Almost all of the world has condemned the Russian invasion of the Ukraine and I will add my small voice to that condemnation. In trying to choose what to write, I did not want to emphasize the better the geopolitical commentary, so I decided to focus on how this invasion and its attendant fallout might impact compliance professionals and programs. At this point Russia has limited its attacks to Ukraine but my fear as more EU, other Western allies and the US respond with arms and technical support to the Ukraine government and army, we might see Russia unleash its cyber warfare specialists on those who are supporting Ukraine with material and other support. This week I am going to write about some of the issues a Chief Compliance Officer (CCO) needs to think about now. Today, I consider Russia.
The list of sanctions is growing as the situation on the ground becomes more intense and dynamic, so you need to be in constant contact with your operations, sales and supply chain functions. At this point, you should probably add Belarus to that list as they appear to be the only other country actively supporting Russia at this point. Given the US, EU and UK sanctions that have been levied and likely will be sanctioned over the next few days and weeks, at this point your organization probably needs to prepare for a full ban on sales from your organization into Russia. Russia (and Belarus) appears to be headed to the same list as North Korea and Iran and your business needs to ready.
Know Your Customer
One of the first thing every CCO needs to do right now is determine what goods, products or services flow from, through or to Russia. This means knowing who your customers are and where they are located. If you have not stopped selling to any Russian companies now you probably need to stop tomorrow. But this inquiry does not stop or even start at the Russian border. It means any products which might go into Russia through any of your sales channels. Do you have distributors? What countries are they in? Same inquiry for resellers. Any entity that can get your company’s products into Russia needs to be determined now. Make preparations now to cease all business.
Time for your legal department to start looking at every force majeure clause in every contract. Because of where I live, I have looked at force majeure clauses almost every hurricane season and I cannot remember one that did not include a war clause. I rewrote many such clauses to make such pandemic and other health emergencies covered. But your corporate legal department needs to be ready to invoke them under the war clause.
Who is in Your Supply Chain?
The same level of inquiry you put into KYC right now should go into your Supply Chain. Obviously if you have suppliers in Russia, you need to be prepared to jettison that relationship. However even if you do not formally or legally terminate those relationships, your organization needs to be ready for serious disruptions for any components you may be depending on for your company’s products. But once again it is not simply your direct suppliers. If you have never done a deep dive into at least five levels of your supply chain, NOW is the time do so. If there are base materials or component parts coming to your organization from that part of the world anywhere in your supply chain, you had best appreciate that risk sooner rather than later. The Financial Times (FT) has reported that Russia “is also an important source of metals used in manufacturing such as nickel, titanium, palladium and aluminium. Titanium is needed by aircraft and aero-engine manufacturers such as Boeing, Airbus and Rolls-Royce, while palladium is used in catalytic converters, electrodes and electronics.” Indeed, 14% of the world’s aluminium comes from Russia.
Even if you can still have the parts manufactured, you still must bring them to your manufacturing facilities, either in the US or Europe. Thomas L. Friedman, writing in the New York Times (NYT), said, “if Poland just halts truck and rail traffic from Russia to Germany, “as it should,” it would create immediate havoc for Russia’s economy, because the alternative routes are complicated and need to go through a now very dangerous Ukraine. Anyone up for an anti-Putin trucker strike to prevent Russian goods going to and through Western Europe by way of Poland? Watch that space. Some super-empowered Polish citizens with a few roadblocks, pickups and smartphones could choke Russia’s whole economy in this wired world.” If the fighting continues much longer, we will begin to see major transportation disruptions spreading not only from Russia and Ukraine but also to eastern Europe.
Third Parties
At this point, I hope that ever CCO knows who their third-party sales agents are and that they are monitored on a regular basis. I also hope this same level of knowledge extends down to other third parties such as distributors, joint venture (JV) partners or other types of business relationships in Russia. Indeed the Washington Post announced BP was pulling out of its JV with Rosneft. But more than simply those direct relationships, you can sell your organization’s products into Russia through resale. When was the last time, you looked at your End User report? If it has been more than a few months, I would suggest that you move such a review to the top of your list early this week.
Every multinational organization needs to be fully engaged on these matters and a host of others. Michael Peregrine, writing in Forbes.com last week, said that corporate boards can perform the dual role of both governance and providing support to senior management. Indeed, they may well be obligated to do so. For every CCO reading this I would suggest you call the head of your compliance committee, tell them what you are doing, see what information they want and ask what resources they might be able to provide to you now.
Tomorrow, I will review some issues when looking at Ukraine.
Tag: CCO
Super Sunday passed with fun but poorly played, poorly officiated, and poorly coached. Tom and Jay are back to look at some of the week’s top compliance and ethics stories this week in the Rams Win It All Edition.
Stories
- Ericsson is in more FCPA trouble. Mengqi Sun in the WSJ Risk and Compliance Journal. Aaron Nicodemus in Compliance Week. (sub req’d)
- DD impeding compliance in developing markets? Katya Lysova explores in the FCPA Blog.
- ESG-no longer a nice to have. Karen Alonardo in Risk and Compliance Matters.
- State AGs are waiting. Ashley Taylor and Chris Carlson in CCI.
- The latest case on CCO liability. Matt Kelly in Radical Compliance.
- Broken windows and compliance enforcement. Anthony O’Reilly in Compliance and Enforcement.
- Companies yet again ask the EU for rules around ESG. Lawrence Heim inpracticalESG.
- White-collar enforcement trends in 2021. Jamie Rosenberg in Grand Jury Target.
