This article was republished with permission from Tom Fox’s FCPA Compliance and Ethics Blog.
Sometimes the simplest visual can provide the greatest insight about transformation. I had that particular insight when I recently had the chance to catch up with Scott Lane, Chief Executive of the Red Flag Group, at the SCCE 2015 Compliance and Ethics Institute. In a podcast earlier this month, Lane talked about the line of sight for a Chief Compliance Officer (CCO) or compliance practitioner into the life cycle of a transaction to review it from the compliance perspective. Lane simply drew an imaginary line from his eyes forward to demonstrate the straightforward nature of his concept. However what if such straight-line visibility was available for the CCO or compliance practitioner on an ongoing, real-time basis?
That last piece may be the next step for the compliance function. It would wed the Compliance 2.0 architecture advocated by Donna Boehme with the Compliance 3.0 use of social media style communications and data pioneered by CCOs such as Louis Sapirman at The Dun & Bradstreet Corporation. In a recent article in the Harvard Business Review entitled “How Smart, Connected Products are Transforming Companies,” authors Michael E. Porter and James E. Heppelmann explored how the “evolution of products into intelligent, connected devices – which are increasingly embedded in broader systems – is reshaping companies and competition.” In reading this article I was struck about how the use of data and information could move from simply a review tool for the CCO or compliance practitioner to the ability to have ongoing oversight which could move compliance into the forefront of any organization and a prescriptive role to deliver solutions to compliance risk issues before they become something more serious. Over the next couple of blog posts I will review this article from the compliance angle. Today I will review some of the theory the authors posit and tomorrow I will look at how it might well apply in the compliance space.
Information and technology are forcing companies to redefine and rethink nearly everything they do. The compliance function in a company is no different. The unprecedented amount of data available to the CCO or compliance practitioner is changing the way a compliance department interacts with its client base, the company’s employees. The data generated through these new technologies can allow the compliance function to move beyond even the prevent, detect and remedy troika which has been in the compliance lexicon for some time to a more efficient risk management concept – prescription where a compliance risk management solution is delivered at every step in the transaction chain, when warranted. Such unified data organizations not only allow continual improvement, but also optimize the compliance function’s relationship with its constituent base through a more robust cross-functional collaboration with the business unit and transaction cycle.
In their article, the authors focus on “how smart, connected products are changing how companies work.” While smart products come from physical components, smart components and connectivity components, business transactions come from employees using technology to make connectivity. The authors believe that “Smart, connected products require a whole new supporting technology infrastructure. This “technology stack” provides a gateway for data exchange between the product and the user and integrates data from business systems, external sources and other related products. The technology stack also serves as the platform for data storage and analytics, runs applications and safeguards access to products and the data flowing to and from them.”
For the CCO or compliance practitioner, the concept opens new ways to operate. First, a compliance function can monitor in real-time the “condition and environment” of transactions to gain insights into both “performance and use.” Second, complex operations, such as the life cycle of a business transaction, can be broken down into specific, digestible steps, which can be reviewed and evaluated from the compliance perspective. Finally, such information can allow compliance to intervene in a prescriptive mode, rather than even a preventative manner, if a red flag pops up or otherwise arises.
And while the authors note that this transition may be unsettling and perhaps even destabilizing for some, I agree with them that it is important to see such connectivity as a way to improve. For instance, in the area of compliance internal controls, they are essentially financial controls. If there is one takeaway from Ethisphere’s annual survey of the World’s Most Ethical Companies, it is that they are more successful than the Standard and Poor’s (S&P’s) average because they are better run from a financial perspective. This will hold true for companies that can move to smarter compliance.
If a CCO or compliance officer can receive a notification that several different data points warrant a review before a transaction is completed or even before an offer is made, which could constitute a violation of the Foreign Corrupt Practices Act (FCPA), it would allow for more and greater efficiency in the delivery of compliance services. It could also provide regulators such as the Department of Justice (DOJ) or Securities and Exchange Commission (SEC) with the requisite documentation on a quick, efficient basis that could expedite any FCPA inquiry before it becomes a full FCPA investigation.
Further, I think the recent developments which drove me to opine that compliance may well be at the tipping point in terms of importance to any organization will require the compliance function to develop more robust and more efficient risk management techniques. I recently heard Andrea Bonime-Blanc characterize corporate reputational risk as “hyper-transparent” in today’s 24/7 access and social media world. With this new dynamic, companies will need a similar response to the next time a competitor engages in conduct so bad that it damages the reputation of an entire industry as Volkswagen has done for the diesel auto manufacturing industry.
The visual of straight-line of sight seems so simple that it is obvious. However, authors Porter and Heppelmann point out that connecting not simply the dots but also the steps, the employees and their actions can provide a powerful tool which can allow the compliance function to be at the forefront of risk management, before a reputational-damage expert needs to be called in for assistance. When your Chief Executive Officer asks “How are we doing?” with a line of sight based on real-time information from your own organization, the CCO can answer that question with some assurance.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business advice, legal advice or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The author gives his permission to link, post, distribute or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.