Categories
Compliance Tip of the Day

Compliance Tip of the Day: Compliance Ecosystem

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

In this episode, we ask you to think about compliance as an ecosystem and how that can facilitate greater operationalization of your compliance program.

For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program Through Innovation: Day 1 – Originating a Compliance Ecosystem

The compliance profession is at an inflection point, moving away from the lawyer-driven written policies and procedures to a more operationalized regime where compliance is a part of the overall ecosystem embedded directly in the business process-focused discipline. Seen in this manner, compliance will be seen not as a cost center but as a value creation center, helping the company to make business processes more efficient and then more profitable. To be the orchestrator and prime mover of a compliance ecosystem, you need a superior compliance service that is hard to replicate. This means some combination of compliance, an extensive network of internal users, and strong branding.

Compliance is undergoing a paradigm shift as a result of technological and digital innovation. CCOs who cannot interpret the data from their systems will likely find themselves consigned to the dustbin of corporate luddites. Compliance will be moving into a new era of collaboration and connection to more fully operationalize compliance to make all business stakeholders more efficient and more profitable.

Three Key Takeaways:

  1. Compliance is undergoing a paradigm shift as a result of technological and digital innovation.
  2. To be the orchestrator and prime mover of a compliance ecosystem, you need a superior service that is hard to replicate.
  3. Compliance should help other corporate functions.

For more information, check out The Compliance Handbook, 4th edition, here.

Categories
Blog

Innovation in Compliance: Compliance Ecosystem – Part 2

This week, we are exploring the topic of Innovation in Compliance, through a week of considering  some of the newest business strategies which can be applied by the compliance profession to corporate compliance programs. My inspiration comes from MIT Sloan Management Review Winter Edition. In Setting the Rules of the Road, authors Ulrich Pidun, Martin Reeves, and Niklas Knust posited that putting the right rules in place to orchestrate a platform that creates value for all stakeholders is critical to help in an overall approach to manage risk. I have used their article as a starting point to look at the enhancement of compliance ecosystems. Yesterday we reviewed what is a compliance ecosystem and a framework for considering it. Today we conclude this topic by employing the elements of a framework to deploy four foundational recommendations which can guide Chief Compliance Officers (CCOs) in developing and leading a governance model for a compliance ecosystem.

  1. Align your ecosystem’s governance model with its strategic priorities.

As with all compliance programs, the strategic priorities of your compliance ecosystem will vary by risks, risk management protocol and compliance program maturity. The authors point out that your compliance ecosystem growth, “can be fostered by lowering entry barriers, easing the controls on conduct, and/or offering a more generous distribution of [compliance] value.” Yet the “governance model can help orchestrators maintain the quality of an ecosystem’s offerings.”
If your overall strategic focus is on improving alignment among the stakeholders of a compliance  ecosystem, “the different dimensions of governance can help.” This can include “leveraging several governance dimensions: a common mission, strict technical guidelines and processes for conduct, and administrative decision rights that are assigned to specific users.” The authors conclude, “Nuanced choices regarding the dimensions of governance can help orchestrators simultaneously achieve conflicting objectives,” specifying that there can be low barrier access to the compliance ecosystem “while at the same time ensuring a high level of quality and consistency by centralizing decision rights and using extensive quality checks before approving newly developed apps for the platform.”

  1. Use your governance model to stand apart.

Compliance ecosystem governance serves as a source of competitive advantage. As a CCO, you can develop different governance profiles to differentiate your compliance ecosystem. If your compliance ecosystem is relatively new, you can “adopt an open governance model to counter the network effects enjoyed by incumbents.” The authors caution that it may be an iterative process as your first attempt might not be embraced fully by all stakeholders.
Moreover, while competing ecosystems initially experiment with diverse governance models and use them for competitive differentiation, over time the more successful models eradicate the weaker ones. CCOs learn which governance work best for their organization but then such models may begin to converge. The authors observed, “If one ecosystem gains a competitive advantage by adapting its governance model, others may be forced to do the same to keep up.”

