Tag: CCO

Categories
Blog

Tariff Week, Part 1 – Navigating Uncertainty: The Compliance Professional’s Guide to Trump’s Tariffs

This week, we will examine the macroeconomic implications of President Trump’s recent tariff hikes and suspensions, a critical issue reverberating across boardrooms globally. Business leaders and compliance professionals are grappling with navigating this unprecedented landscape, and understanding the nuances of this evolving situation is crucial for corporate strategy and compliance preparedness. Today, we will take a macroeconomic view.

Last week, President Trump dramatically escalated tariffs on U.S. trading partners, elevating the average effective tariff rate to approximately 23%. This sharp increase has left markets reeling and businesses scrambling to adapt. Just as quickly (within 48 hours), he brought the tariffs back to their original amount by suspending them. This situation illustrates the growing complexity and volatility that executives must manage, highlighting the vital role that corporate compliance teams play in preparing businesses for macroeconomic shocks.

I was therefore interested in a recent Harvard Business Review article entitled Understanding the Global Macroeconomic Impacts of Trump’s Tariffs by authors Philipp Carlsson-Szlezak, Paul Swartz, and Martin Reeves. In this article, they considered how Trump’s tariff imposition and roll-back moves “have jolted markets and thrust business leaders into deep uncertainty. Developing a better understanding of tariffs’ primary and secondary macroeconomic effects and any plausible long-term consequences will allow executives to assess the impact on their markets and businesses continuously. With so much in flux, leaders must ditch rigid plans and build flexible, analytical muscle to navigate this turbulent new landscape.”

At its core, this situation underscores the asymmetrical nature of trade wars. The United States, due to its significant trade deficit, initially seemed well-positioned to engage in targeted trade disputes. However, by initiating a comprehensive, 360-degree trade war affecting virtually all global trading partners simultaneously, the U.S. has dramatically altered the landscape of risk and opportunity. This asymmetry is critical; while the U.S. experiences cumulative impacts from numerous trade disputes, its trading partners face singular impacts from the U.S. alone.

Understanding the primary effects of tariffs requires compliance professionals to differentiate clearly between supply and demand shocks. For U.S. businesses, supply shocks are particularly pertinent. Tariffs, effectively taxes on imports, invariably translate into higher consumer prices, fueling inflation. This scenario is reminiscent of the post-pandemic supply chain disruptions we have navigated, curtailing real incomes and restraining economic growth. Analysts predict these new tariffs could slash U.S. GDP growth by approximately 1.4%, significantly impacting corporate forecasts and strategic planning.

Trade partners face their own challenges. Retaliatory tariffs, already implemented by China and under consideration by others, inflict similar inflationary pressures and consumption downturns, albeit typically on a smaller scale, estimated between a 0.1% to 0.3% GDP reduction. However, demand shocks to these trading partners could be more severe, depending on the price sensitivity of U.S. imports. Countries heavily dependent on the U.S. market, such as Vietnam, might witness GDP contractions exceeding 6%, illustrating the profound impact that tariff-induced demand disruptions can have on certain economies.

Compliance teams must also monitor and prepare for secondary impacts. The five critical secondary channels to watch are confidence erosion, ROI effects, monetary policy errors, diminished competitiveness, and potential new financial and other shocks. Decreased consumer and business confidence could dampen spending, hiring, and investment behaviors. Additionally, while historically not always leading to recession, equity market volatility poses tangible threats to corporate balance sheets and overall financial stability.

Moreover, the tariffs significantly affect competitiveness. Approximately half of U.S. imports consist of production inputs essential for domestic manufacturing, such as steel and machine tools. Increased production costs stemming from tariffs could, therefore, undermine U.S. businesses’ competitive positions globally, an area where compliance teams must remain vigilant and advise on risk mitigation strategies.

The long-term impacts of these tariffs also warrant consideration. The Trump administration aims to reallocate global production to bolster U.S. manufacturing and employment. Unlike the Biden administration’s CHIPS Act, which strategically incentivized high-productivity sectors like semiconductors, the broad scope of Trump’s tariffs risks fostering lower-productivity industries domestically. This shift could crowd out higher-value sectors due to competition for already scarce labor resources, diminishing overall economic productivity and potential.

This scenario demands that compliance professionals embrace continuous learning and adaptability. The volatility and complexity introduced by the tariff situation reinforce the necessity of dynamic analytical capabilities over static compliance strategies. Compliance leaders must ensure their organizations develop robust analytical frameworks to assess and respond continuously to evolving macroeconomic conditions.

Organizations must regularly revisit their risk assumptions, factoring in the potential global reshuffling of trade flows. If major exporters redirect goods previously destined for the U.S. to other markets, it could trigger a broader global trade conflict, requiring compliance officers to adjust corporate risk assessments and response strategies rapidly.

Finally, executives and compliance professionals should approach this situation with a dual lens, balancing tactical short-term responses with strategic long-term considerations. Immediate tactical decisions are necessary, but it is equally critical to analyze potential structural changes in global trade dynamics that may unfold over the coming decade.

