Tag: CCO

Categories
Blog

Using Purpose to Create a ESG Program

I have advocated that compliance is uniquely situation to lead a corporate ESG effort. In a recent Harvard Business Review article entitled, What is the Purpose of your Purpose? authors Jonathan Knowles, Tom Hunsaker, Hannah Grove and Alison James looked into creating Purpose in an organization. Their article laid out a great road map for companies to identify “an authentic and motivating basis for alignment among key stakeholder groups” for the elusive concept of Purpose. I found their piece to be a great way to think about bringing ESG into your corporate purpose.
For the Chief Compliance Officer (CCO), determining an ESG strategy is fundamentally a business decision and must be anchored in your business strategy. This means “identifying the most authentic and motivating basis for alignment among the key stakeholder groups on which the success of the business depends.” Moreover, determining and then implementing such a strategy “sits at the intersection of four business agendas: (1) For marketing and sales, it can help win customers and enhance their loyalty. (2) For HR, it can attract, engage, and retain employees. (3) For governance and sustainability, it can enhance environmental, social, and governance performance. (4) For strategy and finance, it can guide how resources are allocated and risks are managed.” Maneuvering through these four agendas is critical.
The authors begin with the idea that there are three senses of purpose. They are competence, which they define as the function which your product or services serves in the marketplace; culture, which they define as the intent in which you run your business; and cause, which they define as the social good for which your organization aims. These three ‘senses’ operate in different manners which can be confusing. For the CCO, separating these three senses into different components can be an important exercise. Here the authors identify three key gaps in these three senses which every CCO must overcome.
The competence-cause gap. This is the lack of alignment between the nature of your business and your espoused cause, such as when the business your pushing is at odds with your stated goals. Next is the competence-culture gap which is when a company is valued by customers but treats its employee poorly, usually through overwork, low salaries and wages or tolerating a culture which is less than respectful. The final gap is the culture-cause gap where your organization has a clearly stated purpose but employee engagement on that purpose is low. Like having a great paper compliance program but then engaging in bribery and corruption. To remedy these weaknesses, the authors have developed a five-step approach to finding your corporate purpose. Once again these are an excellent way to help create and foster a ESG program.

  1. Identify the types of interests and constituencies for your corporate ESG program. The authors identify four interests: (1) sales and marketing, (2) employees, (3) governance and sustainability, and (4) strategy and business valuation. As CCO, you need to work with all four interests to navigate a unified approach for all the internal and external constituencies who will need to buy into this approach. Your internal constituencies include employees, senior management, Board and shareholders. Your external constituencies could include potential shareholder, third parties such as suppliers, localities where you do business and customers.
  1. The three senses of purpose. All three senses have their advantages. The authors note, “A competence-focused purpose presents a clear value proposition for both customers and employees. A culture-focused purpose creates internal alignment and collaboration with key partners. A cause-focused purpose aligns customers, employees, and communities around the societal benefits that the company generates.” Moreover, each will have overlap in your ESG agenda.
  1. Link ESG strategy to purpose. What will be the biggest drivers for your organization into 2025 and beyond? Obviously, sales and growth are critical but what about talent acquisition and retention? Is it expansion through organic growth or through M&A? How about access to capital through PE financing, floating new shares or even bank financing? Whatever the purpose(s) is or are, the authors note that you should “develop a clear sense of the business objective that the purpose will support. How can it enhance the relevance and sustainability of your value proposition to customers and other stakeholders and strengthen the company’s relative advantage? This step typically produces a short list of three to five key ideas for defining your purpose in a way that aligns strongly with the strategy of the business.”
  1. Get out of siloes. Here you need to be seen as moving past simple corporate self-interest. The authors list several questions you can ask to your working group. They include Is the usefulness of what we provide so self-evident that we need say nothing more?Does the nature of your business make it credible for us to assert that we are out to do good?Does our leaders’ behavior support the idea that we are in the business to make the world a better place, even if that is not our core focus? Do we deliver value to customers while also being an attractive employer, partner, and corporate citizen? Does how we do business create value for society in ways unusual for our industry? By asking and answering these questions it will help you to move past the self-interests of the groups you have identified as internal constituencies. 
  1. Embed purpose in corporate behavior. Execution is where the rubber meets the road. As with all things corporate it starts with senior management who must set the tone, commitment and walk the walk. But the interesting insight from the authors note is that while senior management tends to view such efforts as a top down experience, “Most other stakeholders experience it from the bottom up—through their interactions with products and services, employees, physical locations, and communications…From a bottom-up perspective, it is more important that purpose increase the sense of authenticity, coherence, and engagement derived from the day-to-day experiences of customers, employees, partners, and the communities in which the company operates. The ultimate test of your purpose is whether it improves the way the business actually operates.”

