No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Compliance and Mastering Strategy

by Thomas Fox
February 22, 2016
in Compliance
The best CCOs are strategists

This article was republished with permission from Tom Fox’s FCPA Compliance and Ethics Blog.

It’s often difficult for Chief Compliance Officers (CCOs) to look at compliance strategy rather than the tactical aspects of compliance. This is because it is usually the day-to-day aspects of doing compliance that are your full time job. However, the more you can think strategically about your compliance program, the more you and your company will benefit going forward. I thought about this as I read an article in the MIT Sloan Management Review entitled “Mastering Strategy,” in which Editorial Director Martha Mangelsdorf spoke with David Yoffie and Michael A. Cusumano, who recently released the book, “Strategy Rules: Timeless Lessons From Bill Gates, Andy Grove and Steve Jobs.” These men headed Microsoft, Intel and Apple, respectively.

One of the more interesting initial observations was “that strategic thinking is a capability that leaders develop over time — and that these executives, whom we know as having made some great decisions, didn’t necessarily start off as such accomplished strategists.” Grove began as a scientist, working in a laboratory, then moved into operations and became Intel’s Chief Executive Officer (CEO). The authors viewed Gates as a natural strategist, yet he learned about “execution and organization. He learned he couldn’t personally run whole areas of the company.” The authors viewed Jobs as having “great product instincts, but he had to learn to master strategy in a high tech world.”

The meat of the book is five important strategic lessons the authors learned from studying these individuals. I will use them as a jumping-off point for their application for the CCO or compliance practitioner.

Strategy Rule #1: Look Forward, Reason Back

As a lawyer, I certainly understand studying the past to try and learn about the future, or at least prevent the mistakes of the past. However, the authors believe “real strategists are like great chess players or great game theorists: They need to think several steps ahead towards the end of the game and then reason back to what that means about what they need to do today. As a strategist, you need to think about where you want your business to be two, three, five, seven years down the road and then figure out what are the priorities and boundaries of what you need to do as a company today to get there.”

Stephen Martin, now a partner at Arnold & Porter LLP, often talks about having a 1-3-5 year compliance strategic plan. He says this gives you a guidepost to aim for and a track record for documentation purposes. Martin believes this is a disciplined way of thinking through both several steps ahead and what they might mean for the company.

Strategy Rule #2: Make Big Bets Without Betting the Company

The authors note that all three executives made “big bets, but they never really bet the company.” For the CCO or compliance practitioner, the corollary is that with an effective compliance program, the business can move very fast and take risks it might not otherwise be able to do so safely. I once heard former Citibank CEO John Reed say the reason you have brakes on a car is so you can go fast, not simply to slow the car down. This is what compliance can provide if you not only think strategically, but also manage your compliance program thoroughly.

Strategy Rule #3: Build Platforms and Ecosystems – Not Just Products

For the CCO or compliance practitioner, I can think of no better example here than to cite to Jon Rydberg, head of Orchid Advisers, and his innovations around the term “compliance ecosystem.” Rydberg developed a lifecycle of compliance around the integration of written policies and procedures, personnel and technologies. While this sounds close to a formulation such as the 10 Hallmarks of an Effective Compliance Program, Rydberg takes the concept into the realm of strategic thinking by demonstrating that by putting an entire ecosystem in place, a company could move towards replicating each step in the process without reinventing the wheel or with additional costs. The authors point to Gates, who understood that a computer was a platform and that Microsoft operating system was the key element of that platform.

The Volkswagen (VW) emissions-testing scandal is the most current example I can posit where if an effective compliance program had been in place it may well have helped to prevent, detect and remediate the issues, which came before the company. However, for any competitor, compliance would have been required to demonstrate, with transparency, compliance with applicable laws. That is using compliance strategically.

Strategy Rule #4: Exploit Leverage and Power – Play Judo and Sumo

I found this rule quite interesting as it might apply to the compliance arena. The authors noted, “If you’re going to be a great strategist, you’ve got to be able to execute at the tactical level. The things that you do every day, day-to-day with your customers, with your competitors and with your partners become critical in your ability to execute your longer-term strategy.” For the CCO or compliance practitioner, I think this translates into the requirement that you deliver on the tactical or day-to-day slogging of compliance. You have to work to put the written code of conduct, policies and procedures in place, train on them and monitor them going forward. This gives you the ability to move forward strategically because you will have the strength of credibility.