Managing macroeconomic uncertainty, such as the ongoing 360-degree trade war, is increasingly becoming an essential competency for compliance professionals. Those who proactively develop sophisticated, agile analytical capabilities will be better equipped to navigate these uncertain waters, providing their organizations with strategic advantage in tumultuous economic conditions.

Categories
Blog

A Strategic AI Playbook for Compliance Professionals

Artificial intelligence (AI) isn’t just knocking on our doors; it is already here, shaking up traditional processes, reshaping business operations, and redefining compliance. Yet, many organizations still find themselves stuck between tentative experimentation and strategic implementation, uncertain about how to move confidently forward. This shift is especially critical for the compliance professional: AI carries unprecedented opportunities but equally significant risks. Compliance teams must become integral in guiding organizations through this seismic change. Today, I want to explore the recent MIT Sloan article, “Leading the AI-driven Organization,” by Beth Stackpole. I will apply your prescriptions for business leaders to Chief Compliance Officers (CCOs) and other compliance leaders.

AI’s Strategic Potential and the Compliance Agenda

First, understanding the overarching message from MIT Sloan’s perspective is essential: effective AI implementation is not just a tech or business initiative. Instead, it should be seen as a comprehensive compliance strategy. Senior lecturer Paul McDonagh-Smith emphasizes the necessity of aligning AI projects directly with organizational priorities, data strategy, and employee skill sets. He warns of the gap between numerous AI experiments and cohesive, mature strategy, highlighting the urgent need for strategic alignment​.

For compliance officers, this means more than simply checking regulatory boxes. Compliance must be front and center, deeply integrated into AI strategies from the inception. The author advises compliance leaders to start by articulating how AI technologies can address specific compliance challenges and business strategies. Without this direct linkage, AI can become a distracting, costly investment rather than a value driver.

AI-Readiness: Data Quality and Governance

AI-driven compliance programs are only as strong as the data they use. Data integrity, accuracy, and governance are pillars of responsible AI applications. McDonagh-Smith poses a key question: “Is your organization’s data AI-ready?” Compliance teams must lead the charge to ensure the organization’s data is comprehensive, reliable, and managed adequately with stringent governance standards​.

Compliance professionals should champion initiatives that elevate data quality and establish rigorous governance frameworks. This is essential for operational success and regulatory compliance, particularly as privacy laws and data regulations rapidly evolve. For example, proactive data cleansing and structured data governance initiatives can preempt issues that AI might magnify, such as inadvertent biases or privacy violations.

Building AI Competency and Culture

One critical insight revolves around the skill readiness and cultural alignment necessary for AI adoption. Employees’ AI maturity levels directly affect the success of an AI strategy. Leaders must assess their teams’ current competencies, identify skill gaps, and strategically invest in training programs to build technical AI capabilities​.

For compliance leaders, this step is doubly significant. Your team needs proficiency in AI technology and an understanding of AI’s regulatory implications. Upskilling compliance professionals in data analysis, AI ethical principles, and evolving regulatory landscapes will ensure they can effectively govern the technology’s use within the enterprise.

Moreover, AI has profound cultural implications. A compliance-aware culture needs to evolve, fostering collaboration, transparency, and accountability. The author underscores the importance of creating silo-busting teams and encouraging an environment where experimentation and failure are permissible. Within compliance, this means promoting a culture of open discussion about AI risks, encouraging cross-functional collaboration, and integrating compliance considerations early in AI development.

The ‘Fast and Slow’ AI Approach

Drawing on the groundbreaking work of Nobel Prize-winning economist Daniel Kahneman, the author recommends that organizations adopt a dual-speed approach to AI strategy. Compliance programs should embrace ‘thinking fast and slow,’ where rapid experiments and quick wins coexist with careful, analytical, long-term planning​.

This approach is particularly apt from a compliance standpoint. Quick, iterative AI pilot programs can inform more strategic, enterprise-wide compliance frameworks. Compliance teams must balance agility and strategic vision, capturing and analyzing insights from pilots to inform comprehensive compliance structures capable of effectively managing AI-related risks.

Embrace Experimentation Responsibly

Experimentation is crucial, but compliance must ensure it’s done responsibly. As organizations increasingly rely on AI, enterprise risk multiplies. The author cautions that organizations must have a clear view of AI’s potential for promise and peril. Companies must adopt strong ethical frameworks, accountability mechanisms, and proactive risk mitigation strategies to ensure responsible AI use. These safeguards protect against risks like reputational harm, privacy infractions, or the proliferation of biased or incorrect information​.

Compliance professionals have an essential role in designing and maintaining these frameworks. They must act as vigilant watchdogs, ensuring the enterprise remains alert to ethical considerations and risk mitigation strategies at every step of AI implementation.

Positioning Compliance as Strategic AI Partners

Compliance teams are uniquely positioned to guide organizations through AI’s transformative landscape. The insights from this piece illuminate the tactical requirements and the strategic mindset compliance leaders need to cultivate. This is not merely about reacting to AI-driven changes; it is about proactively shaping an ethical, sustainable future where compliance is integrated at every juncture of AI’s adoption and development.

Compliance professionals must boldly step into roles as strategic AI partners, equipped with clarity of purpose, sophisticated data governance strategies, robust training programs, and rigorous ethical frameworks. In doing so, compliance safeguards the enterprise and amplifies AI’s potential to deliver real, sustainable value.

As compliance evangelists, we are privileged to lead these conversations, building a culture of responsible, strategic innovation that aligns business priorities with compliance excellence. AI isn’t merely a wave to ride but a journey to lead.

It is time for compliance to embrace this challenge and set the standard for AI-driven excellence in the corporate world.

Categories
Blog

The Role of Compliance in Auditing AI

As compliance professionals, our roles evolve constantly, shaped by new technologies and emerging risks. One of the most significant developments in recent years has been the rapid growth of artificial intelligence (AI) and machine learning systems in the corporate environment. The 2024 Evaluation of Corporate Compliance Programs (2024 ECCP), under the Management of Emerging Risks to Ensure Compliance with Applicable Law section, asked several key questions.

  • What is the company’s approach to governance regarding the use of new technologies, such as AI, in its commercial business and compliance program?
  • How is the company curbing any potential adverse or unintended consequences resulting from using technologies, both in its commercial business and its compliance program?
  • How is the company mitigating the potential for deliberate or reckless misuse of technologies, including by company insiders?
  • To the extent that the company uses AI and similar technologies in its business or as part of its compliance program, are controls in place to monitor and ensure its trustworthiness, reliability, and use in compliance with applicable law and the company’s code of conduct?
  • Do controls exist to ensure the technology is used only for its intended purposes?
  • What baseline of human decision-making is used to assess AI?
  • How is accountability over the use of AI monitored and enforced?

One key tool for answering many of these questions is auditing. In his recent article in the Harvard Business Review, What Leaders Need to Know About Auditing AI, author Luca Belli outlines crucial insights that business leaders must understand about auditing AI. I have adapted his thoughts for a Chief Compliance Officer and compliance professional.

While audits are becoming a core feature of working with AI, they do not have a predetermined process that follows a straight line; rather, they are a web of different decisions, both from the business and the technical side. Specifically, audits often face four core challenges: 1) they do not follow a straight line, 2) data governance is messy, 3) they require internal trust, and 4) they focus on the past. Leaders can take steps to help audits succeed. Compliance professionals can help instill the right culture and incentives and help design the audit. During the audit, they can shape the process and remove red tape.

AI is no longer confined to back-end analytics. It has stepped confidently into customer-facing roles, making decisions in critical areas such as finance, healthcare, and housing. With such reach and influence, AI poses significant ethical, reputational, and legal risks if left unchecked. Audits of AI systems, therefore, have become a cornerstone of modern compliance frameworks. Policymakers worldwide, including through the EU’s Digital Services Act and New York City’s AI bias law, are mandating external audits of AI systems. Even where not mandated, businesses voluntarily engage in audits to manage risk, mitigate potential crises, and anticipate regulatory developments.

However, auditing of AI is not straightforward. Compliance professionals must understand four fundamental challenges inherent in AI audits.

1. Non-linear Audit Processes

AI audits rarely follow a straight, predictable path. Instead, they often resemble a “random walk,” as auditors must continually adjust their focus based on emerging data and shifting business needs. Consider an audit to detect racial bias in decision-making algorithms where direct data on race is unavailable. Auditors may pivot to proxy measures like zip codes to approximate racial data. This approach, while practical, introduces discrepancies and limitations that must be carefully managed and transparently documented.

2. Complex Data Governance

Effective auditing relies heavily on data governance practices, yet data management often resembles an “old building” layered with historical inefficiencies rather than a clean, structured system. Many organizations struggle to locate and interpret data due to outdated documentation or employee turnover. Compliance teams must actively collaborate with technical teams to ensure data accuracy and completeness. As Belli suggests, robust internal documentation and dedicated data custodians can significantly ease this challenge.

3. Building Internal Trust

Audits can strain internal team dynamics, particularly if audit results lead to perceived criticisms of operational decisions. Compliance professionals must proactively foster a culture of trust, reinforcing that audits are not punitive but integral to operational excellence. As Belli notes, incentives should align accordingly: supporting audits should positively influence personal and professional evaluations, signaling organizational value in transparency and continuous improvement.

4. Historical Focus and Technical Limitations

Most audits evaluate past performance, and evolving AI systems and datasets pose challenges in replicating historical conditions. A user deleting their profile data or changes in system algorithms can complicate audits significantly. Compliance professionals must advocate for real-time monitoring or, at minimum, detailed record-keeping, ensuring auditors have sufficient context to interpret their findings and recommendations accurately.