- HP-Autonomy from the auditors’ perspective. Francine McKenna in The Dig.
- South African courts deny Zuma’s attempt to remove the SA corruption prosecutor. Rick Messick in GAB.
Podcasts and More
- In February on The Compliance Life, I visited Ellen Smith, a former Director of Trade Compliance who recently started her consulting firm. In Part 1, she discussed her academic background and early professional career. In Part 2, Ellen discussed her move in-house. In Part 3, Ellen discusses being a part of the Compliance Dream Team at Weatherford.
- Tom and Richard Lummis are in the middle of their annual review of Best Picturing winning movies on 12 O’Clock High, a podcast on business leadership. Part 1 reviews Schindler’s List for leadership and ethical lessons. In Part 2, the look at Gladiator.
- CCI releases a new e-book from Mike Volkov, “Compliance Culture Revolution.” Available free from CCI.
- Tom looks at some innovation in compliance with a 3-part blog post series in the FCPA Compliance and Ethics Blog. Topics include Compliance Ecosystem Governance, Compliance Branding, Building Culture & Compliance Coaching.
- Are you a Star Wars fan? How about an uber-Geek? You will love the 5-part series appearing next week on the Greeting and Felicitations podcast series on the Compliance Podcast Network if you are either or both. In this series, Tom visits astrophysicist Dr. Ben Locwin on the following topics: Traveling in Hyperspace, Fighting with a Light Saber, Mechanical Prosthetics, Cyborgs and Robots, and the Death Star. It is a ton of fun, and you will love it. Each episode will post at 10 each day next week. Check it out daily.
Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.
This week, we are exploring the topic of Innovation in Compliance by considering some of the newest business strategies which can be applied by the compliance profession to corporate compliance programs. My inspiration comes from MIT Sloan Management Review Winter Edition. Today, I want to head in a different direction and provide some guidance on getting your organization’s culture right.
As most readers will recall, a very large part of Deputy Attorney General Lisa Monaco’s October 2021 speech dealt with corporate culture. Regarding culture, Vin DiCianni, founder of Affiliated Monitors, Inc. (AMI), said of Monaco’s remarks, the “announcement by Deputy Attorney General Lisa Monaco and the Justice Department reignited the agency’s concentration of corporate and individual liability for white collar crimes. In doing so, she emphasized to businesses, their leadership and the attorneys who represent them on the importance of implementing and maintaining strong effective compliance programs and how DOJ will continue to look at these programs going forward.” In other words, the criticalness of culture is now paramount. Chief Compliance Officers (CCOs) need to focus on growing corporate culture to build the ethical foundation for a successful compliance program.
In the most recent MIT Sloan Management Review issue, Donald Sull and Charles Sull penned an article entitled “10 Things Your Corporate Culture Needs to Get Right”, in which they posited that “knowing what elements of culture matter most to employees can help leaders foster engagement as they transition to a new reality that will include more remote and hybrid work.” It is an excellent review of some of the key elements around corporate culture and how CCOs can move forward to lay the foundation of one.
In the piece the authors explored “What distinguishes a good corporate culture from a bad one in the eyes of employees?” Of course, culture always starts at the top but unfortunately, the authors noted that “an organization’s official core values signal top executives’ cultural aspirations, rather than reflecting the elements of corporate culture that matter most to employees.” It is only by listening to what employees want that you can begin to understand how to improve culture. The authors found 10 key elements of culture that mattered most to employees.
- Employees feel respected. Employees are treated with consideration, courtesy, and dignity, and their perspectives are taken seriously. This is by far and away the most important factor and “the single best predictor of a company’s culture score is whether employees feel respected at work. Respect is not only the most important factor, it stands head and shoulders above other cultural elements in terms of its importance. Respect is nearly 18 times as important as the typical feature in our model in predicting a company’s overall culture rating, and almost twice as important as the second most predictive factor.” The implications of this finding go to communications and a speak up culture and how they might be used by a compliance function.
- Supportive leaders. Leaders help employees do their work, respond to requests, accommodate employees’ individual needs, offer encouragement, and have their backs. Here the authors found “Employees describe supportive leaders as helping them do their work, being responsive to requests, accommodating employees’ individual needs, offering encouragement, and having their backs. Leaders, of course, influence all aspects of culture, but being a source of support for employees is especially critical and is the leadership trait most closely associated with a highly rated culture.” This ties back into the respect finding and also ties into a speak up culture and trust at an organization.
- Leaders live core values. Leaders’ actions are consistent with the organization’s values. While the regulators focus on this issue, employees need to see leaders not simply espousing words but actually doing deeds. Perhaps most interestingly, “Employees don’t expect leaders to live the core values, but they appreciate it when they do.”
- Toxic managers. Leaders create a poisonous work environment and are described in extremely negative terms. Nothing will kill culture faster than a toxic manager. From the compliance perspective, this can be a disaster for not only does a toxic manager poison the atmosphere of those around them, but also those who train under him or her will garner their toxic approach as a role model.
- Unethical behavior. Managers and employees lack integrity and act in an unethical manner. Once again this can portend a disaster for an organization. Integrity is the cornerstone of most organizations’ official culture and “Identifying toxic leaders, digging deeper to understand the context of their behavior, coaching them, or removing them from leadership positions are tangible actions organizations can take to root out people who are undermining corporate culture and potentially exposing the company to reputational or legal risk.”
- Benefits. Employees’ assessment of all employer-provided benefits. While initially this might not seem like a compliance issue, when you look at the DOJ mandate for corporate compliance to be the bearer of institutional justice and institutional fairness you begin to see the connection. Perhaps most interesting is that “benefits are more than twice as important as compensation. Benefits are important for all employees, but which benefits matter most depend on an employee’s job. Health insurance and benefits are a better predictor of culture rating for front-line workers, while retirement benefits such as 401(k) plans and pensions matter more for white-collar employees.”
- Perks. Employees’ assessment of workplace amenities and perks. This finding once again calls the CCO around institutional fairness and ties into the importance of talent attraction, acquisition and retention. Here the most interesting item I found for compliance was that “Among perks, company-organized social events are a particularly strong predictor of a high culture score. Even when you control for how employees talk about perks in general, social events like team-building exercises, happy hours, and picnics emerge as a reliable predictor of a high culture score. Organizing social events is a promising and relatively low-cost way executives can reinforce corporate culture as employees return to the office.” This provides insights on ongoing communications about compliance in the post-pandemic world.
- Learning and development. Employees’ assessment of opportunities for formal and informal learning. This finding also portends well for compliance in terms of both formal and information compliance training and messaging.
- Job security. Perceived job security, including fear of layoffs, offshoring, and automation. Most compliance functions do not consider job security as part of corporate culture. However, the authors note, “Job insecurity, however, weighs heavily on employees’ minds when they assess corporate culture. The larger the percentage of employees who talked about layoffs, outsourcing, or the possibility of getting fired, the lower the company ranked on culture.”
- Reorganizations. How employees view reorganizations, including frequency and quality. I found this not too surprising, but the authors did note, “Virtually no one has any good things to say about reorganizations.” Further, “the fewer people who mention reorganizations, the higher a company’s culture score. While you might associate the mention of reorganizations with layoffs and job instability, the data reveals that employee concerns on this issue speak to wider strategic issues for companies.”
CCOs and compliance functions face a series of challenges while navigating the post-COVID-19 return to work. Through corporate culture, companies must maintain a healthy culture as mandated by the DOJ. The authors conclude, “Understanding the elements of culture that matter most to employees can help leaders maintain employee engagement and a vibrant culture as they transition to the new normal.”
Please join us tomorrow where we will look at why you need a career coach in compliance.
Categories
Innovation in Compliance: Compliance Brand
This week, we are exploring the topic of Innovation in Compliance by considering some of the newest business strategies which can be applied by the compliance profession to corporate compliance programs. My inspiration comes from MIT Sloan Management Review Winter Edition. Today, I want to explore why Chief Compliance Officers (CCOs) and corporate compliance need to move beyond simple trust to engage their stakeholders more fully.
In Moving Beyond Trust: Making Customers Trust, Love, and Respect a Brand, authors Andreas B. Eisingerich, Deborah J. MacInnis, and Martin Fleischmann posit that the most admired brands find innovative ways to enable, entice, and enrich customers. The concepts that the authors put forward should resonate with every CCO and compliance professional. Always remember that as a compliance professional, your customers are your stakeholders, employees, senior management and third parties. If you can go beyond trust to build a brand with them, not simply will your relationship be stronger, but you will finally move to becoming part of the team to get things done.
Brand Admiration
I am still persuaded by David Baldacci and James Patterson who both said in writing masterclasses that your brand is your word. If that is your goal as a compliance professional, its achievement can pay big dividends with your Business Development (BD) folks. As the authors put it, “Positive emotions like gratification from brand usage and pride from brand ownership generate a tight link between the brand and customers. Brand trust, love, and respect don’t just give meaning to customers’ lives; they also create a safe haven where things seem right with the world, especially in turbulent times.” As a compliance professional you might not be able to achieve that, but you can come very close, especially if you are seen as the keeper of institutional justice and institutional fairness at your organization.
Brand Benefits
Customers look at what benefits brands will bring to them, as in ‘What’s in it for me?’ That is almost antithetical to how compliance professionals view a corporate compliance program. A shift in thinking is therefore in order. Indeed, the authors write, “Benefits refers not to what features the product offers or has but rather how it helps customers meet their needs, wants, and goals. As Harvard Business School professor Theodore Levitt famously quipped, customers don’t want a quarter-inch drill; they want a quarter-inch hole. Whereas product features can help realize benefits, the benefits themselves lead customers to the marketplace.” If a compliance function shifts its thinking to this model, it may well portend a different view when compliance comes knocking.
Moreover, what customers want from products and services is similar to what employees want from compliance. “They want benefits that enable, entice, and enrich them. We call these benefit types the 3 E’s.1 Many brands do a good job of offering one type of benefit (usually enabling benefits), but brands that truly resonate with customers stand out by providing all three types. Indeed, our work shows that when combined, the 3 E’s have an exponential effect on enhancing customers’ quality of life and hence the brand’s value to customers.”
Brands Solving Problems
The real key to having compliance seen as a benefit is to help business representatives solve problems “in ways that are economically feasible, reliable, efficient, and convenient.” When a corporate compliance function genuinely enables stakeholders to do business, it removes all negative connotations associated with the compliance department as “The Land of No, headed by Dr. No”. Such states “like frustration, anxiety, fear, impatience, and anger; which inhibit admiration and loyalty” can be overcome and a corporate compliance function can move to “instead foster peace of mind and satisfaction.” How can a compliance function do so?
One manner is through resolving problems. Brands can provide enabling benefits by enabling employees “to solve their problems — both small and large — at work or … in their business relationships.” This in turns gives employee and other stakeholders a greater “sense of agency in solving their problems, they experience a greater sense of control over their environments. This in turn leads to a sense of relief and security from future threats.”