Strategy Rule #5: Shape the Organization Around Your Personal Anchor

Here the authors noted a distinct paradox: “You want to dive deep into the things you’re really good at, but at the same time stay at a high level and always keep the big picture in mind. You have to know yourself, know what you are good at and know your weak spots. It doesn’t matter whether you’re an entrepreneur or running a $50 billion company; the key thing is figuring out how to compensate for your weaknesses in order to make the organization execute effectively. We think that’s true regardless of company size; any CEO has to do that. In the case of Grove and Gates, they knew very early on in their careers what they were good at and what they weren’t; their crisp execution depended on finding ways to get the right people around them to compensate for areas that weren’t their personal strengths.”

For many CCOs or compliance practitioners who came to the role from the in-house legal department or with a legal training, this is particularly true. The legal department is more generally focused on protecting the company. The compliance department is more generally focused on preventing, finding and fixing problems. Second is the use of technology and, more particularly, data analytics. When asked about the COSO 2013 Framework and its application, you cannot simply point down the hall and say something like “I am a lawyer, those people in internal audit use COSO, not me.” If you cannot or do not work well with numbers, pair up with someone in your organization or company who does. Usually that is finance, internal audit or some other corporate discipline. The same is true for the COSO Framework.

Last week, I wrote that management≠leadership. One of the other key differences is that managing is about executing tactical concerns. Leadership is more about strategy. As you move to leadership in your compliance function, these lessons on strategy from some very good leaders over the past 25 years are excellent guideposts for you to incorporate into your skill set.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business advice, legal advice or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The author gives his permission to link, post, distribute or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.


Previous Post

STOPit Introduces Risk Mitigation Tool to Prevent & Mitigate Costly Workplace Misconduct

Next Post

New DOL Guidance Seeks to Expand FLSA Liability to More “Joint” Employers

Thomas Fox

Thomas Fox

Thomas Fox has practiced law in Houston for 25 years. He is now assisting companies with FCPA compliance, risk management and international transactions. He was most recently the General Counsel at Drilling Controls, Inc., a worldwide oilfield manufacturing and service company. He was previously Division Counsel with Halliburton Energy Services, Inc. where he supported Halliburton’s software division and its downhole division, which included the logging, directional drilling and drill bit business units. Tom attended undergraduate school at the University of Texas, graduate school at Michigan State University and law school at the University of Michigan. Tom writes and speaks nationally and internationally on a wide variety of topics, ranging from FCPA compliance, indemnities and other forms of risk management for a worldwide energy practice, tax issues faced by multi-national US companies, insurance coverage issues and protection of trade secrets. Thomas Fox can be contacted via email at tfox@tfoxlaw.com or through his website www.tfoxlaw.com. Follow this link to see all of his articles.

Related Posts

supply chain

Only 1 in 4 Manufacturers Have High Confidence in ESG Readiness of Their Supply Chains, Survey Finds

by Staff and Wire Reports
January 27, 2023

Ever-evolving regulatory requirements, consumer demand and investor expectations are all forcing manufacturers to increase the transparency of their supply chain,...

cco pressure

Survey: CCO Pressure High, Resources Low

by Staff and Wire Reports
January 27, 2023

Too few organizations are embracing compliance culture, according to a survey by FTI Consulting and Ethico, which found that while...

growth what next

Growing Pains: Mid-Sized Auditing Firms Are Seeing an Influx of New Clients, But at What Cost?

by Jey Purushotham
January 25, 2023

The era of exponential growth among mid-tier accounting firms is upon us, driven largely by the trend of top-tier firms...

board tech purchase

Directors: Don’t Approve a Tech Purchase Without Asking These Questions

by Jean Hill
January 25, 2023

Board directors don’t need to be able to fix a broken server, but they do need basic technology competence, which...

Next Post
New DOL guidance to impact wage and hour compliance

New DOL Guidance Seeks to Expand FLSA Liability to More "Joint" Employers

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT