This week, we are exploring the topic of Innovation in Compliance, through a week of considering  some of the newest business strategies which can be applied by the compliance profession to corporate compliance programs. My inspiration comes from MIT Sloan Management Review Winter Edition. In Setting the Rules of the Road, authors Ulrich Pidun, Martin Reeves, and Niklas Knust posited that putting the right rules in place to orchestrate a platform that creates value for all stakeholders is critical to help in an overall approach to manage risk. I have used their article as a starting point to look at the enhancement of compliance ecosystems. Yesterday we reviewed what is a compliance ecosystem and a framework for considering it. Today we conclude this topic by employing the elements of a framework to deploy four foundational recommendations which can guide Chief Compliance Officers (CCOs) in developing and leading a governance model for a compliance ecosystem.

1. Align your ecosystem’s governance model with its strategic priorities.

As with all compliance programs, the strategic priorities of your compliance ecosystem will vary by risks, risk management protocol and compliance program maturity. The authors point out that your compliance ecosystem growth, “can be fostered by lowering entry barriers, easing the controls on conduct, and/or offering a more generous distribution of [compliance] value.” Yet the “governance model can help orchestrators maintain the quality of an ecosystem’s offerings.”
If your overall strategic focus is on improving alignment among the stakeholders of a compliance  ecosystem, “the different dimensions of governance can help.” This can include “leveraging several governance dimensions: a common mission, strict technical guidelines and processes for conduct, and administrative decision rights that are assigned to specific users.” The authors conclude, “Nuanced choices regarding the dimensions of governance can help orchestrators simultaneously achieve conflicting objectives,” specifying that there can be low barrier access to the compliance ecosystem “while at the same time ensuring a high level of quality and consistency by centralizing decision rights and using extensive quality checks before approving newly developed apps for the platform.”

2. Use your governance model to stand apart.

Compliance ecosystem governance serves as a source of competitive advantage. As a CCO, you can develop different governance profiles to differentiate your compliance ecosystem. If your compliance ecosystem is relatively new, you can “adopt an open governance model to counter the network effects enjoyed by incumbents.” The authors caution that it may be an iterative process as your first attempt might not be embraced fully by all stakeholders.
Moreover, while competing ecosystems initially experiment with diverse governance models and use them for competitive differentiation, over time the more successful models eradicate the weaker ones. CCOs learn which governance work best for their organization but then such models may begin to converge. The authors observed, “If one ecosystem gains a competitive advantage by adapting its governance model, others may be forced to do the same to keep up.”

3. Use governance to ensure social acceptance.

Interestingly, what the authors observed in their study of business ecosystem governance was that good governance could lead to more social acceptance. Typically, in the compliance realm, it is the reverse; that is social acceptance by employees and other stakeholders leads to good governance. This dichotomy is worth exploring for the CCO.
Perhaps, not to surprisingly, the compliance ecosystem approach has not yet been fully embraced by the Department of Justice (DOJ) or Securities and Exchange Commission (SEC) most probably because it is still so cutting edge. However, as with all thing’s compliance, the key when the regulators come knocking is that you have Documented, Documented, and Documented your efforts in this area. But even beyond the regulatory review and enforcement arena, a lack of trust between the compliance function and stakeholders can lead to a compliance ecosystem failure.
Moreover, good governance is a prerequisite for building social capital and securing the social legitimacy required by a compliance ecosystem. The authors state, “the governance model must be designed to engender and maintain social acceptance, as well as legal compliance, over the long term and in the face of changing demands. Superior governance, understood in this way, must be consistent and fair.” This sounds precisely like what the DOJ mandated in the Update to the Evaluation of Corporate Compliance Programs as CCOs and the compliance function is now the guardian of institutional justice and institutional fairness. The authors take it a step further arguing, “Consistency means that the mechanisms of governance are transparent and easy to understand, comprehensive, internally consistent, and stable over time.” Finally, the authors believe, “Fairness means that governance complies with corporate policies and legal requirements, avoids biases and creates trust among employees and other stakeholders.”

4. Adapt your governance model over time.

The authors state, “Adaptability is a key strength of a successful ecosystem. Typically, this adaptability stems from a modular setup that features a stable core (or platform) and interfaces, with highly variable components that can be easily added or subtracted. This enables ecosystems to evolve along with changes in the competitive environment, the needs of orchestrators and participants, social mores, and technology. This same kind of adaptability must also be reflected in the governance model of an ecosystem.” I quote this statement in its entirety because it is a longer way of saying that continuous monitoring leads to continuous improvement. Your compliance program must evolve as do each of the components within it. This would also include the governance of your compliance ecosystem.
As compliance ecosystems become more widespread and evolve, the quality of their governance is an increasingly important success factor. The authors drive home the point that all compliance practitioners understand, “there is no single best way to design your governance model: It will be contingent on the strategic priorities, competitive dynamics, societal demands, and life-cycle stage of the ecosystem.” In other words, assess your own risks in creating your compliance ecosystem and then manage your risks through it.
A CCO should not treat governance as “an afterthought but should instead think through and actively design the governance model.” You need to understand the benefits and risks of aligning “governance and strategy, and resolve strategic trade-offs by balancing the different dimensions of governance.” You ought to put yourself into the shoes of ecosystem stakeholders and  employees to understand the impact of your governance decisions on their incentives to participate and contribute. You will have to adapt your governance model over time to react to changes in user preferences, technology, competition, and strategy. Finally, remember “Good governance is an essential key to the success of both ecosystem orchestrators and their partners.”
Please join us tomorrow where we will look at moving beyond trust in your compliance regime.