The Coronavirus health crisis has wrought many changes in the business world and corporate compliance. Over the next few blog posts, I want to explore in some depth what I see are the key changes for the Chief Compliance Officer (CCO), compliance professional and compliance programs as we move to reopening the country and world for business. Covid-19 will accelerate, literally at warp speed, many of the developments in compliance which have been percolating up and are changing the basic nature of corporate compliance away from a legal response to the legal issue of Foreign Corrupt Practices Act (FCPA) enforcement to a business response.
Today, I want to begin with a two-part consideration of some of the key skills which I believe will be needed by the corporate compliance officer coming out of Covid-19. I draw inspiration from an article in the MIT Sloan Management Review, entitled Four Skills Tomorrow’s Innovation Workforce Will Need by authors Tucker J. Marion, Sebastian K. Fixson, and Greg Brown. As a corporate function, compliance is subject to the same forces driving the Fourth Industrial Revolution, the convergence of digital, physical and biological technologies and, as the authors note, is “changing the nature of work as we know it.” This Fourth Industrial Revolution means moving compliance away from static do’s and don’ts written by lawyers for lawyers to a much more dynamic process where compliance will be a more efficient business process leading to greater profitability.
However, for the compliance function this means having someone who is much more than law school trained in FCPA. It means someone who both sees compliance as a business function and understands compliance as a business process. The Coronavirus health crisis has accelerated this process as many of the strategies available to the CCO in terms of in-person investigations, onsite audits or even compliance with certain well-established policies and procedures are simply not available now and will not be for the foreseeable future. This leads me to adapt the four key skills a CCO and compliance professional would need from the authors work.
The Big Picture
Coming out of the Coronavirus health crisis from corporate compliance, the CCO and compliance professional will be required to know as much about their companies overall business as any other risk function. The reason is simple, risks have magnified, the speed at which they can disrupt and international business has sped up. Coronavirus was well known in December and certainly by January, yet many businesses did not manage this known risk.
But it is more than simply understanding risk and risk management. CCOs and compliance professionals will need to learn and understand data and how it correlates to business. This means on both the sales and Supply Chain side of the equation. What are the key connections in your compliance policies and procedures and “each step of the value chain, between the company’s current and future business models.”? Now what about customers’ businesses? Here CCOs and compliance professionals need to know the pain points of where corruption can occur. As John Warren, Vice President and General Counsel at the Association of Certified Fraud Examiners (ACFE), noted in a recent podcast on the ACFE 2020 Report to the Nations, corruption is the most common fraud scheme in every global region in the world. It is up to the CCO of every company to understand how corruption can occur in their company interactions with customer.
Compliance touches literally every aspect of corporate life. Simply think through the quote-to-cash (QTC) sales cycle or the procure-to-pay (P2P) purchasing cycle; each step has a compliance mandate. Coordination of these disparate steps will require someone to understand the big picture of each step, understand the digital platforms for each step and be able to data mine, understand and interpret the data from these steps. A CCO and corporate compliance function is not only uniquely suited to perform these functions but also understand how to find the pattern in these raked leaves.
CCO as Entrepreneur
Clearly a corporate compliance function has to become more entrepreneurial to succeed. This starts because of the customer base – your own employees. Legally trained compliance professionals often look towards releasing yet more written policies and procedures, not taking into account what the business unit really needs to do business ethically and in compliance. Yet those business instincts and desires are not often considered when writing or revising policies and procedures. Obviously, this last component is a key part of the agile process and is something compliance professionals will have to move towards as we come out of Coronavirus. The reason is straight-forward and simple: you cannot do business the old way and that old way is from January 2020.
Compliance teams must learn to “redraw organizational boundaries to keep pace with technological change. Essentially, they must become digital intrapreneurs, using the latest tools or, if necessary, creating them. That involves experimenting with new software and systems outside those recommended by IT, and even developing some solutions in-house.” Recall that the Department of Justice (DOJ) continually reminds companies of the need for ongoing monitoring and incorporating what you have learned back into your compliance program through continuous feedback. The DOJ also expects corporate compliance programs to take examples of the most current developments in compliance to move a program forward.
A final consideration of the entrepreneurial mindset is a tolerance for risk. Obviously, risk tolerance is generally antithetical to lawyers. After all, corporate lawyers are there to circle the wagons and protect a corporation; not to prevent, detect and remediate. But even more so compliance professionals have to do compliance at the speed of business and be willing to take risks through more robust risk management. Remember, brakes do not exist on a race car to slow it down; they exist so it can drive faster. There is almost always a manner to manage an identified risk. What the DOJ (and Securities and Exchange Commission) have long told us is that a compliance program must be well thought out and executed. This means that if you have a plan to manage risk and go through the full risk management protocol, you will most probably be in good shape.
One again, the Coronavirus health crisis has accelerated the requirement for a CCO or compliance professional to change their mindset away from a legal response to a legal problem. What compliance must do going forward is deliver a business solution to a legal problem.
Tomorrow I will conclude some of the skills which CCOs and compliance professionals will need coming out of Covid-19 and moving forward into 2021 and beyond.