The leadership lessons from the race to the South Pole renewed my interest in leadership for the compliance practitioner. In a New York Times (NYT) article, entitled “Lincoln’s School of Management”, Nancy F. Koehn, a historian at the Harvard School of Business, wrote about Lincoln’s experience in drafting and issuing the Emancipation Proclamation as “one of the best ways to appreciate his strengths as a leader.” I found that Koehn’s article was relevant to the Chief Compliance Officer (CCO) and compliance practitioner as they tackle the job of instituting or maintaining a culture of ethics and compliance throughout an organization.

Stay True to Your Compliance Vision

During the initial period of the Civil War, when the Union suffered a series of military defeats at Bull Run and particularly in the Seven Days’ Battles, Lincoln described his state “as nearly inconsolable as I could be and live.” Nevertheless, Lincoln persevered throughout these dark times due to his “resilience and commitment to preserve the Union.” From this, Koehn believes that business leaders must have the “ability to experience negative emotions without falling through the floorboards.” This can certainly be true in the compliance world. Just as Lincoln’s deep faith nurtured his vision, the CCO or compliance practitioner needs to stay true to their vision of compliance and ethics for their company.

Gather Information from a Wide Range of People

One of the things that Lincoln was good at was “how he gathered advice and information from a wide range of people, including those who did not agree with him. This is important in building a business because you have to listen to customers, employees, suppliers and investors, including those who are critical of what you are doing.” The compliance practice is one business area where there are no trade secrets on how to operate. There may be specific issues relating to investigations or similar areas but generally most CCOs and compliance practitioners can find information about the evolving world of best practices from other CCOs and compliance practitioners. Of course there is a wealth of written information available as well. But beyond other CCOs and compliance practitioners, there is information available from the business folks in a company. Just because a business person pushes back on some compliance mandate does not mean they are wrong. Just as Lincoln took advice from those who did not always agree with him, a CCO or compliance practitioner should consider the input that they receive from outside the compliance department.

The Ability to Shift Gears

Koehn wrote that “Lincoln’s ability to shift gears during hard times — without giving up his ultimate goal — is a vital lesson for leaders operating in today’s turbulence. When I teach the case, many executives comment on the importance of shaping one’s tactics to changing circumstances.” Lincoln began drafting the Emancipation Proclamation in late June or early July of 1863. He initially told his Cabinet that he would release it on January 1, 1863. Secretary of State William Seward suggested that the President wait for a Union victory before issuing the Proclamation, “lest it seem the last measure of an exhausted government, a cry for help” to which Lincoln agreed. But after the Union victory at Antietam, Lincoln made the Proclamation public. This dramatically changed the nature of the war from one to save the Union to create a new United States to “one in which slavery was permanently abolished.”

I think that the message for the CCO or compliance practitioner is that you have to be ready to shift gears. One of the frustrations in the compliance practice is that things are constantly in motion if not in flux. But if your commitment to ethics and compliance is the underlying basis of your position, that can be your driving force. As with Lincoln you must communicate your commitment to this larger purpose of doing business with compliance and ethics.

Think Before You Mail the Letter or Hit the Send Button

Koehn told the story of Lincoln’s great disappointment after the Battle of Gettysburg when the victorious Union General, George C. Meade, did not follow after the defeated Confederate Army of General Robert E. Lee. Lincoln wrote a letter to Meade expressing his dissatisfaction for Meade’s failure to follow up his victory. Lincoln wrote, “Lee was within your easy grasp, and to have closed upon him would, in connection with our other late successes, have ended the war.” He added: “Your golden opportunity is gone, and I am distressed immeasurably because of it.” But Lincoln did not send the letter. Indeed, “he placed it in an envelope labeled “To Gen. Meade, never sent or signed.” Koehn wrote “Imagine if e-mail had existed in Lincoln’s time and he had hit ‘send’ because he was distressed. The course of history might have taken a very different turn.”

This lesson is forbearance. With the instantaneous ability to communicate around the clock the CCO or compliance practitioner needs to consider the effect of their communications. Here I am not talking about stupid emails, although care should be taken not to engage in that FUBAR as well, but just as with Lincoln, a CCO or compliance practitioner needs to face “the challenge of navigating their own and others’ emotions with forethought and consideration.” Sometimes, “the first action that comes to mind is not always the wisest.”

Communicating with Stakeholders

Koehn used the Gettysburg Address as a starting point for a discussion of the need for a CCO or compliance practitioner to communicate. If you desire to make a transformational change, you must communicate with your stakeholders. One thing that Lincoln assuredly did not do was lock himself in an ivory tower or the White House. Lincoln “traveled to battlefields to visit Union troops, and he held open “office” hours in the White House to receive interested citizens — and their countless requests.” Anyone who saw the movie “Lincoln” will remember the scene where he visited Union troops at a hospital, many of whom had lost their limbs in battle. I think that Koehn’s point is that he communicated his vision of what they were sacrificing for the War effort.