Another manner which might seem less obvious to compliance professionals is through the conservation of resources. Benefits from compliance can also enable employees and other stakeholders differently, “by helping them conserve scarce time and monetary, psychological, and physical resources,” a successful compliance brand helps employees to be less mentally taxed, less tired, and less anxious. As the authors state, “When a brand consistently enables customers over time, they begin to trust the brand. They know that they can rely on it to solve their functional problems and conserve their scarce resources.”
This means that if your compliance function can help make your organization operate more efficiently, it can be a benefit separate and apart from increasing sales. Here the use of data and data analytics can help to lead the way. As the Department of Justice (DOJ) mandated, compliance must have access to all data across an organization. The data and analysis can be used to make other processes, for example in QuoteToCash (QTC) on the sales side or ProcureToPay (P2P) on the supply side, more efficient, saving not simply physical resources but also the resource of time.
When you think about solving problems with creating more efficiencies and saving employees time, thereby benefiting them with the gift of time, you can begin to see how compliance might be seen in a new light. Whatever specific strategy you might use, compliance can become a successful brand by offering enabling, enticing, and enriching benefits in authentic ways, and becoming an essential and indispensable part of employees and other stakeholder’s lives.
Please join us tomorrow where we will look at the 10 things a corporate culture must get right.
This week, we are exploring the topic of Innovation in Compliance, through a week of considering some of the newest business strategies which can be applied by the compliance profession to corporate compliance programs. My inspiration comes from MIT Sloan Management Review Winter Edition. In Setting the Rules of the Road, authors Ulrich Pidun, Martin Reeves, and Niklas Knust posited that putting the right rules in place to orchestrate a platform that creates value for all stakeholders is critical to help in an overall approach to manage risk. I have used their article as a starting point to look at the enhancement of compliance ecosystems. Yesterday we reviewed what is a compliance ecosystem and a framework for considering it. Today we conclude this topic by employing the elements of a framework to deploy four foundational recommendations which can guide Chief Compliance Officers (CCOs) in developing and leading a governance model for a compliance ecosystem.
- Align your ecosystem’s governance model with its strategic priorities.
As with all compliance programs, the strategic priorities of your compliance ecosystem will vary by risks, risk management protocol and compliance program maturity. The authors point out that your compliance ecosystem growth, “can be fostered by lowering entry barriers, easing the controls on conduct, and/or offering a more generous distribution of [compliance] value.” Yet the “governance model can help orchestrators maintain the quality of an ecosystem’s offerings.”
If your overall strategic focus is on improving alignment among the stakeholders of a compliance ecosystem, “the different dimensions of governance can help.” This can include “leveraging several governance dimensions: a common mission, strict technical guidelines and processes for conduct, and administrative decision rights that are assigned to specific users.” The authors conclude, “Nuanced choices regarding the dimensions of governance can help orchestrators simultaneously achieve conflicting objectives,” specifying that there can be low barrier access to the compliance ecosystem “while at the same time ensuring a high level of quality and consistency by centralizing decision rights and using extensive quality checks before approving newly developed apps for the platform.”
- Use your governance model to stand apart.
Compliance ecosystem governance serves as a source of competitive advantage. As a CCO, you can develop different governance profiles to differentiate your compliance ecosystem. If your compliance ecosystem is relatively new, you can “adopt an open governance model to counter the network effects enjoyed by incumbents.” The authors caution that it may be an iterative process as your first attempt might not be embraced fully by all stakeholders.
Moreover, while competing ecosystems initially experiment with diverse governance models and use them for competitive differentiation, over time the more successful models eradicate the weaker ones. CCOs learn which governance work best for their organization but then such models may begin to converge. The authors observed, “If one ecosystem gains a competitive advantage by adapting its governance model, others may be forced to do the same to keep up.”
- Use governance to ensure social acceptance.
Interestingly, what the authors observed in their study of business ecosystem governance was that good governance could lead to more social acceptance. Typically, in the compliance realm, it is the reverse; that is social acceptance by employees and other stakeholders leads to good governance. This dichotomy is worth exploring for the CCO.
Perhaps, not to surprisingly, the compliance ecosystem approach has not yet been fully embraced by the Department of Justice (DOJ) or Securities and Exchange Commission (SEC) most probably because it is still so cutting edge. However, as with all thing’s compliance, the key when the regulators come knocking is that you have Documented, Documented, and Documented your efforts in this area. But even beyond the regulatory review and enforcement arena, a lack of trust between the compliance function and stakeholders can lead to a compliance ecosystem failure.
Moreover, good governance is a prerequisite for building social capital and securing the social legitimacy required by a compliance ecosystem. The authors state, “the governance model must be designed to engender and maintain social acceptance, as well as legal compliance, over the long term and in the face of changing demands. Superior governance, understood in this way, must be consistent and fair.” This sounds precisely like what the DOJ mandated in the Update to the Evaluation of Corporate Compliance Programs as CCOs and the compliance function is now the guardian of institutional justice and institutional fairness. The authors take it a step further arguing, “Consistency means that the mechanisms of governance are transparent and easy to understand, comprehensive, internally consistent, and stable over time.” Finally, the authors believe, “Fairness means that governance complies with corporate policies and legal requirements, avoids biases and creates trust among employees and other stakeholders.”
- Adapt your governance model over time.
