “You want to dive deep into the things you’re really good at, but at the same time stay at a high level and always keep the big picture in mind. You have to know yourself, know what you are good at, and know your weak spots. It doesn’t matter whether you’re an entrepreneur or running a $50 billion company; the key thing is figuring out how to compensate for your weaknesses in order to make the organization execute effectively. We think that’s true regardless of company size; any CEO has to do that. In the case of Grove and Gates, they knew very early on in their careers what they were good at and what they weren’t; their crisp execution depended on finding ways to get the right people around them to compensate for areas that weren’t their personal strengths.”

For many CCOs or compliance practitioners who came to the role from the in-house legal department or with a legal training this is particularly true. The legal department is more generally focused on protecting the company. The compliance department is more generally focused on preventing, finding and fixing problems. Second is the use of technology and more particularly data analytics. When asked about COSO 2013 Framework and its application, you cannot simply point down the hall and say something like “I am a lawyer, those people in internal audit use COSO, not me.” If you cannot or do not work well with numbers, pair up with someone in your organization or company who does work well with numbers. Usually that is finance, internal audit or some other corporate discipline. The same is true for the COSO Framework.

Last week, I wrote that management≠leadership. One of the other key differences is that managing is about executing tactical concerns. Leadership is more about strategy. As you move to leadership in your compliance function, these lessons on strategy from some very good leaders over the past 25 years are excellent guideposts for you to incorporate into your skill set.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Live at LeedsOn the 14th February 1970 The Who recorded what I consider to be the best, or at the very least my favorite, live album of all-time. They recorded their concert at the University of Leeds and the resulting album was named The Who – Live at Leeds. The accolades were almost immediate; Nik Cohn, music critic for The New York Times (NYT), praised the album as “the definitive hard-rock holocaust” and “the best live rock album ever made”. Jonathan Eisen, from Circus Magazine, wrote “that not since that album [Tommy] has there been one “quite so incredibly heavy, so inspired with the kind of kinetic energy that the Who have managed to harness” here.”

The album has stood the test of time. Writing for the CD reissue in 1995, Tom Sinclair, of Entertainment Weekly, noted, “Few bands ever moved a mountain of sound around with this much dexterity and power.” If you really want to feel the clout of rock and roll, by a band at the height of powers, simply fire up side 2 for Magic Bus and My Generation. 

Recording any concert and releasing it as a live album is always a risk because of the vagaries of live recording, outside the studio setting. However The Who planned to release the concert recording as a live album. This decision enabled the group to bring together the proper technology to create the great concert experience which was The Who.

Similarly, moving from the written standards of compliance into the realm of doing compliance can also be fraught with difficulties. I thought about this quandary when reading a recent article in the MIT Sloan Management Review, entitled “Getting Workplace Safety Right by Mark Pagell, Anthony Veltri and David Johnson. The authors basic thesis is that companies get safety wrong because they equate doing business safely with a loss in productivity. This is often heard in the compliance realm as well, usually along the lines that doing business in compliance with anti-corruption laws such as the Foreign Corrupt Practices Act (FCPA) costs companies not only doing business efficiency but costs companies business. As the authors note, this is a “false trade-off”. I have adapted their ideas around safety for the Chief Compliance Officer (CCO) or compliance practitioner.

The lion’s share of companies the authors studied can be summed up with the following unattributed quote, “There are times, of course, when certain things get tweaked to get results.” That sounds like the statement of business development that wants to get things done rather than do business in compliance. The starting point for education is that any company must emphasize compliance as a “defining value of the organization.” It does not do any good for a company to have a compliance program in place only to have senior management exempt out a transaction the first time a difficult choice comes up.

In the arena of compliance, similarly to the sphere of safety, the answer is to wed a culture and organizational capability around compliance. Do not segregate it but embed it into your organizational processes through a monitoring system with five qualities: “(1) contributing to a process for concurrently monitoring and improving safety and production; (2) identifying who is accountable for the monitoring and improvement; (3) directing the design of work that is [complaint] and productive; (4) facilitating communication between management and [employees]; and (5) informing human resources decisions about compensation, hiring, firing, and promotion” related to compliance issues.

In addition to the foregoing, there are four essential cultural values around compliance. They are (1) commitment, (2) discipline, (3) prevention and (4) participation.

Commitment

Almost all companies claim they are committed to doing business ethically and in compliance. The issue is really where compliance ranks among a plethora of priorities. If systems are sometimes tweaked to get work done, then compliance is clearly a priority only when it does not affect sales production. But as noted by the new Department of Justice (DOJ) Compliance Counsel, Hui Chen, commitment is also shown in the budgeting and resource process. Moreover, actions speak louder than words as a company’s HR decisions must prioritize, recognize, and reward both employees and managers who show accountability to compliance in their communications and behaviors.

Discipline

Of course it all starts with the Fair Process Doctrine. There must be a formal process in place so that everyone understands if they violate the company Code of Conduct or do business in violation of the FCPA, there will be even handed discipline put in place. Managers who hold employees accountable to formal processes are willing to discipline employees for deviation from the stated policy or procedure. In other words, if you violate a rule, you might lose pay, get sent home, or get demoted. In such organizations, when HR conducts performance reviews, doing business in compliance is a key performance indicator.

Prevention

Whether you use the FCPA Guidance formulation of prevent, detect and remediate; McNulty’s Maxim No. 1 – What did you do to stop it?, or some other formulation, you must have a strong prevent prong in your compliance regime. Companies simply cannot sit around waiting for a violation to occur and hope that either they will not get caught or they can remediate before any serious penalty is applied by the government. You need to have a long-term perspective and focus on both simultaneous and continuous improvement.

Participation

This means engagement of your employees in your compliance program. Companies that have moved compliance from simply a legal requirement to a capability are at a competitive advantage because they are better run companies. Ethisphere’s World’s Most Ethical Companies awards demonstrate this year after year. While certainly all employees should be responsible for compliance, it is also incumbent for a company to maintain an organizational wide accountability for compliance. But employees take their clues from management and if the compliance function is not part of the executive leadership function of the company or is provided with scant resources, employees will notice this and respond to what they perceive to be management’s priorities. Employees need to see the CCO, or compliance professional, out in the field, in training, in town halls with senior management or another mechanism to show that compliance has value for the company.

The concepts and acumens from the world of safety continue to provide insights for the CCO or compliance practitioner. Fostering the culture of compliance not only gives a company a business advantage, it makes a company a better-run organization.

While you are considering these points, you may wish to check out these YouTube postings of Magic Bus and My Generation from The Who – Live at Leeds.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2016

Social Media III. TwitterI continue my exploration of the use of social media in your Foreign Corrupt Practices Act (FCPA) compliance program today. One of the ways that Chief Compliance Officers (CCOs) and compliance practitioners can communicate about their compliance programs is through the use of the social media tool Twitter. In an article in the Summer issue of the MIT Sloan Management Review, entitled “How Twitter Users Can Generate Better Ideas”, authors Salvatore Parise, Eoin Whelan and Steve Todd postulated that “New research suggests that employees with a diverse Twitter network – one that exposes them to people and ideas they don’t already know – tend to generate better ideas.” Their research led them to three interesting findings: (1) “Overall, employees who used Twitter had better ideas than those who didn’t.”; (2) In particular, there was a link between the amount of diversity in employees’ “Twitter networks and the quality of their ideas.”; and (3) Twitter users who combined idea scouting and idea connecting were the most innovative.

I do not think the first point is too controversial or even insightful as it simply confirms that persons who tend have greater curiosity tend to be more innovative. The logic is fairly straightforward, as the authors note, “Good ideas emerge when new information received is combined with what a person already knows.” In today’s digitally connected world, the amount of information in almost any area is significant. What the authors were able to conclude is that through the use of Twitter, “the potential for accessing a divergent set of ideas is greater.”

However it was the third finding that I thought could positively impact the compliance profession, the role of the Idea Scout and the Idea Connector. An idea scout isan employee who looks outside the organization to bring in new ideas. An idea connector, meanwhile, is someone who can assimilate the external ideas and find opportunities within the organization to implement these new concepts.” For the compliance practitioner, the ability to “identify, assimilate and exploit new [compliance] ideas” is the key takeaway. However to improve your compliance innovation, “you need to maintain a diverse network while also developing your assimilation and exploitation skills.”

For the compliance practitioner, Twitter can be “described as a ‘gateway to solution options’ and a way to obtain different perspectives and to challenge one’s current thinking.” Interestingly the authors found that “It’s not the number of people you follow on Twitter that matters; it’s the diversity within your Twitter network.” The authors go on to state, “Diversity of employee’s Twitter network is conductive to innovation.” Typically an Idea Scout will “identify external ideas from experts and resources on Twitter.” Clearly the compliance practitioner can take advantage of experts with the anti-corruption compliance field but there is perhaps an equally rich source of innovation from those outside this arena.