This point is absolutely critical for the CCO or compliance practitioner, you have got to put boots on the ground. Sitting in your office and doing the day-to-day work of compliance is simply not enough. First of all, your employee base will appreciate you much more if you get out into the field and will also communicate with you in a much more open manner. But, as important as the above are, this allows you to communicate your vision of doing business with ethics and compliance. This simply cannot be done from your home or corporate office. You must sell your vision to each and every stakeholder in your company.

Leadership Backbone

Koehn found that one of the things that business executives pointed to in any study of Lincoln as a leader was the “strength that Lincoln found to bear the death and destruction of the war and to weather intense opposition and still not relinquish his mission. If there is one point when Lincoln discovered his own leadership backbone, it was surely in conceiving and issuing the Emancipation Proclamation and then committing himself and the country to its broader consequences.” It is important to rise to a challenge if one appears while you are on the watch. Another point Koehn stressed is that the leadership skills Lincoln showed demonstrated that it is the responsibility of a leader “to serve all of the people, and not just one’s self-interest. Lincoln knew that success is best when shared.”

For the CCO or compliance practitioner I think that these points bring up a dichotomy that you must deal with quite often. Sometimes you must say No. You must stand up and tell the business people that you are not doing that deal; you are not flying government officials and their wives to the US in business class or whatever the business guys want to do that violates the Foreign Corrupt Practices Act (FCPA). However, sometimes it is important to understand that you work for a company which is in business to make money. As a CCO or compliance practitioner you can use creative lawyering to satisfy the needs of the business without violating the FCPA.

Koehn ends her piece with “Lincoln was able to learn and grow amid great calamity. His story, like no other, demonstrates that leaders do not just make the moment; they meet it and, in the process, are changed by it.” I think that the same can be true for any CCO or compliance practitioner. You need to be able to learn and grow to do your job. I hope that your tenure will not be so calamitous as Lincoln’s but his leadership lessons should be guideposts and inspirations to anyone with a difficult job that must listen to a multiplicity of voices.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2018

Vince Walden is a partner at Ernst & Young, and he’s passionate about anti-fraud, anti-corruption and compliance-related analytics and innovations. Today, Vince and Tom talk about some of the innovative strategies he’s developing for General Electric. From training and retention to automation and relevance, accurately observing behavior through data analytics is the key to compliance.

  • Compliance officers often struggle with training. Often, training sessions are top of mind for a few days, but as time passes, so too does the knowledge. In working with GE, Vince is addressing the problem using analytics and timely training rather than ‘check the box’ sessions. Learn what the Digital Twin is, and how it’s used in compliance.
  • In his magazine article, Vince went into detail about pilot scope. He talks us through the diagram in his article, an excellent visual aid of the digital-twin compliance model and pilot strategy. See the diagram here while you listen along. Rather than trying to boil the ocean, Vince talks about a small, high risk group of people, but rather than pulling single expenses, they identified 34 risk triggers. What he found might surprise you.
  • With his new, innovative framework, Vince was able to draw some striking insights about behavior. He mentions the concept of air. The communication should be automated, but it must be intriguing and relevant. A – automatic. I – intriguing. R – relevant. He goes into more detail about this method of looking at behavior and how it can be applied to just about any compliance program. This includes accurate risk scores.
  • Having great training delivered via automation isn’t enough. It requires feedback from the employee, and constant tending, tweaking, and refining that reflect the feedback. Vince and Tom discuss how the human element remains prominent in technological innovation. More importantly, you have to be training and solving for the right business problems.
  • So often, all the dashboards and reports never leave the compliance office. So Vince asked the question: why aren’t we taking this out in the field? He calls it Compliance 2.0, and his innovative ideas are making waves and increasing employee investment in the program.
  • Vince shares his final thoughts: Digital transformation is alive and well in the risk functions of the business as well. It’s not just a topic for marketing, manufacturing, or operations. Embracing that fact can increase compliance effectiveness and advance the integrity agenda of any organization.

If you want to stay up to date on the newest innovations coming to compliance, make sure to subscribe to the show, and if you like what you hear, leave a rating and a review.


As the Compliance Evangelist, one of the most exciting things about practicing in the compliance space is the continual innovation I have seen since 2007. All parties to compliance, the regulators, corporations, services providers and vendors, continually innovate. Everyone has a role in this innovation process. Compliance itself has moved from a largely paper program, written by lawyers, to a dynamic program which no longer is reactive in a detection mode but has moved from preventative to prescriptive to a business process which helps companies run more efficiently and at the end of the day, more profitably. Today, I strive to enhance this process by premiering a new podcast Innovation in Compliance. 