The authors conclude that there are two additional elements which must be considered: pragmatism and authenticity. Both of these elements are directly in the wheelhouse of the CCO and compliance function. ESG can be powerful tool to speak to a variety of stakeholders in any organization. Using the approach to Purpose the authors have outlined, designed for a ESG program, can be a direct way for a CCO to move forward in the design, creation and implementation of what can well become a successful ESG program.

Categories
The Compliance Life

Audrey Harris-Into the CCO Chair

The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What are some of the skills a CCO needs to success navigate the compliance waters in any company? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Audrey Harris, who handled FCPA cases prior the explosion of FCPA enforcement actions in the early 2000’s, sat in the CCO Chair, led compliance program work back in private practice and now is Managing Director for Global Anti-corruption, Compliance, Ethics & Non-Financial Risk at Affiliated Monitors Inc.

Even though Audrey had seen numerous CCOs ‘die painful professional deaths’ in 2015,  Audrey moved into the CCO Chairs at BHP. She gave the Top 10 CCO lessons she learned in that role. When asked what her top accomplishment was, she answered that it was seeing the professional growth in her team and how this compliance team grew and led a compliance reset for the company. She also learned to make the commercial case for compliance.

Resources

 Audrey Harris on LinkedIn

Audrey Harris on Affiliated Monitors, Inc.

Categories
Blog

War in Ukraine: Part 1 – KYC, Who Is in Your Supply Chain and Third Parties

Almost all of the world has condemned the Russian invasion of the Ukraine and I will add my small voice to that condemnation. In trying to choose what to write, I did not want to emphasize the better the geopolitical commentary, so I decided to focus on how this invasion and its attendant fallout might impact compliance professionals and programs. At this point Russia has limited its attacks to Ukraine but my fear as more EU, other Western allies and the US respond with arms and technical support to the Ukraine government and army, we might see Russia unleash its cyber warfare specialists on those who are supporting Ukraine with material and other support. This week I am going to write about some of the issues a Chief Compliance Officer (CCO) needs to think about now. Today, I consider Russia.
The list of sanctions is growing as the situation on the ground becomes more intense and dynamic, so you need to be in constant contact with your operations, sales and supply chain functions. At this point, you should probably add Belarus to that list as they appear to be the only other country actively supporting Russia at this point. Given the US, EU and UK sanctions that have been levied and likely will be sanctioned over the next few days and weeks, at this point your organization probably needs to prepare for a full ban on sales from your organization into Russia. Russia (and Belarus) appears to be headed to the same list as North Korea and Iran and your business needs to ready.
Know Your Customer
One of the first thing every CCO needs to do right now is determine what goods, products or services flow from, through or to Russia. This means knowing who your customers are and where they are located. If you have not stopped selling to any Russian companies now you probably need to stop tomorrow. But this inquiry does not stop or even start at the Russian border. It means any products which might go into Russia through any of your sales channels. Do you have distributors? What countries are they in? Same inquiry for resellers. Any entity that can get your company’s products into Russia needs to be determined now. Make preparations now to cease all business.
Time for your legal department to start looking at every force majeure clause in every contract. Because of where I live, I have looked at force majeure clauses almost every hurricane season and I cannot remember one that did not include a war clause. I rewrote many such clauses to make such pandemic and other health emergencies covered. But your corporate legal department needs to be ready to invoke them under the war clause.
Who is in Your Supply Chain?
The same level of inquiry you put into KYC right now should go into your Supply Chain. Obviously if you have suppliers in Russia, you need to be prepared to jettison that relationship. However even if you do not formally or legally terminate those relationships, your organization needs to be ready for serious disruptions for any components you may be depending on for your company’s products. But once again it is not simply your direct suppliers. If you have never done a deep dive into at least five levels of your supply chain, NOW is the time do so. If there are base materials or component parts coming to your organization from that part of the world anywhere in your supply chain, you had best appreciate that risk sooner rather than later. The Financial Times (FT) has reported that Russia “is also an important source of metals used in manufacturing such as nickel, titanium, palladium and aluminium. Titanium is needed by aircraft and aero-engine manufacturers such as Boeing, Airbus and Rolls-Royce, while palladium is used in catalytic converters, electrodes and electronics.” Indeed, 14% of the world’s aluminium comes from Russia.
Even if you can still have the parts manufactured, you still must bring them to your manufacturing facilities, either in the US or Europe. Thomas L. Friedman, writing in the New York Times (NYT), said, “if Poland just halts truck and rail traffic from Russia to Germany, “as it should,” it would create immediate havoc for Russia’s economy, because the alternative routes are complicated and need to go through a now very dangerous Ukraine. Anyone up for an anti-Putin trucker strike to prevent Russian goods going to and through Western Europe by way of Poland? Watch that space. Some super-empowered Polish citizens with a few roadblocks, pickups and smartphones could choke Russia’s whole economy in this wired world.” If the fighting continues much longer, we will begin to see major transportation disruptions spreading not only from Russia and Ukraine but also to eastern Europe.
Third Parties 
At this point, I hope that ever CCO knows who their third-party sales agents are and that they are monitored on a regular basis. I also hope this same level of knowledge extends down to other third parties such as distributors, joint venture (JV) partners or other types of business relationships in Russia. Indeed the Washington Post announced BP was pulling out of its JV with Rosneft. But more than simply those direct relationships, you can sell your organization’s products into Russia through resale. When was the last time, you looked at your End User report? If it has been more than a few months, I would suggest that you move such a review to the top of your list early this week.
Every multinational organization needs to be fully engaged on these matters and a host of others. Michael Peregrine, writing in Forbes.com last week, said that corporate boards can perform the dual role of both governance and providing support to senior management. Indeed, they may well be obligated to do so. For every CCO reading this I would suggest you call the head of your compliance committee, tell them what you are doing, see what information they want and ask what resources they might be able to provide to you now.
Tomorrow, I will review some issues when looking at Ukraine.