An interesting approach was what the authors called the “breadcrumb” approach to finding innovation leaders and thought-provokers. It entailed a “period of “listening” to colleagues and industry leaders who are on the platform – including what they are tweeting about, who they are following and replying to on the platform, who is being retweeted often”. So with most good leadership techniques the first key is to listen.

Equally important to this Idea Scout is the Idea Connector, who is putting the disparate strands from Twitter’s 140 character tweets together. For the compliance function, this will be someone who identifies compliance best practices or other information from Twitter ideas, can then put them together and direct the information to the relevant company stakeholders. Finally, such a person can “Curate Twitter ideas and matches them with company resources needed to implement them.”

Here the authors listed a variety of ways an Idea Connector can use Twitter. One user said, “I try to sift through all the Twitter content from my network and look for trends and relationships between topics. I put my analysis and interpretation on it. I feel that’s where my value-add is.” Another method is to focus on analytics and one user “filtered specific subsets of the topic for different stakeholders” at his company. Another method was to create “social dashboards or company blogs based on the insight” received thought Twitter. Interesting, one of the key requirements for successfully mining Twitter was in finding ways to share its content “since many employees, especially baby-boomers don’t use the platform themselves.” Conversely by mining information from Twitter and presenting it, this can allow these ‘technologically challenged’ older employees to ascertain how they can target millennial’s.

But as much as these concepts can move a CCO or compliance practitioner to innovation in a compliance program, it can also foster additional information through the following of your own employees. It is well known that Twitter can facilitate greater communication to and between the compliance function and its customer base, aka the company employees. However the authors also point to the use of Twitter to enable this same type of innovation because it “is different than email and other forms of information sources in that it enables continuous engagement”.

Twitter was created to allow people to connect with one and other and communicate about their activities. However the marketing potential was immediately seen and used by many companies. Now a deeper understanding of its use and benefits has developed. For the compliance practitioner one thing you want to consider is to align your Twitter and great social media strategy with your compliance strategy; match your Twitter strategy to your compliance strategy.

Twitter can be powerful tool for the compliance practitioner. It is one of the only tools that can work both inbound for you to obtain information and insight and in an outbound manner as well; where you are able to communicate with your compliance customer base, your employees. You should work to incorporate one or more of the techniques listed herein to help you burn compliance into the DNA fabric of your organization.

Once again please remember that I am compiling a list of questions that you would like to be explored or answered on the use of social media in your compliance program. So if you have any questions email them to me, at tfox@tfoxlaw.com, and I will answer them within the next couple of weeks in my next Mailbag Episode on my podcast, The FCPA Compliance and Ethics Report.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

Eddie LeBaronToday we celebrate Eddie LeBaron, who died last week. LeBaron was a diminutive pro quarterback for 11 seasons in the National Football League (NFL) in the 1950s and 1960s. He was also a lawyer and decorated veteran, having been awarded the Bronze Star during the Korean Conflict. In his New York Times (NYT) obituary, Frank Litsky wrote “In a position where players are now routinely 6 feet 3 inches or taller, LeBaron was 5-foot-7, and his weight never reached 170 pounds. But he had no fear of scrambling.” LeBaron quarterbacked the Dallas Cowboys from 1960 to 1963, before handling the reins of Coach Tom Landry’s offense over to Don Meredith with his retirement. After his retirement he worked as a color analyst for CBS Sports, who covered the NFL in those days. One of the things that I remember from his commentary work was the need for planning in any game plan. It was one of the first things I recall learning about pro football.

One of the skills you may be called upon as a Chief Compliance Officer (CCO) or compliance practitioner is the initiation, integration or enhancement of a Foreign Corrupt Practices Act (FCPA) compliance solution into an organization. Most assuredly, one of the things that is not taught in law school or in any compliance course is project management. As CCO, you may either lead such a project on a day-to-day basis or you may take the role of project sponsor, while delegating the day-to-day running of the project to a compliance practitioner in your group.