Given these complexities, how can corporate compliance officers effectively lead their organizations through AI audits? Belli provides several practical steps:

  • Proactive Preparation: Companies should not wait for external mandates to build auditing capabilities. By establishing internal audit teams or clearly defined points of contact within existing teams, organizations can swiftly respond to audit needs while minimizing operational disruption.
  • Cultural Alignment: Corporate culture profoundly impacts audit effectiveness. Compliance professionals must champion transparency and accountability at the highest organizational levels, ensuring that audits are critical to long-term business success rather than occasional inconveniences.
  • Strategic Audit Design: Choosing between external auditors and internal audit teams requires careful consideration of organizational dynamics. Internal teams offer in-depth institutional knowledge, while external auditors provide objective perspectives without internal friction. Belli suggests a hybrid model, often ideal, balancing centralized expertise with distributed operational familiarity.
  • Leadership Engagement: Active, informed involvement by senior leadership during audits can clarify organizational priorities and remove operational roadblocks. Leaders should regularly engage with technical teams to understand key decisions, encourage thorough documentation, and ensure audit findings align clearly with broader business objectives.

The author underscores the CCO’s crucial role in navigating the nuanced landscape of AI auditing. As technology’s reach expands, compliance teams must proactively address these emerging complexities, continually adapting their oversight frameworks to meet the dynamic challenges presented by AI systems. By fostering robust internal collaboration, aligning incentives, and strategically preparing audit infrastructure, compliance professionals not only mitigate risks but also enable their organizations to harness AI’s transformative potential responsibly and ethically.

Categories
Sunday Book Review

Sunday Book Review: April 6, 2025, The Books on Culture Edition

In the Sunday Book Review, Tom Fox considers books that would interest the compliance professional, the business executive, or anyone who might be curious. These could be books about business, compliance, history, leadership, current events, or anything else that might interest Tom. Today, we look at four books on culture.

  1. The Power of Culture by Laura Hamill
  2. Culture is Everything by Jeff Veyera
  3. Culture by Design by David Friedman
  4. Culture Is The New Leadership by Benjamin Ortlip
Categories
Creativity and Compliance

Creativity and Compliance – Bringing Joy to Compliance: A Conversation with Virginia MacSuibhne

Where does creativity fit into compliance? In more places than you think. Problem-solving, accountability, communication, and connection – they all take creativity. Join Tom Fox and Ronnie Feldman on Creativity and Compliance, part of the award-winning Compliance Podcast Network.

Ronnie’s company, Learnings, and Entertainment, utilizes the entertainment devices people use to consume information in their everyday, non-work lives and apply it to important topics around compliance and ethics. It is not only about being funny. It is about changing the tone of your compliance communications and messaging to make your compliance program, policies, and resources more accessible. In this episode of Creativity and Compliance, Tom Fox and Ronnie Feldman are joined by Virginia MacSuibhne, former Chief Compliance Officer for Roche and Agilent Technologies.

Virginia shares her unique approach to making compliance accessible, engaging, and fun. Emphasizing the importance of a personal brand, she discusses her philosophy of authenticity and how it translates into creating clear, actionable, and enjoyable guidance. Her unconventional methods, including using infographics, breaking down complex policies, and injecting humor and personal interests, have significantly impacted employee engagement and compliance culture.

Virginia highlights the critical role of user experience (UX) in compliance, urging practitioners to rethink their policies and communication strategies. She shares anecdotes of her creative initiatives, such as wearing a unicorn costume to training sessions, integrating compliance messages into existing training programs, and making hotline experiences as user-friendly as possible. Her mantra, ‘What makes you weird makes you wonderful,’ encourages compliance professionals to bring their unique selves to their work to foster a more approachable and effective compliance environment.

Key highlights:

  • Virginia’s Philosophy on Compliance
  • Creating an Engaging Compliance Program
  • Simplifying Policies and Procedures
  • Innovative Training and Communication Techniques
  • Overcoming Pushback and Building a Business Case

Resources:

Virginia MacSuibhne on LinkedIn

Ronnie:

  • Learnings & Entertainments (Website)
  • Compliance Confessions – inspired by “Mean Tweets,” these 90-second commercials address misconceptions and excuses to promote speak-up culture and the E&C team as positive and helpful.
  • E&C Training Jams – a soulful singer banters with ethics & compliance, explaining policies, sharing examples, and debunking excuses. 
  • Tales from the Hotline – Real speak up-themed stories about workplace behavior gone wrong.
  • Workplace Tonight Show! – E&C meets SNL Weekend Update, explaining corporate risk topics and why employees should care.
  • 60-Second Communication & Awareness Shorts – A variety of short, customizable, music and multimedia, quick-hitter “commercials” promoting integrity, compliance, speaking up, and the E&C team as helpful advisors and coaches.
  • Custom Live & Digital Programing – Custom creative programming that balances the seriousness of the subject matter with a more engaging delivery. After all, you can’t bore people into learning.

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Creativity and Compliance was recently honored as one of the Top 35 Podcasts on Creativity by Feedspot.