Categories
This Week in FCPA

Episode 291 – The Rams Win It All Edition


Super Sunday passed with fun but poorly played, poorly officiated, and poorly coached. Tom and Jay are back to look at some of the week’s top compliance and ethics stories this week in the Rams Win It All Edition.
Stories

  1. Ericsson is in more FCPA trouble. Mengqi Sun in the WSJ Risk and Compliance Journal. Aaron Nicodemus in Compliance Week(sub req’d)
  2. DD impeding compliance in developing markets? Katya Lysova explores in the FCPA Blog.
  3. ESG-no longer a nice to have. Karen Alonardo in Risk and Compliance Matters.   
  4. State AGs are waiting. Ashley Taylor and Chris Carlson in CCI.  
  5. The latest case on CCO liability. Matt Kelly in Radical Compliance
  6. Broken windows and compliance enforcement. Anthony O’Reilly in Compliance and Enforcement
  7. Companies yet again ask the EU for rules around ESG. Lawrence Heim inpracticalESG.
  8. White-collar enforcement trends in 2021. Jamie Rosenberg in Grand Jury Target.  
  9. HP-Autonomy from the auditors’ perspective. Francine McKenna in The Dig
  10. South African courts deny Zuma’s attempt to remove the SA corruption prosecutor. Rick Messick in GAB.  

Podcasts and More

  1. In February on The Compliance Life, I visited Ellen Smith, a former Director of Trade Compliance who recently started her consulting firm. In Part 1, she discussed her academic background and early professional career. In Part 2, Ellen discussed her move in-house. In Part 3, Ellen discusses being a part of the Compliance Dream Team at Weatherford.
  2. Tom and Richard Lummis are in the middle of their annual review of Best Picturing winning movies on 12 O’Clock High, a podcast on business leadership. Part 1 reviews Schindler’s List for leadership and ethical lessons. In Part 2, the look at Gladiator.
  3. CCI releases a new e-book from Mike Volkov, “Compliance Culture Revolution.” Available free from CCI.
  4. Tom looks at some innovation in compliance with a 3-part blog post series in the FCPA Compliance and Ethics Blog. Topics include Compliance Ecosystem GovernanceCompliance Branding, Building Culture & Compliance Coaching.
  5. Are you a Star Wars fan? How about an uber-Geek? You will love the 5-part series appearing next week on the Greeting and Felicitations podcast series on the Compliance Podcast Network if you are either or both. In this series, Tom visits astrophysicist Dr. Ben Locwin on the following topics: Traveling in Hyperspace, Fighting with a Light Saber, Mechanical Prosthetics, Cyborgs and Robots, and the Death Star. It is a ton of fun, and you will love it. Each episode will post at 10 each day next week. Check it out daily. 

Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.  

Categories
Blog

Innovation in Compliance: Getting Culture Right

This week, we are exploring the topic of Innovation in Compliance by considering some of the newest business strategies which can be applied by the compliance profession to corporate compliance programs. My inspiration comes from MIT Sloan Management Review Winter Edition. Today, I want to head in a different direction and provide some guidance on getting your organization’s culture right.
As most readers will recall, a very large part of Deputy Attorney General Lisa Monaco’s October 2021 speech dealt with corporate culture. Regarding culture, Vin DiCianni, founder of Affiliated Monitors, Inc. (AMI), said of Monaco’s remarks, the “announcement by Deputy Attorney General Lisa Monaco and the Justice Department reignited the agency’s concentration of corporate and individual liability for white collar crimes. In doing so, she emphasized to businesses, their leadership and the attorneys who represent them on the importance of implementing and maintaining strong effective compliance programs and how DOJ will continue to look at these programs going forward.” In other words, the criticalness of culture is now paramount. Chief Compliance Officers (CCOs) need to focus on growing corporate culture to build the ethical foundation for a successful compliance program.
In the most recent MIT Sloan Management Review issue, Donald Sull and Charles Sull penned an article entitled “10 Things Your Corporate Culture Needs to Get Right”, in which they posited that “knowing what elements of culture matter most to employees can help leaders foster engagement as they transition to a new reality that will include more remote and hybrid work.” It is an excellent review of some of the key elements around corporate culture and how CCOs can move forward to lay the foundation of one.
In the piece the authors explored “What distinguishes a good corporate culture from a bad one in the eyes of employees?” Of course, culture always starts at the top but unfortunately, the authors noted that “an organization’s official core values signal top executives’ cultural aspirations, rather than reflecting the elements of corporate culture that matter most to employees.” It is only by listening to what employees want that you can begin to understand how to improve culture. The authors found 10 key elements of culture that mattered most to employees.

  1. Employees feel respected. Employees are treated with consideration, courtesy, and dignity, and their perspectives are taken seriously. This is by far and away the most important factor and “the single best predictor of a company’s culture score is whether employees feel respected at work. Respect is not only the most important factor, it stands head and shoulders above other cultural elements in terms of its importance. Respect is nearly 18 times as important as the typical feature in our model in predicting a company’s overall culture rating, and almost twice as important as the second most predictive factor.” The implications of this finding go to communications and a speak up culture and how they might be used by a compliance function.
  2. Supportive leaders. Leaders help employees do their work, respond to requests, accommodate employees’ individual needs, offer encouragement, and have their backs. Here the authors found “Employees describe supportive leaders as helping them do their work, being responsive to requests, accommodating employees’ individual needs, offering encouragement, and having their backs. Leaders, of course, influence all aspects of culture, but being a source of support for employees is especially critical and is the leadership trait most closely associated with a highly rated culture.” This ties back into the respect finding and also ties into a speak up culture and trust at an organization.
  3. Leaders live core values. Leaders’ actions are consistent with the organization’s values. While the regulators focus on this issue, employees need to see leaders not simply espousing words but actually doing deeds. Perhaps most interestingly, “Employees don’t expect leaders to live the core values, but they appreciate it when they do.”
  4. Toxic managers. Leaders create a poisonous work environment and are described in extremely negative terms. Nothing will kill culture faster than a toxic manager. From the compliance perspective, this can be a disaster for not only does a toxic manager poison the atmosphere of those around them, but also those who train under him or her will garner their toxic approach as a role model.
  5. Unethical behavior. Managers and employees lack integrity and act in an unethical manner. Once again this can portend a disaster for an organization. Integrity is the cornerstone of most organizations’ official culture and “Identifying toxic leaders, digging deeper to understand the context of their behavior, coaching them, or removing them from leadership positions are tangible actions organizations can take to root out people who are undermining corporate culture and potentially exposing the company to reputational or legal risk.”
  6. Benefits. Employees’ assessment of all employer-provided benefits. While initially this might not seem like a compliance issue, when you look at the DOJ mandate for corporate compliance to be the bearer of institutional justice and institutional fairness you begin to see the connection. Perhaps most interesting is that “benefits are more than twice as important as compensation. Benefits are important for all employees, but which benefits matter most depend on an employee’s job. Health insurance and benefits are a better predictor of culture rating for front-line workers, while retirement benefits such as 401(k) plans and pensions matter more for white-collar employees.”
  7. Perks. Employees’ assessment of workplace amenities and perks. This finding once again calls the CCO around institutional fairness and ties into the importance of talent attraction, acquisition and retention. Here the most interesting item I found for compliance was that “Among perks, company-organized social events are a particularly strong predictor of a high culture score. Even when you control for how employees talk about perks in general, social events like team-building exercises, happy hours, and picnics emerge as a reliable predictor of a high culture score. Organizing social events is a promising and relatively low-cost way executives can reinforce corporate culture as employees return to the office.” This provides insights on ongoing communications about compliance in the post-pandemic world.
  8. Learning and development. Employees’ assessment of opportunities for formal and informal learning. This finding also portends well for compliance in terms of both formal and information compliance training and messaging.
  9. Job security. Perceived job security, including fear of layoffs, offshoring, and automation. Most compliance functions do not consider job security as part of corporate culture. However, the authors note, “Job insecurity, however, weighs heavily on employees’ minds when they assess corporate culture. The larger the percentage of employees who talked about layoffs, outsourcing, or the possibility of getting fired, the lower the company ranked on culture.”
  10. Reorganizations. How employees view reorganizations, including frequency and quality. I found this not too surprising, but the authors did note, “Virtually no one has any good things to say about reorganizations.” Further, “the fewer people who mention reorganizations, the higher a company’s culture score. While you might associate the mention of reorganizations with layoffs and job instability, the data reveals that employee concerns on this issue speak to wider strategic issues for companies.”

CCOs and compliance functions face a series of challenges while navigating the post-COVID-19 return to work. Through corporate culture, companies must maintain a healthy culture as mandated by the DOJ. The authors conclude, “Understanding the elements of culture that matter most to employees can help leaders maintain employee engagement and a vibrant culture as they transition to the new normal.”
Please join us tomorrow where we will look at why you need a career coach in compliance.

Categories
Blog

Innovation in Compliance: Compliance Brand

This week, we are exploring the topic of Innovation in Compliance by considering some of the newest business strategies which can be applied by the compliance profession to corporate compliance programs. My inspiration comes from MIT Sloan Management Review Winter Edition. Today, I want to explore why Chief Compliance Officers (CCOs) and corporate compliance need to move beyond simple trust to engage their stakeholders more fully.
In Moving Beyond Trust: Making Customers Trust, Love, and Respect a Brand, authors Andreas B. Eisingerich, Deborah J. MacInnis, and Martin Fleischmann posit that the most admired brands find innovative ways to enable, entice, and enrich customers. The concepts that the authors put forward should resonate with every CCO and compliance professional. Always remember that as a compliance professional, your customers are your stakeholders, employees, senior management and third parties. If you can go beyond trust to build a brand with them, not simply will your relationship be stronger, but you will finally move to becoming part of the team to get things done.
Brand Admiration
I am still persuaded by David Baldacci and James Patterson who both said in writing masterclasses that your brand is your word. If that is your goal as a compliance professional, its achievement can pay big dividends with your Business Development (BD) folks. As the authors put it, “Positive emotions like gratification from brand usage and pride from brand ownership generate a tight link between the brand and customers. Brand trust, love, and respect don’t just give meaning to customers’ lives; they also create a safe haven where things seem right with the world, especially in turbulent times.” As a compliance professional you might not be able to achieve that, but you can come very close, especially if you are seen as the keeper of institutional justice and institutional fairness at your organization.
Brand Benefits
Customers look at what benefits brands will bring to them, as in ‘What’s in it for me?’ That is almost antithetical to how compliance professionals view a corporate compliance program. A shift in thinking is therefore in order. Indeed, the authors write, “Benefits refers not to what features the product offers or has but rather how it helps customers meet their needs, wants, and goals. As Harvard Business School professor Theodore Levitt famously quipped, customers don’t want a quarter-inch drill; they want a quarter-inch hole. Whereas product features can help realize benefits, the benefits themselves lead customers to the marketplace.” If a compliance function shifts its thinking to this model, it may well portend a different view when compliance comes knocking.
Moreover, what customers want from products and services is similar to what employees want from compliance. “They want benefits that enable, entice, and enrich them. We call these benefit types the 3 E’s.1 Many brands do a good job of offering one type of benefit (usually enabling benefits), but brands that truly resonate with customers stand out by providing all three types. Indeed, our work shows that when combined, the 3 E’s have an exponential effect on enhancing customers’ quality of life and hence the brand’s value to customers.”
Brands Solving Problems
The real key to having compliance seen as a benefit is to help business representatives solve problems “in ways that are economically feasible, reliable, efficient, and convenient.” When a corporate compliance function genuinely enables stakeholders to do business, it removes all negative connotations associated with the compliance department as “The Land of No, headed by Dr. No”. Such states “like frustration, anxiety, fear, impatience, and anger; which inhibit admiration and loyalty” can be overcome and a corporate compliance function can move to “instead foster peace of mind and satisfaction.” How can a compliance function do so?
One manner is through resolving problems. Brands can provide enabling benefits by enabling employees “to solve their problems — both small and large — at work or … in their business relationships.” This in turns gives employee and other stakeholders a greater “sense of agency in solving their problems, they experience a greater sense of control over their environments. This in turn leads to a sense of relief and security from future threats.”
Another manner which might seem less obvious to compliance professionals is through the conservation of resources. Benefits from compliance can also enable employees and other stakeholders differently, “by helping them conserve scarce time and monetary, psychological, and physical resources,” a successful compliance brand helps employees to be less mentally taxed, less tired, and less anxious. As the authors state, “When a brand consistently enables customers over time, they begin to trust the brand. They know that they can rely on it to solve their functional problems and conserve their scarce resources.”
This means that if your compliance function can help make your organization operate more efficiently, it can be a benefit separate and apart from increasing sales. Here the use of data and data analytics can help to lead the way. As the Department of Justice (DOJ) mandated,   compliance must have access to all data across an organization. The data and analysis can be used to make other processes, for example in QuoteToCash (QTC) on the sales side or ProcureToPay (P2P) on the supply side, more efficient, saving not simply physical resources but also the resource of time.
When you think about solving problems with creating more efficiencies and saving employees time, thereby benefiting them with the gift of time, you can begin to see how compliance might be seen in a new light. Whatever specific strategy you might use, compliance can become a successful brand by offering enabling, enticing, and enriching benefits in authentic ways, and becoming an essential and indispensable part of employees and other stakeholder’s lives.
Please join us tomorrow where we will look at the 10 things a corporate culture must get right.

