Because leadership dynamics are changing, so too should the old “command and control” function of compliance. Tom Fox offers guidance to help CCOs adapt to the changing times.
Given the paucity of leadership coming out of Washington during this crisis, I thought it would be a ripe time to consider some innovations in compliance leadership. While many compliance departments may have begun more as a command and control function, set up by lawyers to comply with anti-bribery laws such as the Foreign Corrupt Practices Act (FCPA), this type of leadership model is now becoming outmoded in today’s world. It is not that employees are interested in “why” they should do business ethically and in compliance with such laws, but more that power is shifting inside corporations.
In a 2014 Harvard Business Review article entitled “Understanding ‘New Power,’” authors Jeremy Heimans and Henry Timms explored how leadership dynamics are changing and what companies might be able to do to harness them. I found them to have some excellent insights that a Chief Compliance Officer (CCO) or compliance practitioner can apply to a compliance function.
The authors begin by noting that “new power” differs from “old power” in a bilateral dimension of intersection. This intersection is between the models used to exercise power and the values that are now embraced. Understanding this shift in power will facilitate the compliance function moving more to the forefront of a business integration role. The article outlines four new power models:
- Sharing and shaping.In this model, a company is much more integrated with its customers and supply chain.
- F This model continues the integration by adding a vertical component, whether from equity positions or some other type of funding.
- P In this model, “participants go beyond supporting or sharing other people’s efforts and contribute their own.”
- Co-ownership. This is the most decentralized model, pushing participation down to the lowest or most basic levels.
But beyond these new power systems, “a new set of values and beliefs is being forged. Power is not just flowing differently; people are feeling and thinking differently about it.”
The authors call them “feedback loops” that “make visible the payoffs of peer-based collective action and endow people with a sense of power. In doing so, they strengthen norms around collaboration.” This sounds suspiciously like continual monitoring and continually upgrading your compliance program through incorporation of information to feed innovation.
There were five values laid out to help guide leadership:
- Governance,where “power favors informal, networked approaches to governance and decision making.”
- Collaboration,where power value rewards “those who share their own ideas, spread those of others or build on existing ideas to make them even better.”
- DIO (or Do It Ourselves), which is a “belief in amateur culture in arenas that used to be characterized by specialization and professionalization.”
- Transparency,which intones that more permanent transparency between business and social lives will lead to a “response in kind from our institutions and leaders who are challenged to rethink the way they engage with their constituencies,” specifically including their employee base.
- And finally, Affiliation, which means that new and younger employees are less likely to “forge decades-long relationships with institutions.”
The authors have three prescriptions that I found could be useful for the CCO or compliance practitioner to incorporate into a mature and evolving compliance program moving forward; compliance functions need to “engage in three essential tasks:
- assess their place in a shifting power environment,
- channel their harshest critic and
- develop a mobilization capacity.”
Assess Where You Are
This prong is quite close to something compliance practitioners are comfortable with in their role: a risk assessment. However, the authors suggest that the assessment be turned inward, so you should assess the compliance function on this “power compass – both where you are today and where you want to be in five years.” You can benchmark from other companies in responding to this query. Internally, you can begin this process with a conversation about new realities and how the compliance function should perform. More importantly, such an assessment can help you identify the aspects of the core models and values that should not be changed.
Incorporate Business Unit Interests
The authors noted, “today, the wisest organizations will be those engaging in the most painfully honest conversations, inside and outside, about their impact.” However, I think this question should be asked first by the CCO or compliance practitioner, for it is not only what you are doing to work with your business units but – more importantly – what are you doing to incorporate their concerns and suggestions into your compliance regime.
If you are going to ask the business unit to be a significant partner or (better yet) to be your business partner, you will need to have a mechanism in place to engage your business unit so there can be an inflow of input before the compliance function has an output of requirements. As the authors wrote, “this level of introspection has to precede any investment in any new power mechanisms” – to which I would add any successful compliance function.
Mobilize Your Capacity
Here, I suggest you consider contracted third parties and business ventures such as joint ventures (JVs) as an avenue through which the compliance function can bring greater benefits to an organization. Compliance expert Mary Jones, the former Global Industries Ltd. Director of Compliance, often discusses her training of the company’s third parties and how thankful they were when she would personally travel to their locations and conduct in-person training. Her efforts to travel to their locations and spend the money required to do so not only directly strengthened Global Industries’ compliance function, but also created allies for her efforts by giving these suppliers the information and training they needed to comply with their customers’ requirements. By reaching out in this manner, your company can use its contracted third-party suppliers to create a stronger compliance program internally.
As the compliance profession matures, it will become more a component of the company’s business function. This means less of a lawyer’s top-down mentality of “do it because I said to do it” and more of a collaborative mentality.
This article was republished with permission from Tom Fox’s FCPA Compliance and Ethics Blog.
Thomas Fox has practiced law in Houston for 25 years. He is now assisting companies with FCPA compliance, risk management and international transactions.
He was most recently the General Counsel at Drilling Controls, Inc., a worldwide oilfield manufacturing and service company. He was previously Division Counsel with Halliburton Energy Services, Inc. where he supported Halliburton’s software division and its downhole division, which included the logging, directional drilling and drill bit business units.
Tom attended undergraduate school at the University of Texas, graduate school at Michigan State University and law school at the University of Michigan.
Tom writes and speaks nationally and internationally on a wide variety of topics, ranging from FCPA compliance, indemnities and other forms of risk management for a worldwide energy practice, tax issues faced by multi-national US companies, insurance coverage issues and protection of trade secrets.
Thomas Fox can be contacted via email at tfox@tfoxlaw.com or through his website 