I thought about this issue when reading a recent article in the MIT Sloan Management Review, entitled “How Executive Sponsors Influence Project Success”, by Timothy J. Kloppenborg and Debbie Tesch. In their article they note, “The role of a project sponsor is often overlooked. But for every stage of a project, there are key executive sponsor behaviors that can make the difference between success and failure.” I found their article has some excellent tips for the CCO or compliance practitioner who may be facing such a task. The authors break the project life cycle stage into four stages: (1) Initiating Stage; (2) Planning Stage; (3) Executing Stage; and (4) Closing Stage.

I.   Initiating Stage

In this stage there are three key activities that a sponsor should pursue. First, the sponsor needs to set the performance standards. This “can be accomplished in the project charter by stating goals about the project’s strategic value and how it will be measured.” But beyond the written details there must be a “clear understanding of expectations about performance” of which dialogue is critical. Second, the project sponsor must mentor the project manager, whose key responsibility is to explain, “how the project fits into the big picture, defining the performance standards and helping the project manager set priorities.” Finally, the project manager must establish the project priorities, with the “most compelling” questions being “what needs to happen first and how should conflicts by settled?”

II.  Planning Stage

In the Planning Stage the authors believe that there are two critical project sponsor behaviors. The first is to “ensure planning” activities are completed by providing “leadership so that the project manager and team can set goals that align with the vision and broader organizational goals. The second is to “develop productive relationships with stakeholders”. This means frequent meetings and communications. Interestingly, the project sponsor should not only see that “needs are identified and understood” but also make “sure that stakeholders’ emotional concerns are given adequate consideration.” Admittedly this is not something lawyers do particularly well but it is mandatory for the CCO or compliance professional.

III.  Executing Stage

In the Execution Stage the authors identify three elements. First the project sponsor must “ensure adequate and effective communication.” This means that regular communications must occur as the project progresses “to make sure that expectations are met.” However this may require the project sponsor to “stand ready to manage the organizational politics with internal and external stakeholders.” Second, a project sponsor must work to help “maintain relationships with stakeholders.” This element helps facilitate the project manager and project team communications noted in the first element. Here the project sponsor should be “open to direct feedback from team members” to ensure that expectations are met. Finally, the project sponsor should work to “ensure quality” by practicing “appropriate decision-making methods and work to resolve issues fairly.”

IV.  Closing Stage

Finally, in the Closing Stage the authors write that there are two elements that project sponsors should emphasize. The first is to “identify and capture lessons learned.” They should be properly “categorized, stored and distributed in such a manner that future project teams will be able to understand and capitalize on”. The second element is to “ensure that capabilities and benefits are realized.” Capabilities, the authors suggest, “could include employees becoming more committed and more capable”. Further, that processes are “more effective and efficient.” Benefits relates to “verifying that the deliverables that were specified at the beginning were actually provided, work correctly and satisfy customer needs.”

To the extent they know much about project management, most CCOs or compliance practitioners are aware of the “iron triangle” of factors to determine a project success. The authors define these as “cost, schedule and performance.” But the authors’ research has led them to conclude that for a project to be a success it must meet an organization’s expectations. The next evaluative point is did the project come in on time, within budget and to the project’s specifications? Finally, did the project succeed in bringing its touted positive benefits to the organization?

By using the steps the authors have outlined, a CCO can think through the organization and ongoing performance of a project to set it up for success. Equally importantly for the CCO, if the project management has been delegated to compliance team members or with other disciplines inside your organization, such as legal, internal audit, IT or human resources; the continued involvement of a CCO as the project sponsor can be key component. The authors posit, “for every project stage, there are success factors that project sponsors should consider” and that a CCO must engage in an ongoing and continual dialogue with the project manager. Finally, key lessons learned should be captured and used down the road to help facilitate other projects or issues as applicable.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2015

StrategyWhat is your company’s compliance strategy? By this I do not mean what is your company doing to put in a place a best practices anti-corruption compliance program that meets the requirement of the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. My inquiry goes both further and deeper. Has your company moved beyond the view that compliance with the FCPA is simply enough by incorporating compliance into your business strategy to secure a competitive advantage going forward? I thought about this issue when I read a recent article in the MIT Sloan Management Review, entitled “Finding the Right Corporate Legal Strategy”, by Robert C. Bird and David Orozco. While the authors posed the questions from the legal perspective, I found their insights equally valid from the compliance perspective.

While I am fairly certain that Chief Compliance Officers (CCOs) and compliance practitioners understand the need for the integration of compliance into the day-to-day business operations of a company, many business types still view compliance “as a constraint on managerial decisions, primarily perceiving” compliance as simply a cost. The authors believe that the more enlightened approach is for companies to use functions such as compliance “in order to secure long-term competitive advantage.” To do so the authors detailed five different legal strategies, which they call pathways, that companies might use that I will translate into compliance strategies. They are in ascending order of importance: (1) avoidance; (2) compliance; (3) prevention; (4) value and (5) transformation. The right strategy for your company will depend on a variety of factors such as maturity of your compliance function, commitment by senior management to compliance, your business model and the compliance function’s ability to collaborate with business managers.

Avoidance

This is the idiot response where a company either disregards anti-corruption laws such as the FCPA or UK Bribery Act or engages in willful blindness. Unfortunately, there are many major US and foreign corporations that have come to grief under the FCPA because they did not take some of the most basic steps to comply with these laws. It is largely because senior management believes that compliance provides “little concrete value, so they make no effort to” even acquiring knowledge in the area. Worse yet are companies who gain a modicum of knowledge about such anti-corruption laws “only so that they can circumvent it to achieve a desired objective.” The authors note that while “An avoidance strategy can sometimes be effective…it can also lead to disaster.” This lead to the compliance function and the CCO only being called in an emergency, after the conduct has occurred so that compliance is always in a reactionary mode.

Compliance

This pathway means complying with laws, not the compliance function itself. Under this pathway, “companies recognize that the law is an unwelcome but mandatory constraint on their activities.” So while following this strategy would allow a company to have subject matter expert (SME) practitioners in the field of compliance, it would exist only “so the business could operate within its legal bounds.” Under this pathway, companies still view compliance as a cost to be minimized. Moreover, anti-corruption laws such as the FCPA or UK Bribery Act are “viewed as primarily inflexible—externally imposed rules that cannot be changed or adapted to suit a particular corporate strategy.” This means that business managers will simply not understand that compliance can be used to further business goals. It also leads most business unit folks to believe that compliance is the Land of No and the CCO is in reality ‘Dr. No’ who is there “primarily as a watchdog that polices corporate conduct for illegal activity.”

Prevention 

Under the prevention pathway, senior management acknowledges that anti-corruption laws can be used as competitive advantage “to further well-defined business roles.” This means that the compliance is proactive rather than reactive. Senior managers understand how the law relates to their business areas “and they appreciate how it can be used to minimize particular business risks.” The compliance function “seeks partnerships with managers to help them achieve their risk-management goals.” This pathway has the added benefit that allows compliance practitioners to recognize the importance of measuring and quantifying compliance issues and data “as a part of a broader effort to support a business oriented strategy.” It also means that the compliance function is available to the business unit when the competitive landscape is “strategically assessed” by the business unit. This is more than simply having a seat at the table; it is being a part of and contributing to the commercial strategy.

Value

Companies operating in this pathway use compliance to “create tangible and identifiable value.” But to do so requires a true corporate commitment because business unit managers will need to have a strong understanding of anti-corruption compliance and how it can be tailored to generate value for the company. The CCO, and indeed the entire compliance function, must see itself “as a key stakeholder in helping the company to increase its return on investment” and should see itself in helping to create value for the company. Usually this comes about in two ways. The first is by using compliance to lower costs of doing business, particularly through third parties. Here you can think of reducing the number of vendors who perform the same services or provide the same products to you by appropriate management of your third party compliance program. The second way is by using compliance to increase revenues.

Transformation

In this final pathway, a company will incorporate compliance directly into its business model. While the authors note that few companies have been able to move this far in the legal arena, those who have done so possess a rare and valuable “capability that can provide a competitive advantage that is difficult for a business rival to imitate.” One of the keys to making this transformation is that not only is compliance integrated within “the company’s various value-chain activities; it is also linked with the value chains of important external partners as part of the larger business ecosystem.” This pathway is only available to companies with the most mature compliance function and most usually when compliance is combined with “the business model and core competencies of the company.”

Clearly there is no ‘one size fits all’ approach to compliance strategies. However if your compliance program has maturity and senior management can operate with their eyes open, they will see that while the first three strategies focus on managing risk, the final two are targeted towards generating business opportunities or least have compliance as a part of the team doing so. As compliance practitioners move into the CCO 2.0 role that I have advocated, these pathways can provide you with a tangible starting point to educate senior management on what compliance can bring to the (business) table.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014