Categories
Blog

Innovation in Compliance: Compliance Ecosystem – Part 2

This week, we are exploring the topic of Innovation in Compliance, through a week of considering  some of the newest business strategies which can be applied by the compliance profession to corporate compliance programs. My inspiration comes from MIT Sloan Management Review Winter Edition. In Setting the Rules of the Road, authors Ulrich Pidun, Martin Reeves, and Niklas Knust posited that putting the right rules in place to orchestrate a platform that creates value for all stakeholders is critical to help in an overall approach to manage risk. I have used their article as a starting point to look at the enhancement of compliance ecosystems. Yesterday we reviewed what is a compliance ecosystem and a framework for considering it. Today we conclude this topic by employing the elements of a framework to deploy four foundational recommendations which can guide Chief Compliance Officers (CCOs) in developing and leading a governance model for a compliance ecosystem.

  1. Align your ecosystem’s governance model with its strategic priorities.

As with all compliance programs, the strategic priorities of your compliance ecosystem will vary by risks, risk management protocol and compliance program maturity. The authors point out that your compliance ecosystem growth, “can be fostered by lowering entry barriers, easing the controls on conduct, and/or offering a more generous distribution of [compliance] value.” Yet the “governance model can help orchestrators maintain the quality of an ecosystem’s offerings.”
If your overall strategic focus is on improving alignment among the stakeholders of a compliance  ecosystem, “the different dimensions of governance can help.” This can include “leveraging several governance dimensions: a common mission, strict technical guidelines and processes for conduct, and administrative decision rights that are assigned to specific users.” The authors conclude, “Nuanced choices regarding the dimensions of governance can help orchestrators simultaneously achieve conflicting objectives,” specifying that there can be low barrier access to the compliance ecosystem “while at the same time ensuring a high level of quality and consistency by centralizing decision rights and using extensive quality checks before approving newly developed apps for the platform.”

  1. Use your governance model to stand apart.

Compliance ecosystem governance serves as a source of competitive advantage. As a CCO, you can develop different governance profiles to differentiate your compliance ecosystem. If your compliance ecosystem is relatively new, you can “adopt an open governance model to counter the network effects enjoyed by incumbents.” The authors caution that it may be an iterative process as your first attempt might not be embraced fully by all stakeholders.
Moreover, while competing ecosystems initially experiment with diverse governance models and use them for competitive differentiation, over time the more successful models eradicate the weaker ones. CCOs learn which governance work best for their organization but then such models may begin to converge. The authors observed, “If one ecosystem gains a competitive advantage by adapting its governance model, others may be forced to do the same to keep up.”

  1. Use governance to ensure social acceptance.

Interestingly, what the authors observed in their study of business ecosystem governance was that good governance could lead to more social acceptance. Typically, in the compliance realm, it is the reverse; that is social acceptance by employees and other stakeholders leads to good governance. This dichotomy is worth exploring for the CCO.
Perhaps, not to surprisingly, the compliance ecosystem approach has not yet been fully embraced by the Department of Justice (DOJ) or Securities and Exchange Commission (SEC) most probably because it is still so cutting edge. However, as with all thing’s compliance, the key when the regulators come knocking is that you have Documented, Documented, and Documented your efforts in this area. But even beyond the regulatory review and enforcement arena, a lack of trust between the compliance function and stakeholders can lead to a compliance ecosystem failure.
Moreover, good governance is a prerequisite for building social capital and securing the social legitimacy required by a compliance ecosystem. The authors state, “the governance model must be designed to engender and maintain social acceptance, as well as legal compliance, over the long term and in the face of changing demands. Superior governance, understood in this way, must be consistent and fair.” This sounds precisely like what the DOJ mandated in the Update to the Evaluation of Corporate Compliance Programs as CCOs and the compliance function is now the guardian of institutional justice and institutional fairness. The authors take it a step further arguing, “Consistency means that the mechanisms of governance are transparent and easy to understand, comprehensive, internally consistent, and stable over time.” Finally, the authors believe, “Fairness means that governance complies with corporate policies and legal requirements, avoids biases and creates trust among employees and other stakeholders.”