The authors state, “Adaptability is a key strength of a successful ecosystem. Typically, this adaptability stems from a modular setup that features a stable core (or platform) and interfaces, with highly variable components that can be easily added or subtracted. This enables ecosystems to evolve along with changes in the competitive environment, the needs of orchestrators and participants, social mores, and technology. This same kind of adaptability must also be reflected in the governance model of an ecosystem.” I quote this statement in its entirety because it is a longer way of saying that continuous monitoring leads to continuous improvement. Your compliance program must evolve as do each of the components within it. This would also include the governance of your compliance ecosystem.
As compliance ecosystems become more widespread and evolve, the quality of their governance is an increasingly important success factor. The authors drive home the point that all compliance practitioners understand, “there is no single best way to design your governance model: It will be contingent on the strategic priorities, competitive dynamics, societal demands, and life-cycle stage of the ecosystem.” In other words, assess your own risks in creating your compliance ecosystem and then manage your risks through it.
A CCO should not treat governance as “an afterthought but should instead think through and actively design the governance model.” You need to understand the benefits and risks of aligning “governance and strategy, and resolve strategic trade-offs by balancing the different dimensions of governance.” You ought to put yourself into the shoes of ecosystem stakeholders and employees to understand the impact of your governance decisions on their incentives to participate and contribute. You will have to adapt your governance model over time to react to changes in user preferences, technology, competition, and strategy. Finally, remember “Good governance is an essential key to the success of both ecosystem orchestrators and their partners.”
Please join us tomorrow where we will look at moving beyond trust in your compliance regime.
I just delivered to LexisNexis the edits for the next edition of The Compliance Handbook, the single definitive one author volume on the design, creation, implementation and enhancement of a best practices compliance program. It will appear later in 2022. One thing that struck me in updating this seminal work is the innovation that has occurred and continues to drive the compliance profession. In addition to the evolution of the Department of Justice (DOJ) in its thinking about what constitutes a best practices compliance, the tools and strategies used by compliance professionals continues to evolve through innovation. I decided it was time to have another Innovation in Compliance Week to look at some of the newest business strategies which can be applied by the compliance profession to corporate compliance programs. My inspiration comes from MIT Sloan Management Review Winter Edition. Today, I want to consider platforms for compliance ecosystems.
In Setting the Rules of the Road, authors Ulrich Pidun, Martin Reeves, and Niklas Knust posited that putting the right rules in place to orchestrate a platform that creates value for all stakeholders is critical to help in an overall approach to manage risk. I have used their article as a starting point to look at the enhancement of compliance ecosystems.
What is a Compliance Ecosystem?
If you have ever sat in the Chief Compliance Officer (CCO) chair you know that your life is constantly juggling multiple balls in the air at once. Perhaps my favorite metaphor is fixing or even swapping out jet engines while flying at 400 MHP at 35,000 ft. Moreover, in the corporate world think about all the other disciplines compliance touches or should touch. For instance, how many touch points are the in the Human Resources (HR) sphere around compliance? I submit there are client touchpoints at each step the HR lifecycle of employment for any person in any organization. The same is true for the entire sales cycle and the procurement cycle. Compliance should work in each of those ecosystems to operationalize compliance more fully by adding value through increased business efficiencies, not bureaucratic burdens.
There is another way that this ecosystem approach can make your compliance program more effective. Think about the third parties your company has on both the sales and supply chain side. If you could work to create a closer ecosystem with those stakeholders from the compliance perspective, it would not only make the business relationship stronger but also make the entire business process more efficient.
Compliance has undergone a paradigm shift as a result of technological and digital innovation. CCOs who cannot interpret the data from their own systems will likely find themselves consigned to the dustbin of corporate luddites. Compliance will be moving into a new era of collaboration and connection to more fully operationalize compliance to make all business stakeholders more efficient and, at the end of the day, more profitable.
The authors found that many ecosystem failures stem from their governance models; that is, “the explicit and/or implicit structures, rules, and practices that frame and direct the behavior and interplay of ecosystem” stakeholders. The authors noted a variety of reasons for these failures including conflicts among ecosystem partners, backlash from internal stakeholders or government regulators are other indicators of governance flaws that can bring down an ecosystem. The key for CCOs in trying to establish compliance ecosystems is to “understand the components of a comprehensive governance model and glean insights from ecosystem successes and failures can make more informed and explicit governance decisions.” As the authors note, in doing so, CCOs can “improve the odds that their” compliance ecosystems will survive and prosper over the long term.
Compliance Ecosystem Framework
Good governance supports a compliance ecosystem’s ability to create value, manage risk, and optimize both efficiency and return among its stakeholders. To lead in support of these ends and capture a competitive advantage, CCOs must systematically think through and actively design what the authors denote as five elements of an ecosystem governance model. I have adapted their framework for a corporate compliance program.
Mission. There must be engagement so there is a strong sense of shared mission to keep compliance ecosystem partners moving forward. CCOs should identify a clear and distinctive compliance purpose early in the ecosystem “development and anchor it in a well-articulated set of values can motivate and align partners, particularly when this involves solving a significant problem or making an important contribution to society.” This can also “encourage desirable behaviors without undue reliance on complex rules and written standards.”
Access. CCOs should begin with stakeholders who agree to certain standards and behaviors regarding the compliance ecosystem. “The rules governing access also can help determine partner commitment by requiring an investment or offering an incentive for joining the ecosystem and/or defining the level of exclusivity that partners must provide to the ecosystem.” This investment can be with people or time but investment + engagement means increased buy in.
Participation. “The degree to which partners are invited to contribute to the formulation of ecosystem governance and strategy over time. It also includes the rules for conflict resolution among ecosystem stakeholders.” Some type of Fair Process Doctrine is critical here as “stakeholders need a clear view into the rules and strategy of a [compliance] ecosystem to actively participate in it and determine their own strategies”. Through stakeholder engagement and participation “governance and strategy can bolster their commitment and willingness to invest resources in an ecosystem.”
Conduct. This component of the framework is more technical as your compliance ecosystem should have a strong tech element. This allows CCOs to “directly influence the behavior of participants in their ecosystem using input control, process control, and output control. Input control, which is often automated using application programming interfaces (APIs) or integrated development environments, specifies the requirements for the partners’ contributions to the ecosystem, including standards and instruments of quality control and the approval of new contributions.”
Sharing. The final building block of ecosystem governance defines the data and property rights of stakeholders. The authors note, “data and property rights regulate ownership and use of the data and intellectual property that are contributed to — or created within — the [compliance] ecosystem.” This can work to allow a wide variety of outcomes across disparate business lines or units, geo-regions or service/product offerings.
Join us tomorrow where I will employ these elements to counsel four foundational recommendations that can guide CCOs in developing and leading a compliance ecosystem.
Super Sunday is here. The NFL finally gets the game in the spotlight after weeks of brutal PR. Who ya got? “Who Dey” or Hollywood? Tom and Jay are back look at some of the week’s top compliance and ethics stories this week in the Super Sunday edition.
Stories
1. Do compliance professionals need a union? Dick Cassin in the FCPA Blog.
2. Jailed employees under the FCPA. Bill Jacobsen explores in the FCPA Blog.
3. New workplace normal for policies and training. Ingrid Freeden in Risk and Compliance Matters.
4. New SOE risk management framework. Alexandra Gillies and Thomas Shipley in the FCPA Blog.
5. 3 questions from KPMG and Carillion tribunal. Neil Hodge in Compliance Week. (sub req’d)
6. SFO investigation protocol announced. Mengqi Sun in the WSJ Risk and Compliance Journal.
7. Companies yet again ask EU for rules around ESG. Lawrence Heim in practicalESG.
8. CCOs say self-reporting a hard sell. Evren Esen in CCI.
9. What comes next for ABC and the Olympics? Andy Spalding in GAB.
10. The Spotify imbroglio. Matt Kelly with a 2-parter in Radical Compliance, Part 1 and Part 2.
Podcasts and More
11. In February on The Compliance Life, I visit with Ellen Smith, a former Director of Trade Compliance who recently started her own consulting firm. In Part 1, she discussed her academic background and early professional career. InPart 2, Ellen moves in-house.
12. Tom and Richard Lummis begin their annual review of Best Picturing winning movies on 12 O’Clock High, a podcast on business leadership. In Part 1 they review Schindler’s List for leadership and ethical lessons. Upcoming episodes will look at Gladiator, A Man for All Seasons and Platoon.
13. CCI releases new e-book from Tom “FCPA 2021 Year in Review”. Available free from CCI.
14. Trial of the Century-the Enron Trial. This week, Tom premiered a 5-part podcast series on the Enron Trial with Loren Steffy, who covered the trial for the Houston Chronicle. In Part 1, run up to the trial. In Part 2, the trial begins. In Part 3, the star witnesses and key testimony. In Part 4, the Verdict comes in. In Part 5, what did it all mean. It is be available on the Compliance Podcast Network, Megaphone, iTunes, Spotify and all other top podcast platforms.
15. In a special 2-part series on the Sunday Book Review, Tom looks at the Notre Dame Deloitte Center for Ethical Leadership’s top books on ethical leadership from 2021. Part 1 and Part 2.
Tom Fox is the Voice of Compliance and can be reached at tfox@tfoxlaw.com. Jay Rosen is Mr. Monitor and can be reached at jrosen@affiliatedmonitors.com.
The Compliance Life details the journey to and in the role of a Chief Compliance Officer. How does one come to sit in the CCO chair? What are some of the skills a CCO needs to success navigate the compliance waters in any company? What are some of the top challenges CCOs have faced and how did they meet them? These questions and many others will be explored in this new podcast series. Over four episodes each month on The Compliance Life, I visit with one current or former CCO to explore their journey to the CCO chair. This month, my guest is Valerie Charles, partner at StoneTurn. We discuss Valerie’s journey to the CCO chair, then to a ComTech start up, to her current role at StoneTurn and look down the road at where ComTech and compliance will be in 2025 and beyond.
In this concluding episode, Valerie looks down the road at the compliance function. She believes there will be increased use of ComTech by compliance functions. Moreover, CCOs and compliance professionals will need learn how to use data and become more comfortable in leveraging data for insights to help prevent, detect and remediate corporate conduct. The corporate compliance function will become even more important in the corporate setting as it will bring together various corporate functions such as legal, HR and IT into collaborative actions.
Resources
Valerie Charles LinkedIn Profile
Valerie Charles at StoneTurn
Categories
Macbeth and Culture Transformation
Over the past week, I have been considering Joel Coen’s The Tragedy of Macbeth currently appearing on Apple TV. I have been reviewing the film and exploring my love of all things Shakespeare. Today, to end this series I want to talk about the remarkable performance by Kathryn Hunter as not one but all three of the weird sisters (3 witches) of the play.
In a New Yorker article, entitled “Weird Sisters? Make that the Twisted Sisters”, Henry Alford interviewed the actor and explored her preparation for the role. First a word about her performance which was nothing short of mesmerizing. Hunter contorted her body in the very first sisters’ scene where she prophesizes that Macbeth will become the Thane of Cawdor. It was basically acting with her body in addition to the dialogue. As the camera closes in on her you see not only her contortions but her dramatic voice. Of this scene, Alford wrote, “Hunter’s first scene in the movie has her squatting in the sand (no panty hose), where she alternately squawks, clutches a sailor’s severed thumb in her gnarled toes, and twists her right arm all the way behind her head. Imagine a litigious raven who has done a lot of yoga.”
Equally impressive was Hunter’s preparation for the role, which only lasted a slim few minutes in the entire movie. Alford wrote, “For her “weird sisters” research, Hunter studied people with multiple-personality disorder, and also crows, which are symbols of divination. She also consulted a modern-day witch. “I asked her to give me a simple spell to keep the company safe,” Hunter said. “Denzel told me he believes in the power of prophecy and the power of blessings, so, before going on set, I would do a ritual to keep him and the company safe.””
Finally, in the film, “Hunter also plays the Old Man outside Macbeth’s castle, which suggests that the witches have shape-shifted into an old codger. It’s the Old Man who, referencing first the darkness of the sky and then Duncan’s murder, says, “ ’Tis unnatural / Even like the deed that’s done.” Hunter was quoted by Alford, “It’s amazing that Shakespeare was so concerned with nature. He’s saying, When man is out of kilter, as it were, it’s reflected in nature. How prescient is that?”
I thought about Hunter’s performance and her innovative use of her body to communicate so well in the movie for my final exploration of transforming your compliance program. In a MIT Sloan Review article, entitled “Use Networks to Drive Culture Change”, authors Peter Gray, Rob Cross and Michael Arena posit that culture is difficult to change, “in part because it reflects people’s values — their deeply held beliefs about what is good, desirable, and appropriate. Relationships can complicate matters further. When colleagues are embedded in informal networks with others who share and reinforce their values, they often become entrenched rather than open to new attitudes and behaviors. But it doesn’t have to be like that. Those same networks can also help leaders identify and overcome obstacles to cultural change and discover unexpected allies.” Their approach has some innovations which every Chief Compliance Officer (CCO) should study to help in the culture transformation of your organization.
Deputy Attorney General Lisa Monaco, in her October speech, renewed the Department of Justice’s (DOJ) emphasis on corporate culture stating, “Now, I recognize the resources and the effort it takes to manage a large organization and to put in place the right culture. The Department of Justice has over 115,000 employees across dozens of countries and an operating budget equivalent to that of a Fortune 100 company. So, I know what it means to manage and be accountable for what happens in a complex organization. But corporate culture matters. A corporate culture that fails to hold individuals accountable, or fails to invest in compliance — or worse, that thumbs its nose at compliance — leads to bad results.” Clearly, she is signally a more focused DOJ interest in culture. This means you need to be ready to not only transform your culture but also document the transformation.
There are five steps which I have adapted for the compliance professional.
- Unearth the Subcultures. It turns out that culture is created not holistically but by corporate subgroups, which have their own cultures and cultural leaders. CCOs often think about the culture of their area of the organization and take action at that level, which across an organization culture is only partially influenced by holistic structures; it is also shaped and reinforced by subnetworks of employees who may spread across many different units. CCOs need to “see the diversity of values that exist in different cultural subnetworks can take much more precise action to support or change these subcultures.”
- Find Your Real Cultural Leaders. Here the key for compliance is that “Informal influencers deep inside the organization are critical — but often hidden — enablers of change. Enlisting their help is far more efficient than taking a top-down approach.” As the CCO you need to identify these real subunit leaders, get their buy in and then enlist them to lead your cultural transformation.
- Shine a Light on Hidden Tensions. There are always disagreements throughout an organization which can kill cultural changes, usually through the proverbial death by a thousand cuts. Analyzing network and cultural data can bring these tensions to light so leaders can manage them. A key one can be what the authors called, “toxic misalignments, where cultural influencers with very different values interacted in negative and dysfunctional ways”. Here the role of the CCO is to be a facilitator, to “appeal to a higher shared value can resolve a deadlock, but only after uncovering value misalignment and discovering who sits on which side.”
- Evoke Positive Emotions. I hope that you as a CCO have a positive outlook. Most CCOs I know are eternal optimists, even those who come from the General Counsel’s office. While a standard tactic to lead cultural change is rationality; i.e., explain and educate using “compelling logic, in hopes of persuading them to commit to new ways of working” the authors found their “research shows that culture spreads most effectively through network connections that have an emotional aspect.” As a CCO you should bring an energy and excitement level and then start “training first-level supervisors to become more skilled as “energizers.” They learned how to engage people in realistic possibilities that captured their imaginations and hearts, for example, and how to help others see how their efforts contributed to an ambitious plan. Nine months later, new data revealed far greater adoption of the new cultural values among individual contributors.”
- Give Adoption the Time It Needs. The authors found that the time to change culture can vary and “leaders may see slow or uneven adoption as new cultural ideas’ failure to spread, when in fact it may be a function of how tacit or complex the values are. And while networks play an important role in speed of adoption, faster isn’t always better.” The bottom line for the CCO is to give it time. But use the tools you have available to assess, monitor and improve your culture transformation program. Mid-course corrections are allowed. The authors concluded, “Combining network analysis with assessments of organizational culture provides leaders with a rich understanding of how new values take root.” This can provide to a CCO a more focused even “local” view of culture, where desired behaviors are communicated, modeled, observed, and adopted on the ground, not broadcast from on high. This in turn allows a CCO to drive cultural transformation in more targeted ways.
I hope you have enjoyed this short series drawing inspiration from Macbeth to discuss transformation of your compliance function as much as I have enjoyed watching the movie, researching the topic and writing about it.