Categories
Blog

Stepping Up and Stepping Forward: The Future of Compliance in an Age of AI and Deregulation

The world of compliance took a surprising turn this February with the Executive Order issued by the President suspending FCPA investigation and enforcement. This was followed in short order by the dismissal, after six years of prosecution, of the two ex-Cognizant Technology executives charged with paying or authorizing the payment of bribes in that case. It now appears that both the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) FCPA units will be eviscerated and even shut down by the Administration. These significant legal rollbacks have ignited a series of conversations about the very essence and future of the compliance profession. As compliance professionals, many of us are left pondering, where exactly does compliance go from here?

I recently discussed this topic on the Compliance into the Weeds podcast with Matt Kelly, reflecting on his insights from a compliance event held in Boston he wrote about in a blog post in Radical Compliance. Matt highlighted a prevalent unease among compliance officers, underpinned by two primary concerns: the potential redundancy of compliance roles due to relaxed regulatory scrutiny and the impact of advancing technology, particularly AI, on compliance functions.

First, tackle the issue of regulatory rollback. The Trump administration has shown a clear inclination toward scaling back certain regulatory requirements, warranted or not. But there is a critical takeaway. It is not 2010, at the modern beginnings of compliance; it is 2025, and compliance is fundamentally different from what it was 15 years ago. Compliance practices and ethics programs have become deeply integrated into business operations, creating intrinsic value that transcends mere regulatory requirements. These practices have proven essential not only for managing regulatory risk but also for effectively managing broader business risks, operational efficiency, and corporate reputation.

Yet, despite the embedded nature of compliance in modern corporations, there’s a troubling scenario Matt outlined based on a keen observation from Kristy Grant-Hart. Could compliance functions gradually be absorbed by other departments? Could compliance tasks like hotline management drift toward HR, regulatory compliance fall into the hands of the legal department, and privacy compliance become the responsibility of IT security? Unfortunately, this scenario is not entirely implausible. Some short-sighted organizations might indeed take this fragmented route, viewing it as an opportunity to reduce headcount and costs.

Both Matt and I agree this is a dangerous and ultimately costly path. Fragmenting compliance capabilities across departments risks creating silos, precisely what compliance professionals have spent years fighting against. Silos impede effective communication and cloud transparency and hinder the swift, coordinated responses necessary to manage risk in today’s complex business environments. In short, this fragmentation threatens operational integrity, compliance effectiveness, and, ultimately, corporate profitability.

Instead of retrenching, compliance professionals must seize this uncertain moment as an opportunity. This is a time to demonstrate conclusively how compliance adds tangible business value beyond regulatory mandates. Hui Chen beautifully articulated this sentiment in her insightful blog post, urging compliance leaders to elevate their roles proactively. Chen recommends re-evaluating and broadening our compliance messaging, enhancing engagement with leadership, and demonstrating the clear business value compliance delivers to the organization.

Now, when we look at technology, particularly AI, there is palpable excitement and understandable anxiety within our compliance community. AI presents both extraordinary potential and a perceived threat. The crux of the concern is straightforward: could AI replace human compliance professionals?

AI undoubtedly enhances compliance capabilities significantly; it empowers us to manage larger, more complex data sets, swiftly identifies risks, automates repetitive compliance tasks, and enriches our analytical capabilities. But here’s the fundamental truth: AI requires a “human in the loop.” Human oversight, nuanced judgment, ethical considerations, and strategic thinking cannot, and should not, be outsourced entirely to algorithms.

Moreover, AI is not a threat but a tool that amplifies the effectiveness of compliance officers. Compliance professionals should proactively harness AI to enhance third-party risk management, improve whistleblower and speak-up programs, conduct more nuanced behavioral analytics, and streamline compliance training and communication. AI is here to augment, not eliminate, the vital role of the compliance officer.

Short-sighted individuals will always view AI as a cost-cutting opportunity. These individuals might attempt to unravel compliance functions, dispersing responsibilities across various departments supported by AI, thereby undermining the coherent strategic value a centralized compliance function provides.

Our response as compliance professionals should be unequivocal; robust compliance management and risk assessment capabilities are more critical now than ever. Compliance functions must remain centralized and strategic, leveraging technology to enhance rather than dilute their impact. We must clearly demonstrate to senior management how a strong, unified compliance function, bolstered by advanced technologies like AI, not only ensures regulatory compliance but actively strengthens operational resilience, business efficiency, and profitability.

In closing, Matt and I both agree these are indeed challenging and uncertain times for the compliance profession. However, they also represent a profound opportunity for growth and innovation and demonstrate the indispensable value compliance brings to businesses. Compliance professionals must rise to this challenge, proactively shaping the future rather than passively waiting for it to unfold.

As Matt aptly concluded, and I echo wholeheartedly, “I would bet on the durability of the ethics and compliance profession every day of the week.” I would only add that now is unquestionably the moment for compliance to step forward confidently, embracing innovation and clearly demonstrating its value as a strategic partner in business success.

Categories
Compliance Into the Weeds

Compliance into the Weeds: The Role of Compliance Going Forward

The award-winning Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to explore a subject more fully. Are you looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds! In this episode of Compliance into the Weeds, Tom Fox and Matt Kelly take a deep dive into the intricate future of corporate compliance amidst changes brought by the presidential executive order suspending FCPA investigation and enforcement.