  1. Adapt your governance model over time.

The authors state, “Adaptability is a key strength of a successful ecosystem. Typically, this adaptability stems from a modular setup that features a stable core (or platform) and interfaces, with highly variable components that can be easily added or subtracted. This enables ecosystems to evolve along with changes in the competitive environment, the needs of orchestrators and participants, social mores, and technology. This same kind of adaptability must also be reflected in the governance model of an ecosystem.” I quote this statement in its entirety because it is a longer way of saying that continuous monitoring leads to continuous improvement. Your compliance program must evolve as do each of the components within it. This would also include the governance of your compliance ecosystem.
As compliance ecosystems become more widespread and evolve, the quality of their governance is an increasingly important success factor. The authors drive home the point that all compliance practitioners understand, “there is no single best way to design your governance model: It will be contingent on the strategic priorities, competitive dynamics, societal demands, and life-cycle stage of the ecosystem.” In other words, assess your own risks in creating your compliance ecosystem and then manage your risks through it.
A CCO should not treat governance as “an afterthought but should instead think through and actively design the governance model.” You need to understand the benefits and risks of aligning “governance and strategy, and resolve strategic trade-offs by balancing the different dimensions of governance.” You ought to put yourself into the shoes of ecosystem stakeholders and  employees to understand the impact of your governance decisions on their incentives to participate and contribute. You will have to adapt your governance model over time to react to changes in user preferences, technology, competition, and strategy. Finally, remember “Good governance is an essential key to the success of both ecosystem orchestrators and their partners.”
Please join us tomorrow where we will look at moving beyond trust in your compliance regime.

Categories
Blog

Innovation in Compliance: Compliance Ecosystem – Part 1

I just delivered to LexisNexis the edits for the next edition of The Compliance Handbook, the single definitive one author volume on the design, creation, implementation and enhancement of a best practices compliance program. It will appear later in 2022. One thing that struck me in updating this seminal work is the innovation that has occurred and continues to drive the compliance profession. In addition to the evolution of the Department of Justice (DOJ) in its thinking about what constitutes a best practices compliance, the tools and strategies used by compliance professionals continues to evolve through innovation. I decided it was time to have another Innovation in Compliance Week to look at some of the newest business strategies which can be applied by the compliance profession to corporate compliance programs. My inspiration comes from MIT Sloan Management Review Winter Edition. Today, I want to consider platforms for compliance ecosystems.
In Setting the Rules of the Road, authors Ulrich Pidun, Martin Reeves, and Niklas Knust posited that putting the right rules in place to orchestrate a platform that creates value for all stakeholders is critical to help in an overall approach to manage risk. I have used their article as a starting point to look at the enhancement of compliance ecosystems.
What is a Compliance Ecosystem?
If you have ever sat in the Chief Compliance Officer (CCO) chair you know that your life is constantly juggling multiple balls in the air at once. Perhaps my favorite metaphor is fixing or even swapping out jet engines while flying at 400 MHP at 35,000 ft. Moreover, in the corporate world think about all the other disciplines compliance touches or should touch. For instance, how many touch points are the in the Human Resources (HR) sphere around compliance? I submit there are client touchpoints at each step the HR lifecycle of employment for any person in any organization. The same is true for the entire sales cycle and the procurement cycle. Compliance should work in each of those ecosystems to operationalize compliance more fully by adding value through increased business efficiencies, not bureaucratic burdens.
There is another way that this ecosystem approach can make your compliance program more effective. Think about the third parties your company has on both the sales and supply chain side. If you could work to create a closer ecosystem with those stakeholders from the compliance perspective, it would not only make the business relationship stronger but also make the entire business process more efficient.
Compliance has undergone a paradigm shift as a result of technological and digital innovation. CCOs  who cannot interpret the data from their own systems will likely find themselves consigned to the dustbin of corporate luddites. Compliance will be moving into a new era of collaboration and connection to more fully operationalize compliance to make all business stakeholders more efficient and, at the end of the day, more profitable.
The authors found that many ecosystem failures stem from their governance models; that is, “the explicit and/or implicit structures, rules, and practices that frame and direct the behavior and interplay of ecosystem” stakeholders. The authors noted a variety of reasons for these failures including conflicts among ecosystem partners, backlash from internal stakeholders or government regulators are other indicators of governance flaws that can bring down an ecosystem. The key for CCOs in trying to establish compliance ecosystems is to “understand the components of a comprehensive governance model and glean insights from ecosystem successes and failures can make more informed and explicit governance decisions.” As the authors note, in doing so, CCOs can “improve the odds that their” compliance ecosystems will survive and prosper over the long term.
Compliance Ecosystem Framework
Good governance supports a compliance ecosystem’s ability to create value, manage risk, and optimize both efficiency and return among its stakeholders. To lead in support of these ends and capture a competitive advantage, CCOs must systematically think through and actively design what the authors denote as five elements of an ecosystem governance model. I have adapted their framework for a corporate compliance program.
Mission. There must be engagement so there is a strong sense of shared mission to keep compliance ecosystem partners moving forward. CCOs should identify a clear and distinctive compliance purpose early in the ecosystem “development and anchor it in a well-articulated set of values can motivate and align partners, particularly when this involves solving a significant problem or making an important contribution to society.” This can also “encourage desirable behaviors without undue reliance on complex rules and written standards.”
Access. CCOs should begin with stakeholders who agree to certain standards and behaviors regarding the compliance ecosystem. “The rules governing access also can help determine partner commitment by requiring an investment or offering an incentive for joining the ecosystem and/or defining the level of exclusivity that partners must provide to the ecosystem.” This investment can be with people or time but investment + engagement means increased buy in.
Participation. “The degree to which partners are invited to contribute to the formulation of ecosystem governance and strategy over time. It also includes the rules for conflict resolution among ecosystem stakeholders.” Some type of Fair Process Doctrine is critical here as “stakeholders need a clear view into the rules and strategy of a [compliance] ecosystem to actively participate in it and determine their own strategies”. Through stakeholder engagement and participation “governance and strategy can bolster their commitment and willingness to invest resources in an ecosystem.”
Conduct. This component of the framework is more technical as your compliance ecosystem should have a strong tech element. This allows CCOs to “directly influence the behavior of participants in their ecosystem using input control, process control, and output control. Input control, which is often automated using application programming interfaces (APIs) or integrated development environments, specifies the requirements for the partners’ contributions to the ecosystem, including standards and instruments of quality control and the approval of new contributions.”
Sharing. The final building block of ecosystem governance defines the data and property rights of stakeholders. The authors note, “data and property rights regulate ownership and use of the data and intellectual property that are contributed to — or created within — the [compliance] ecosystem.” This can work to allow a wide variety of outcomes across disparate business lines or units, geo-regions or service/product offerings.
Join us tomorrow where I will employ these elements to counsel four foundational recommendations that can guide CCOs in developing and leading a compliance ecosystem.

