I just delivered to LexisNexis the edits for the next edition of The Compliance Handbook, the single definitive one author volume on the design, creation, implementation and enhancement of a best practices compliance program. It will appear later in 2022. One thing that struck me in updating this seminal work is the innovation that has occurred and continues to drive the compliance profession. In addition to the evolution of the Department of Justice (DOJ) in its thinking about what constitutes a best practices compliance, the tools and strategies used by compliance professionals continues to evolve through innovation. I decided it was time to have another Innovation in Compliance Week to look at some of the newest business strategies which can be applied by the compliance profession to corporate compliance programs. My inspiration comes from MIT Sloan Management Review Winter Edition. Today, I want to consider platforms for compliance ecosystems.
In Setting the Rules of the Road, authors Ulrich Pidun, Martin Reeves, and Niklas Knust posited that putting the right rules in place to orchestrate a platform that creates value for all stakeholders is critical to help in an overall approach to manage risk. I have used their article as a starting point to look at the enhancement of compliance ecosystems.
What is a Compliance Ecosystem?
If you have ever sat in the Chief Compliance Officer (CCO) chair you know that your life is constantly juggling multiple balls in the air at once. Perhaps my favorite metaphor is fixing or even swapping out jet engines while flying at 400 MHP at 35,000 ft. Moreover, in the corporate world think about all the other disciplines compliance touches or should touch. For instance, how many touch points are the in the Human Resources (HR) sphere around compliance? I submit there are client touchpoints at each step the HR lifecycle of employment for any person in any organization. The same is true for the entire sales cycle and the procurement cycle. Compliance should work in each of those ecosystems to operationalize compliance more fully by adding value through increased business efficiencies, not bureaucratic burdens.
There is another way that this ecosystem approach can make your compliance program more effective. Think about the third parties your company has on both the sales and supply chain side. If you could work to create a closer ecosystem with those stakeholders from the compliance perspective, it would not only make the business relationship stronger but also make the entire business process more efficient.
Compliance has undergone a paradigm shift as a result of technological and digital innovation. CCOs who cannot interpret the data from their own systems will likely find themselves consigned to the dustbin of corporate luddites. Compliance will be moving into a new era of collaboration and connection to more fully operationalize compliance to make all business stakeholders more efficient and, at the end of the day, more profitable.
The authors found that many ecosystem failures stem from their governance models; that is, “the explicit and/or implicit structures, rules, and practices that frame and direct the behavior and interplay of ecosystem” stakeholders. The authors noted a variety of reasons for these failures including conflicts among ecosystem partners, backlash from internal stakeholders or government regulators are other indicators of governance flaws that can bring down an ecosystem. The key for CCOs in trying to establish compliance ecosystems is to “understand the components of a comprehensive governance model and glean insights from ecosystem successes and failures can make more informed and explicit governance decisions.” As the authors note, in doing so, CCOs can “improve the odds that their” compliance ecosystems will survive and prosper over the long term.
Compliance Ecosystem Framework
Good governance supports a compliance ecosystem’s ability to create value, manage risk, and optimize both efficiency and return among its stakeholders. To lead in support of these ends and capture a competitive advantage, CCOs must systematically think through and actively design what the authors denote as five elements of an ecosystem governance model. I have adapted their framework for a corporate compliance program.
Mission. There must be engagement so there is a strong sense of shared mission to keep compliance ecosystem partners moving forward. CCOs should identify a clear and distinctive compliance purpose early in the ecosystem “development and anchor it in a well-articulated set of values can motivate and align partners, particularly when this involves solving a significant problem or making an important contribution to society.” This can also “encourage desirable behaviors without undue reliance on complex rules and written standards.”
Access. CCOs should begin with stakeholders who agree to certain standards and behaviors regarding the compliance ecosystem. “The rules governing access also can help determine partner commitment by requiring an investment or offering an incentive for joining the ecosystem and/or defining the level of exclusivity that partners must provide to the ecosystem.” This investment can be with people or time but investment + engagement means increased buy in.
Participation. “The degree to which partners are invited to contribute to the formulation of ecosystem governance and strategy over time. It also includes the rules for conflict resolution among ecosystem stakeholders.” Some type of Fair Process Doctrine is critical here as “stakeholders need a clear view into the rules and strategy of a [compliance] ecosystem to actively participate in it and determine their own strategies”. Through stakeholder engagement and participation “governance and strategy can bolster their commitment and willingness to invest resources in an ecosystem.”
Conduct. This component of the framework is more technical as your compliance ecosystem should have a strong tech element. This allows CCOs to “directly influence the behavior of participants in their ecosystem using input control, process control, and output control. Input control, which is often automated using application programming interfaces (APIs) or integrated development environments, specifies the requirements for the partners’ contributions to the ecosystem, including standards and instruments of quality control and the approval of new contributions.”
Sharing. The final building block of ecosystem governance defines the data and property rights of stakeholders. The authors note, “data and property rights regulate ownership and use of the data and intellectual property that are contributed to — or created within — the [compliance] ecosystem.” This can work to allow a wide variety of outcomes across disparate business lines or units, geo-regions or service/product offerings.
Join us tomorrow where I will employ these elements to counsel four foundational recommendations that can guide CCOs in developing and leading a compliance ecosystem.