Matt shares insights from a recent Compliance Week event in Boston, highlighting concerns among compliance professionals about the potential obsolescence of their roles. The discussion covers two primary scenarios: regulatory relaxation, making dedicated compliance roles redundant, and technological advancements, particularly AI, potentially replacing human compliance officers. However, both agree on the enduring importance of robust compliance functions integrated within corporate structures, emphasizing the strategic value of compliance in risk management and business operations.

They explore the dual excitement and anxiety surrounding AI’s role in compliance. Matt and Tom caution against shortsighted management decisions to decentralize compliance functions and highlight how AI can be harnessed to enhance rather than replace human oversight. They argue for proactive measures from compliance officers to demonstrate their value and leverage AI to improve compliance programs. As Matt eloquently puts it, this is a challenging yet opportune time for compliance professionals to up their game and secure their vital role in ensuring corporate integrity and efficiency.

Key highlights:

  • The Future of Compliance Post-Executive Order
  • The Role of Technology in Compliance
  • AI’s Impact on Compliance Officers
  • Strategic Imperatives for Compliance

Resources:

Matt in Radical Compliance

Tom in the FCPA Compliance and Ethics Blog

Hui Chen A Pause in FCPA Enforcement: Crisis or Opportunity

Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Compliance into the Weeds was recently honored as one of a Top 25 Regulatory Compliance Podcast

Categories
Blog

Compliance Lessons from Sales Incentive Pitfalls

When the scandal broke around Wells Fargo’s sales incentive manipulation, it became clear that incentive structures weren’t just about motivating employees but also fertile ground for ethical missteps and compliance failures. The recent article by Timothy Gardner, Colin Wong, and Rick Butler, entitled How Salespeople Game the System in Harvard Business Review, sheds crucial light on this, offering a timely reminder for compliance professionals about the latent risks embedded in incentive-driven strategies.

Salespeople often exploit incentive programs to maximize their gain through various schemes, damaging company performance and putting the company at legal risk. The authors identify common cheating tactics, including sandbagging, falsifying data, and giving excessive discounts or incentives to close deals quickly. To counter these practices, companies should use data to detect irregularities, revise incentive plans to close loopholes and establish ongoing monitoring. Communication and education about acceptable behaviors are also crucial. Not all gaming tactics need immediate action; however, some may be tolerated if they have a minimal impact on performance and would cause undue disruption to the sales organization. Compliance professionals should adopt a continuous process to identify and mitigate cheating while balancing the need to maintain sales productivity and motivation.

Understanding the Landscape

From Wells Fargo’s notorious misconduct to Vivint Smart Home’s identity theft case, examples abound of sales incentives fostering environments ripe for unethical practices. Sales professionals, driven by quotas and commissions, employ an array of tactics—from sandbagging, where sales are delayed strategically to maximize later bonuses, to outright fraud, such as creating faux customer accounts.

The authors identified eight incentive gaming categories, offering corporate compliance teams a powerful diagnostic tool. These include:

  1. Sandbagging. This technique involves postponing the completion of sales to a later measurement period to optimize incentive earnings. The authors found that “some sales reps at his company would hold as many orders as possible from October through December and submit them in January. The extra sales translated into outstanding sales performance and a very high commission for far exceeding established quotas.”
  2. Partners in profit. This is a particularly dangerous fraud in which the BD folks will “team up with customers to manipulate company processes to secure a better deal for the customer and a higher bonus for themselves.” The authors heard “about personal bankers who coached customers to sign up for accounts to take advantage of promotional deals (earning the bankers a commission) and then close the accounts at the end of the promotion.” This was similar to the Petrobras FCPA bribery scheme.
  3. Squandering sales. This tactic involves misleading customers in ways that benefit the salesperson but not the organization or the customer. The authors cited the following example: “Sales reps would give customers discounts to upsell them to unneeded service levels to earn the higher commission associated with the higher service tier. Though the salespeople came out ahead, the upsell hurt the organization’s bottom line and the customers: The company paid out a higher commission as a result of the upsell, and the customers ended up paying more for unwanted, higher-tier services, possibly resulting in customer dissatisfaction and defection.”
  4. Lost in segmentation. Another FCPA latent risk is where BD folks will “game the system by focusing their efforts on buyer segments that provide greater opportunities for incentive payouts instead of the targeted segments favored by the company. One interviewee told us that this was common among customer service associates (CSAs) who were responsible for both inbound sales-and-service calls and outbound sales-only calls. The CSAs would avoid accepting the incoming calls to maximize the time they could devote to the outbound calls, thereby earning more commissions.”
  5. Carrot and stick. Salespeople may use rewards, promises, threats, or punishments to encourage customer behavior that maximizes incentive payouts. At one airline, “some agents offered to waive baggage fees for customers during check-in if they signed up for the airline’s credit card, thus earning themselves a generous bonus.” This was a Wells Fargo tactic.
  6. Misleading customers. This tactic involves misleading prospective customers or withholding information to move the sales process forward. An example cited by the authors was where sales “reps would falsely tell call-in customers that the transaction couldn’t be completed on the phone and encouraged them to meet with a financial adviser, which yielded them higher bonuses for in-house referrals.”
  7. Falsifying data. Another tactic with criminal overtones. Under this scheme, a “sales management system is fed false information or information is omitted to maximize incentive payouts. In one interview, we heard that sales reps often log in to sales management systems and add their names to deals they did not participate in to increase their bonuses.”
  8. Faux customers. Well Fargo redux. Here, sales folks create “fake customer accounts with the help of friends, relatives, or coworkers.” Simply fabricating accounts is also a common gaming tactic. Some sales reps ask friends to pose as buyers, one interviewer told us. After the rep receives the commission for the “sales,” the phony customers cancel their service.