Categories
This Week in FCPA

Episode 290 – the Super Sunday Edition


Super Sunday is here. The NFL finally gets the game in the spotlight after weeks of brutal PR. Who ya got? “Who Dey” or Hollywood? Tom and Jay are back look at some of the week’s top compliance and ethics stories this week in the Super Sunday edition.

 Stories

1.     Do compliance professionals need a union? Dick Cassin in the FCPA Blog.
2.     Jailed employees under the FCPA. Bill Jacobsen explores in the FCPA Blog.
3.     New workplace normal for policies and training. Ingrid Freeden in Risk and Compliance Matters.
4.     New SOE risk management framework.  Alexandra Gillies and Thomas Shipley in the FCPA Blog.
5.     3 questions from KPMG and Carillion tribunal. Neil Hodge in Compliance Week(sub req’d)
6.     SFO investigation protocol announced. Mengqi Sun in the WSJ Risk and Compliance Journal.
7.     Companies yet again ask EU for rules around ESG. Lawrence Heim in practicalESG.
8.     CCOs say self-reporting a hard sell. Evren Esen in CCI.
9.     What comes next for ABC and the Olympics? Andy Spalding in GAB.
10.  The Spotify imbroglio. Matt Kelly with a 2-parter in Radical Compliance, Part 1 and Part 2.

 Podcasts and More

11.  In February on The Compliance Life, I visit with Ellen Smith, a former Director of Trade Compliance who recently started her own consulting firm. In Part 1, she discussed her academic background and early professional career. InPart 2, Ellen moves in-house.
12.  Tom and Richard Lummis begin their annual review of Best Picturing winning movies on 12 O’Clock High, a podcast on business leadership. In Part 1 they review Schindler’s List for leadership and ethical lessons. Upcoming episodes will look at Gladiator, A Man for All Seasons and Platoon.
13.  CCI releases new e-book from Tom “FCPA 2021 Year in Review”. Available free from CCI.
14.  Trial of the Century-the Enron Trial. This week, Tom premiered a 5-part podcast series on the Enron Trial with Loren Steffy, who covered the trial for the Houston Chronicle. In Part 1, run up to the trial. In Part 2, the trial begins. In Part 3, the star witnesses and key testimony. In Part 4, the Verdict comes in. In Part 5, what did it all mean. It is be available on the Compliance Podcast Network, Megaphone, iTunes, Spotify and all other top podcast platforms.
15.  In a special 2-part series on the Sunday Book Review, Tom looks at the Notre Dame Deloitte Center for Ethical Leadership’s top books on ethical leadership from 2021. Part 1 and Part 2.
Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.

Categories
The Compliance Life

Valerie Charles – CCOs and the Compliance Profession Down the Road


The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What are some of the skills a CCO needs to success navigate the compliance waters in any company? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Valerie Charles, partner at StoneTurn. We discuss Valerie’s journey to the CCO chair, then to a ComTech start up, to her current role at StoneTurn and look down the road at where ComTech and compliance will be in 2025 and beyond.
In this concluding episode, Valerie looks down the road at the compliance function. She believes there will be increased use of ComTech by compliance functions. Moreover, CCOs and compliance professionals will need learn how to use data and become more comfortable in leveraging data for insights to help prevent, detect and remediate corporate conduct. The corporate compliance function will become even more important in the corporate setting as it will bring together various corporate functions such as legal, HR and IT into collaborative actions.
Resources
Valerie Charles LinkedIn Profile
Valerie Charles at StoneTurn