Let’s begin by considering the starting point, which is an innovation strategy. In the some of the most recent Deferred Prosecution Agreements (DPAs) and Non-Prosecution Agreements (NPAs) issued by the Department of Justice (DOJ) they all include an element along the following strictures:

The Company will conduct periodic reviews and testing of its anti-corruption compliance code, policies, and procedures designed to evaluate and improve their effectiveness in preventing and detecting violations of anti-corruption laws and the Company’s anti-corruption code, policies, and procedures, taking into account relevant developments in the field and evolving international and industry standards.

This means that the DOJ expects innovation in your compliance program to keep up with evolving international and industry standards. This requires you to implement an innovation strategy.

All of this means you should begin with an innovation strategy for your compliance program. While many in the compliance profession find innovation to be a continual frustrating pursuit; for a compliance professional to remain relevant, they must be able to lay out an innovation strategy for compliance that details the efforts that will support the overall business strategy. This means creating an innovation strategy that will create value for customers of compliance (i.e., employees), third parties, and the customer; show how the company will capture that compliance value going forward; and finally, which types of compliance innovation to pursue.

Today I am extremely pleased to announce the premier of a new podcast Innovation in Compliance. This new podcast series will be dedicated to exploring the multiple ways in which all participants in the compliance space can innovate. This is the podcast that will help you to meet the challenge of how to and what to innovative with in your compliance program.

In my premier episode, I visit with Vince Walden, a partner at Ernst & Young (EY), who detailed how he and his EY Fraud Investigation & Dispute Services (FIDS) colleagues worked in conjunction with the General Electric (GE) compliance function to improve compliance by using forensic data analytics to provide behavioral insights to their compliance program to create what they called “the profit and loss of one”. They did this through the innovative use of “digital twins” typically considered a manufacturing idea which EY and GE turned into digital replicas compliance risks.

In subsequent episodes, I will visit with Ben Locwin on the innovative uses of big data and small data in a compliance program; David McLaughlin on the use of Artificial Intelligence (AI) to facilitate a compliance program; James Gellert on innovative business solutions for third-party risk management and Jonathan Marks on the innovation of the fraud pentagon, which has helped evolve fraud detection and prevention from the fraud triangle.

If you have a good innovation strategy for your compliance program, it can promote alignment among diverse groups in a company, help to clarify objectives and priorities and guide your focus on those objectives. It can also be modified as necessary and with sufficient feedback.

There are several questions you need to consider in connecting innovation to strategy which we will explore throughout this podcast series; including such issues as: how will innovation create value for the customers of compliance; i.e. your employees and relevant third parties? How can innovation make compliance faster, easier, quicker, nimbler? What is the value of such a creation going forward? Focus on that creation of value going forward. Finally, how can the compliance function capture a share of the value its innovations generate? Obviously senior management has a key role around innovation in compliance, as innovation can be driven downward or backward if there is not sufficient management support so we consider questions around senior management and Board of Directors role in innovation.

As the founder of the only podcast network in this realm, the Compliance Podcast Network, I am continually striving to bring the best, most informative and most useful information to the compliance practitioner and the compliance profession. I am very excited to premier this new podcast series Innovation in Compliance for the compliance community. I know it will lead to many discussions of where the compliance profession is going and how we may get there. I will also have extra items available for all subscribers in the form of white papers and other deliverables which you can use going forward in your compliance practice.

Innovation in Compliance will be available on a wide variety of platforms including iTunes, Libsyn, JDSupra and my own website, FCPA Compliance Report. The premier episode is available here.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2018


Brainstorming can be a useful and indeed powerful tool in the business world. In my corporate career I participated in several large brainstorming sessions to help develop or focus on new product or service initiatives. Typically we were brainstorming for answers. Yet I recently read an article in the Harvard Business Review (HBR), entitled “Better Brainstorming”, by Hal Gregersen who posited that the way to achieve better brainstorming sessions is not by focusing on the answers but by brainstorming for questions. He believes that by doing so, “you can create a safer space for deeper exploration and more powerful problem solving.”

Brainstorming is a way to obtain new perspectives and insights into issues. Gregersen has come up with a brainstorming process he calls “question burst”. It is something that should be in the toolkit of every Chief Compliance Officer (CCO) and compliance practitioner. He laid out three parameters he has observed in successful application of this technique.

Set the Stage

You should begin with an issue that is both deeply challenging to an organization and one that motivates your workforce as well. Your brainstorming group should include your company’s compliance professionals, senior management and a “few people to help you consider the challenge from fresh angles.” Gregersen noted, “It’s best to include two or three people who have no direct experience with the problem and whose cognitive style or worldview is starkly different from yours.” Here you might consider an engineer or other professional discipline not rooted in the study of law or other humanities.