While varying in severity and potential impact, each of these strategies has the potential to compromise organizational integrity and compliance standards. Therefore, compliance leaders must remain vigilant in recognizing these behaviors and preemptively addressing the conditions that allow them to flourish.

Anticipating Incentive Program Vulnerabilities

Compliance teams can learn from these sales incentive pitfalls by proactively thinking like unethical sales professionals—an approach Gardner, Wong, and Butler dub cultivating an “immoral imagination.” Such foresight enables compliance leaders to anticipate and identify incentive plan vulnerabilities before they manifest into actual misconduct.

For instance, organizations should routinely engage trusted leaders and experienced sales professionals to evaluate incentive plans critically. Using the typology as a checklist can spur proactive identification of potential loopholes and gaming opportunities, informing targeted policy enhancements and strengthened monitoring protocols.

Data-Driven Monitoring and Audits

A robust compliance monitoring infrastructure is central to preventing sales incentive exploitation. Auditing systems for irregularities is critical. This includes tracking sales timing, examining customer account patterns, and monitoring behavior like customer misdirection or misinformation. Companies that successfully curtail gaming implement sophisticated tracking and analysis systems capable of flagging suspicious activities for further investigation.

The authors highlighted instances where systematic auditing effectively detected fraudulent behaviors. A notable example includes a financial institution auditing deposit account closures to identify employees creating fake accounts to artificially boost commissions. The swift identification and termination of those involved prevented further ethical breaches and preserved organizational integrity.

Refining Incentive Plans with Clear Guidelines

Beyond monitoring, refining incentive plans to eliminate ambiguities and clearly articulate acceptable behaviors is imperative. Policies must explicitly outline ethical boundaries and the consequences of transgressions, including incentive clawbacks, disciplinary actions, and potential termination.

Gardner and his co-authors advise that companies embed explicit language prohibiting unethical behaviors and reinforce these through regular training and communication, emphasizing transparency and accountability. The case they presented, involving airline agents improperly waiving baggage fees in exchange for credit card sign-ups, underscores the importance of clear, enforceable policies and vigilant enforcement.

Strategic Communication and Ethical Culture

Communication is the bedrock of any robust compliance strategy. Sales teams need ongoing messaging about ethical standards and incentive program expectations. Establishing an open dialogue around compliance and ethics, including discussing discovered instances of misconduct, helps embed integrity deeply into organizational culture.

Leaders must foster a culture where ethical conduct is the norm rather than the exception. Regular compliance training, reinforced by real-world case studies like those discussed in the Harvard Business Review article, can significantly enhance sales teams’ ethical vigilance and deter potential gaming behaviors.

The Decision to Act or Tolerate

The authors noted that not all incentive gaming is equally damaging or requires immediate rectification. Some minor gaming activities, such as strategic timing of sales submissions, may present minimal risk or impact, suggesting that addressing these issues aggressively could inadvertently disrupt sales operations or morale. Hence, compliance professionals must judiciously evaluate the potential ramifications of intervention versus strategic tolerance.

Concluding Thoughts for Compliance Leaders

Incentive-driven environments inherently contain risks. The complexities and competitive pressures on sales professionals often create scenarios tempting unethical shortcuts. However, compliance leaders can significantly reduce opportunities for unethical behavior with strategic vigilance—anticipating risks, implementing rigorous monitoring, maintaining clear and enforceable incentive guidelines, and fostering an ethical culture.

The insights from this article offer a timely, instructive framework for compliance professionals tasked with overseeing incentive-driven business units. Understanding how incentive systems can be exploited becomes a powerful asset in our ongoing mission to uphold ethical standards, protect corporate integrity, and ensure sustainable business success as we continually adapt and refine our compliance strategies.

Categories
Compliance Tip of the Day

Compliance Tip of the Day – A Personal Operating System for Compliance Professionals

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today we look at the importance of a personal operating model for compliance officers.