Over the weekend I saw Joel Coen’s The Tragedy of Macbeth on Apple TV. To say it blew me away would be putting it mildly. I have been reviewing the film this week and exploring my love of all things Shakespeare in this week’s blog posts. Today, I want to consider Frances McDormand in her starring role as Lady Macbeth and how her experiences of life point to learning curves.
McDormand herself said that she was destined to play the role. Stephen Schaefer, writing in the Boston Herald, quoted her for the following, ““The first thing that got me hooked on being an actor the rest of my life was the sleepwalking scene from ‘The Tragedy,’” she said of Shakespeare’s guilt-ridden murderess Lady Macbeth, who can never wash the blood from her hands. “I did it when I was 14,” she said. “Then I’ve been pretty much practicing and rehearsing for it for 50 years. It had kind of a fated inevitability to it.””
While other versions of Macbeth, notably Roman Polanski’s 1972 version, used younger actors in the lead roles, here Director Coen focused on older versions of the Macbeths. Schaefer also focused on the experience of the actors, McDormand and Denzel Washington, playing the lead roles. Both actors understand about the drive to achieve the next success, which for Macbeth was to take over the Kingdom of Scotland. Schaefer also noted, “McDormand, 64, agreed. “You might think they don’t understand. But guess what? We understand because when we first talked about the film, Denzel and I (it was our own private conversation), both understood about each other: There’s always been a fight. We fought it as gracefully as possible. The fight’s never going to be over. “So we brought that to it. We still know how to fight. Maybe we were limping a little bit. Maybe it took us a little bit longer to get there, but the fight was still there.””
In a recent Harvard Business Review (HBR) article, entitled “Managing Your Organization as a Portfolio of Learning Curves”, author Whitney Johnson, posited, “As people develop competence in a new domain of expertise, they move along an S Curve: Growth is slow and effortful at the outset, or launch point. It then progresses rapidly as people acquire new skills in a stretch known as the sweet spot. At the peak is mastery, when work becomes easier but the curve flattens. Understanding where your employees are on this S Curve of Learning will help you coach them appropriately, craft thoughtful succession plans, and build a team with diverse but complementary strengths.” I use the article as a starting point for the Chief Compliance Officer (CCO) to use it to aid in developing a strong compliance bench at your organization.
The ‘S’ learning curve has three components; (1) launch point, (2) sweet spot and (3) mastery. It was originally developed by Everett M. Rogers, “to show how new ideas and technologies spread.” However, Johnson also saw it as “the trajectory that people move along as they develop competence in a new domain of expertise.” She calls it the “S Curve of Learning;” where growth is slow and effortful at the outset, which is the launch point. The initial phase is “followed by rapid upward progress as people acquire new skills and overcome setbacks: a stretch I think of as the sweet spot. At the peak is mastery—when work becomes easier, but the curve flattens because there is little left to learn. When that happens it’s time to jump to the bottom of a new S Curve, put in the effort, and experience the thrill of climbing again.”
Johnson applied this concept to three areas which are also important to the corporate compliance team; talent development, succession planning and building an “A Team’. Many have said that talent development, acquisition and retention will be one of the most critical corporate endeavors going into the 2020’s. This is even more true for the compliance function. Our discipline is at a cross-roads with many non-legal concepts becoming more important. Such skills as data analytics, behavioral psychology and others are replacing the need to be able to recite the text of the Foreign Corrupt Practices (FCPA). The S Curve in talent development gives CCOs and their compliance team members a “common language for discussions about personal growth and talent development—about people’s progress in their roles and their future with the organization. When one of your reports says, “I’m at the launch point,” you’ll know that person is struggling to gain traction. When someone says, “I’m in the sweet spot,” he or she has momentum and is feeling competent and confident. And when you hear an employee say, “I’m in mastery,” the message is clear—“I know I’m good at this, but I can’t keep doing it—I need a new challenge.””
Under succession planning, it is not enough to plan what is next for the organization or even your compliance team; you also need to consider what is next for the individual. Johnson wrote, “Doing this well involves anticipating which people might move on and when, identifying team members who might assume this role, and then thinking about those who could backfill that role.” In other words, you need think of it as a multi-dimensional chess game; not only thinking several moves ahead but also on X, Y and Z axes. Such an approach allows you to “see when the high-contribution sweet spot is about to yield to mastery, and shortly thereafter, boredom and stagnation. Keeping people who’ve reached the mastery stage in a role for too long carries risks. An employee can become complacent or a flight risk. And if, as an organization or team, most of your people are in the sweet spot, humming along, you may be courting the danger that your entire team could suddenly be in mastery, setting off a wave of departures. Counter these risks with succession planning for each individual.”
Now think about all of the above in building out your ‘A’ compliance team. Johnson advocates diversity in talent on the ‘S’ curve so that some team members are on the sweet spot and some in the others. She stated, “You want people who have a variety of aptitudes and ambitions, and you want a balanced portfolio of people at different stages of growth. People in mastery have deep experience, people at the launch point bring fresh perspectives, and those in the sweet spot have both the enthusiasm and competence to breathe life into a project. Although every team is different, many look like a bell curve, with most members in the sweet spot at any given time and a small percentage of people at the launch point and in mastery. When putting together a team, smart leaders make sure they have people on all major phases of the curve—what I call a matched team.”
Just as McDormand’s portrayal of Lady Macbeth is thought-provoking so is Johnson’s piece. If you are looking for a low-cost way to improve your compliance team, this approach gives you several ways to think through talent development, retention and advance.
Tomorrow, the sisters.