After you have selected and gathered your group, you should dedicate only a few minutes to setting out the problem or issue. This is because by sharing in such a format, you are required to give only a high-level view that does not constrain or direct the questioning which will follow. You should also detail two critical rules for the brainstorming session. The first is that only questions can be contributed, no solutions allowed. The second is that there can be no framing or justifying the questions, as that tends to guide the listener to “see the problem in a certain way.”

Brainstorming the Questions

Gregersen noted there will be a tendency for senior leaders to offer solutions, largely to display their own knowledge or gravitas. Conversely as often times for senior managers not have to a ready answer is seen an embarrassing weakness in the corporate world. To overcome this bias, he suggests starting off with a roar, four minutes to generate 15 questions and the more provocative the question the better. This part of the brainstorming is designed to focus on quantity of questions. It leads to more questions “unburdened by qualifications and assumptions” and will enhance the creative output. You must take down the questions without editorial comment, so you can capture all the questions accurately.

After you have run through this quick process, Gregersen suggests doing a quick “emotional check”. The leader should determine how they might feel about the questions as well as asking those in the group. Try to assess if both you and the group are feeling more positive than when you started. If not, try the same exercise again, either that day or soon thereafter. Gregersen ended this section with “part of the power of the question burst lies in its ability to alter a person’s view of the challenge, by dislodging—for most—the feeling of being stuck.”

Identify a Question and Commit to it

As the leader, you should then study the questions from several approaches. This is important as by doing so will help you to understand which question(s) may help you to reframe the problem or issue at hand. First you should consider taking the key questions you have selected and expanding them into a further subset. Interestingly, the author pointed to the Toyoda method or “five whys” approach where you would take a question and then ask ‘why’ it seemed important or meaningful. Gregersen noted that by doing so you would obtain “a better understanding why a question really matters and what obstacles you might face in addressing it”. Such an approach could even work to “deepen your resolve and ability to do something about it”. Finally it could “broaden the territory of possible solutions.”

You should then commit to “pursuing at least one new pathway you’ve glimpsed—and do so as a truth seeker.” To do so, you may have to set aside “considerations of what might be more comfortable to conclude or easier to implement” and move towards getting the job done. Determine what it will take to provide a solution and set forth an action plan, detailing the steps you will to find potential solutions to as suggested by the questions.

The process, which Gregersen lays out, “makes it easier to push past cognitive biases and venture into uncharted territory.” He suggests at least three rounds of the question burst process for a given problem or issue. However the more deeply you delve into an issue, the deeper your thinking will evolve. Another key to remember is the cost of all this. Your time investment and those of your question burst team are minimal; after all it is only three 15-minute sessions that the team is committing to be involved in. If you are in an economic downturn or other situation where you cannot bring a high-priced consultant, this could be a very cost effective approach to a new set of solutions.

Gregersen concludes his piece with some words on accountability. You as the leader must hold yourself accountable for following up and further using the insights and ideas to help resolve the issue or problem from which you originally sought guidance. Senior managers also have an important role to make sure people feel like they can ask questions and then allow persons to craft a solution to the problems.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2018

March Madness is upon us, with the first ever #16 knocking off a Number 1 see. In the midst of this true madness, Jay Rosen and myself take a look at some of the top compliance stories over the past week.

  1. March Madness is here. So is corruption in NCAA basketball. Tom considers both stories in Compliance Week.
  2. Former FCPA Unit Head Chuck Duross says that self-reporting is still “probably not worth it”. See article in GIR (sub req’d)
  3. Elizabeth Holmes and Theranos were engaged in massive, years long fraud. She is fined, must return her Theranos stock and is banned from running public companies for 10 years. Sam Rubenfeld reports in the WSJ Risk and Compliance Journal. See SEC Complaint for full details.
  4. What are some of the compliance lessons to be learned from the Novartis journey? Jaclyn Jaeger considers them in Compliance Week. (Sub req’d)
  5. First DPA granted under new French anti-corruption law, Sapin II. See article in NYU Compliance and Enforcement Blog.
  6. SFO Director David Green pushed back on the myth that DPAs are sweetheart deals in the FCPA Blog.
  7. Are corporate monitorships on their way out? Adam Dobrik reports in GIR (Sub req’d)
  8. The Trace Global Enforcement Report is out.
  9. On Tuesday, March 20, Tom will premier an exciting new podcast Innovation in Compliance. It is available on the FCPA Compliance Report, iTunes, Libsyn, YouTube and JDSupra.
  10. Tom announces presales of his next book, the Complete Compliance Handbook, which will be published by Compliance Week in April 2018. It is available for PreSale here.
  11. Jonathan Armstrong will be in Houston on April 10 to put on a half-day GDPR workshop. You can find out more and register at the Greater Houston Business and Ethics Roundtable website, org.

For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit this month’s sponsor Affiliated Monitors at