Categories
Blog

Compliance Leadership Week: A Personal Operating System for Compliance Professionals

This week, we begin a five-part exploration of leadership for compliance professionals. All of this week’s blog posts will be based on articles from McKinsey & Company, and all authors are with McKinsey. I will look at individual leadership issues, compliance team leadership issues, and issues for a Chief Compliance Officer (CCO) or compliance professional for greater corporate matters. We begin our exploration by considering individual leadership issues for compliance professionals. Today’s (and tomorrow’s) blog posts are based on the article Warning: Upgrade your personal operating model by McKinsey authors Arne Gast and Suchita Prasad.

Compliance professionals are used to alerts and notifications reminding us to keep our organizational technology and systems up-to-date. Messages like “Update now or risk losing access” flash across our screens regularly, prompting immediate action to secure organizational infrastructure. But how often do we take such vigilant measures to update our personal operating systems and the personal models that guide our professional effectiveness and impact?

In today’s rapidly evolving corporate landscape, compliance officers face unprecedented challenges. Regulatory shifts, technological advancements, new business risks, and societal expectations are constantly in flux. To navigate these waves successfully, we must regularly revisit and recalibrate our personal operating models. Like any critical business system, your personal operating model comprises the choices you make regarding your priorities, the roles you fulfill, the allocation of your time, and the management of your energy.

The Importance of a Personal Operating Model for Compliance Officers

Just as outdated technology poses security risks to an organization, an outdated personal operating model can compromise your effectiveness as a compliance officer. Regularly updating your approach helps ensure alignment with organizational goals, regulatory demands, and professional growth opportunities. Yet, unlike device upgrades, no automatic alerts prompt these updates; compliance officers must generate internal notifications for reflection and action.

The Four Drivers of Your Personal Operating Model

To effectively refresh your compliance operating system, consider four critical drivers: priorities, roles, time, and energy. Each element is essential to your professional impact and resilience.

1. Priorities

Compliance leadership starts with setting clear, strategic priorities. Have you identified your compliance mandates? Do you understand the expectations and potential areas of overshooting or underperformance? Compliance mandates come from various stakeholders, including senior executives, board members, regulatory bodies, and external auditors. Clarifying these mandates and transparently communicating them is vital. Leaders must boldly determine which mandates to fulfill, manage stakeholder expectations, and consciously decide where strategic disappointments might be necessary, always within manageable bounds.

Consider a compliance officer entering a new organization. Initially hesitant to make sweeping changes to established protocols, a careful stakeholder review might reveal a clear mandate for significant compliance transformation. Recognizing and embracing these mandates positions you to effectively lead impactful change.

2. Roles

Effective compliance officers clearly define roles, prioritizing tasks uniquely suited to their capabilities and delegating responsibilities to leverage organizational strength effectively. Are you focusing only on critical compliance tasks that you can manage effectively? Are you building positive leverage by engaging competent team members?

For instance, overseeing critical internal investigations might require direct involvement, while day-to-day compliance monitoring could be delegated to well-trained compliance staff. Choosing where to apply your expertise maximizes your overall impact and builds robust organizational compliance capabilities.

3. Time

Managing time is a fundamental skill for compliance leaders. How effectively are you scheduling and structuring your time to handle critical compliance issues proactively rather than reactively? Establishing boundaries, creating productive rhythms, and thoughtfully redesigning meetings can dramatically increase compliance effectiveness.

For example, compliance executives often experience calendar overload with meetings, training sessions, and urgent crisis interventions. Reflecting on your meeting structure can streamline effectiveness, eliminate unnecessary gatherings, and improve the productivity and clarity of compliance communications. Clearer schedules allow space to manage emerging compliance risks and regulatory changes proactively.

4. Energy

Finally, maintaining and protecting your energy is crucial for sustained effectiveness and resilience. Compliance roles are demanding and often filled with high-pressure situations and complex problem-solving. Do you actively manage your health, nurture supportive relationships, and connect deeply with the purpose behind your compliance work?

A compliance leader in a multinational firm found himself stretched thin by constant international travel and demanding audits. Realizing his health was compromised, he committed to regular exercise, improved nutrition, and better sleep habits. Coupled with meaningful social connections and reflection on his professional purpose, these actions revitalized his energy, enhanced productivity, and deepened his commitment to his compliance leadership role.

Implementing Your Personal Operating System Upgrade

To systematically update your personal compliance operating model, consider enlisting accountability partners, colleagues, mentors, or trusted personal contacts—to ensure consistent reflection and action. Regularly scheduled reviews, akin to software updates, help maintain your personal operating system’s integrity and effectiveness.

As compliance officers, our effectiveness hinges significantly on our ability to adapt and respond proactively to evolving regulatory and business landscapes. While technology alerts remind us to upgrade our devices, we must generate our notifications, prompting essential personal model upgrades. Continually recalibrating priorities, clearly defining roles, efficiently managing time, and actively preserving our energy empower us to deliver impactful compliance leadership.

Maintaining an up-to-date personal operating model positions compliance professionals to proactively anticipate risks, effectively drive organizational compliance initiatives, and sustain long-term professional resilience. Regular updates to your personal compliance operating system are not merely beneficial; they are essential to your continued success and the broader success of your organization.