  1. Use governance to ensure social acceptance.

Interestingly, what the authors observed in their study of business ecosystem governance was that good governance could lead to more social acceptance. Typically, in the compliance realm, it is the reverse; that is social acceptance by employees and other stakeholders leads to good governance. This dichotomy is worth exploring for the CCO.
Perhaps, not to surprisingly, the compliance ecosystem approach has not yet been fully embraced by the Department of Justice (DOJ) or Securities and Exchange Commission (SEC) most probably because it is still so cutting edge. However, as with all thing’s compliance, the key when the regulators come knocking is that you have Documented, Documented, and Documented your efforts in this area. But even beyond the regulatory review and enforcement arena, a lack of trust between the compliance function and stakeholders can lead to a compliance ecosystem failure.
Moreover, good governance is a prerequisite for building social capital and securing the social legitimacy required by a compliance ecosystem. The authors state, “the governance model must be designed to engender and maintain social acceptance, as well as legal compliance, over the long term and in the face of changing demands. Superior governance, understood in this way, must be consistent and fair.” This sounds precisely like what the DOJ mandated in the Update to the Evaluation of Corporate Compliance Programs as CCOs and the compliance function is now the guardian of institutional justice and institutional fairness. The authors take it a step further arguing, “Consistency means that the mechanisms of governance are transparent and easy to understand, comprehensive, internally consistent, and stable over time.” Finally, the authors believe, “Fairness means that governance complies with corporate policies and legal requirements, avoids biases and creates trust among employees and other stakeholders.”

  1. Adapt your governance model over time.

The authors state, “Adaptability is a key strength of a successful ecosystem. Typically, this adaptability stems from a modular setup that features a stable core (or platform) and interfaces, with highly variable components that can be easily added or subtracted. This enables ecosystems to evolve along with changes in the competitive environment, the needs of orchestrators and participants, social mores, and technology. This same kind of adaptability must also be reflected in the governance model of an ecosystem.” I quote this statement in its entirety because it is a longer way of saying that continuous monitoring leads to continuous improvement. Your compliance program must evolve as do each of the components within it. This would also include the governance of your compliance ecosystem.
As compliance ecosystems become more widespread and evolve, the quality of their governance is an increasingly important success factor. The authors drive home the point that all compliance practitioners understand, “there is no single best way to design your governance model: It will be contingent on the strategic priorities, competitive dynamics, societal demands, and life-cycle stage of the ecosystem.” In other words, assess your own risks in creating your compliance ecosystem and then manage your risks through it.
A CCO should not treat governance as “an afterthought but should instead think through and actively design the governance model.” You need to understand the benefits and risks of aligning “governance and strategy, and resolve strategic trade-offs by balancing the different dimensions of governance.” You ought to put yourself into the shoes of ecosystem stakeholders and  employees to understand the impact of your governance decisions on their incentives to participate and contribute. You will have to adapt your governance model over time to react to changes in user preferences, technology, competition, and strategy. Finally, remember “Good governance is an essential key to the success of both ecosystem orchestrators and their partners.”
Please join us tomorrow where we will look at moving beyond trust in your compliance regime.

Categories
Blog

Innovation in Compliance: Compliance Ecosystem – Part 1

I just delivered to LexisNexis the edits for the next edition of The Compliance Handbook, the single definitive one author volume on the design, creation, implementation and enhancement of a best practices compliance program. It will appear later in 2022. One thing that struck me in updating this seminal work is the innovation that has occurred and continues to drive the compliance profession. In addition to the evolution of the Department of Justice (DOJ) in its thinking about what constitutes a best practices compliance, the tools and strategies used by compliance professionals continues to evolve through innovation. I decided it was time to have another Innovation in Compliance Week to look at some of the newest business strategies which can be applied by the compliance profession to corporate compliance programs. My inspiration comes from MIT Sloan Management Review Winter Edition. Today, I want to consider platforms for compliance ecosystems.
In Setting the Rules of the Road, authors Ulrich Pidun, Martin Reeves, and Niklas Knust posited that putting the right rules in place to orchestrate a platform that creates value for all stakeholders is critical to help in an overall approach to manage risk. I have used their article as a starting point to look at the enhancement of compliance ecosystems.
What is a Compliance Ecosystem?
If you have ever sat in the Chief Compliance Officer (CCO) chair you know that your life is constantly juggling multiple balls in the air at once. Perhaps my favorite metaphor is fixing or even swapping out jet engines while flying at 400 MHP at 35,000 ft. Moreover, in the corporate world think about all the other disciplines compliance touches or should touch. For instance, how many touch points are the in the Human Resources (HR) sphere around compliance? I submit there are client touchpoints at each step the HR lifecycle of employment for any person in any organization. The same is true for the entire sales cycle and the procurement cycle. Compliance should work in each of those ecosystems to operationalize compliance more fully by adding value through increased business efficiencies, not bureaucratic burdens.
There is another way that this ecosystem approach can make your compliance program more effective. Think about the third parties your company has on both the sales and supply chain side. If you could work to create a closer ecosystem with those stakeholders from the compliance perspective, it would not only make the business relationship stronger but also make the entire business process more efficient.
Compliance has undergone a paradigm shift as a result of technological and digital innovation. CCOs  who cannot interpret the data from their own systems will likely find themselves consigned to the dustbin of corporate luddites. Compliance will be moving into a new era of collaboration and connection to more fully operationalize compliance to make all business stakeholders more efficient and, at the end of the day, more profitable.
The authors found that many ecosystem failures stem from their governance models; that is, “the explicit and/or implicit structures, rules, and practices that frame and direct the behavior and interplay of ecosystem” stakeholders. The authors noted a variety of reasons for these failures including conflicts among ecosystem partners, backlash from internal stakeholders or government regulators are other indicators of governance flaws that can bring down an ecosystem. The key for CCOs in trying to establish compliance ecosystems is to “understand the components of a comprehensive governance model and glean insights from ecosystem successes and failures can make more informed and explicit governance decisions.” As the authors note, in doing so, CCOs can “improve the odds that their” compliance ecosystems will survive and prosper over the long term.
Compliance Ecosystem Framework
Good governance supports a compliance ecosystem’s ability to create value, manage risk, and optimize both efficiency and return among its stakeholders. To lead in support of these ends and capture a competitive advantage, CCOs must systematically think through and actively design what the authors denote as five elements of an ecosystem governance model. I have adapted their framework for a corporate compliance program.
Mission. There must be engagement so there is a strong sense of shared mission to keep compliance ecosystem partners moving forward. CCOs should identify a clear and distinctive compliance purpose early in the ecosystem “development and anchor it in a well-articulated set of values can motivate and align partners, particularly when this involves solving a significant problem or making an important contribution to society.” This can also “encourage desirable behaviors without undue reliance on complex rules and written standards.”
Access. CCOs should begin with stakeholders who agree to certain standards and behaviors regarding the compliance ecosystem. “The rules governing access also can help determine partner commitment by requiring an investment or offering an incentive for joining the ecosystem and/or defining the level of exclusivity that partners must provide to the ecosystem.” This investment can be with people or time but investment + engagement means increased buy in.
Participation. “The degree to which partners are invited to contribute to the formulation of ecosystem governance and strategy over time. It also includes the rules for conflict resolution among ecosystem stakeholders.” Some type of Fair Process Doctrine is critical here as “stakeholders need a clear view into the rules and strategy of a [compliance] ecosystem to actively participate in it and determine their own strategies”. Through stakeholder engagement and participation “governance and strategy can bolster their commitment and willingness to invest resources in an ecosystem.”
Conduct. This component of the framework is more technical as your compliance ecosystem should have a strong tech element. This allows CCOs to “directly influence the behavior of participants in their ecosystem using input control, process control, and output control. Input control, which is often automated using application programming interfaces (APIs) or integrated development environments, specifies the requirements for the partners’ contributions to the ecosystem, including standards and instruments of quality control and the approval of new contributions.”
Sharing. The final building block of ecosystem governance defines the data and property rights of stakeholders. The authors note, “data and property rights regulate ownership and use of the data and intellectual property that are contributed to — or created within — the [compliance] ecosystem.” This can work to allow a wide variety of outcomes across disparate business lines or units, geo-regions or service/product offerings.
Join us tomorrow where I will employ these elements to counsel four foundational recommendations that can guide CCOs in developing and leading a compliance ecosystem.

Categories
31 Days to More Effective Compliance Programs

Originating and Managing a Compliance Ecosystem


Have you ever thought of compliance as an ecosystem? When you consider the concept, it becomes clear that this is one thing every company should strive towards. Obviously, every multi-national company must have a compliance program. But to have true effectiveness, your compliance program must be operationalized throughout the organization. One way to facilitate this is through the ecosystem concept.
There is another way that this ecosystem approach can make your compliance program more effective. Think about the third parties your company has both on the sales and the supply chain side. If you could work to create a closer ecosystem with those stakeholders from the compliance perspective, it would not only make the business relationship stronger but also make the entire business process more efficient.
2020 has brought a paradigm shift to corporate compliance as a result of technological and digital innovation. CCOs who cannot interpret the data from their own systems will likely find themselves consigned to the dustbin of corporate luddites. Compliance will be moving into a new era of collaboration and connection to more fully operationalize compliance to make all business stakeholders more efficient and at the end of the day more profitable.
Three key takeaways:

  1. A compliance function’s customers are a variety of stakeholders.
  2. Compliance can improve business processes.
  3. A compliance ecosystem can help to operationalize compliance.