You can read here Part 1 of this three-part series: What Hath Covid-19 Wrought? A New Skill Set Required for Compliance.
I am exploring in some depth what I see are the key changes for the Chief Compliance Officer (CCO), compliance professional and compliance programs as we move to reopening the country and world for business from the Coronavirus health crisis. Covid-19 has accelerated, literally at warp speed, many of the developments in compliance which have been percolating up and are changing the basic nature of corporate compliance away from a legal response to the legal issue of Foreign Corrupt Practices Act (FCPA) enforcement to a business response.
Throughout history, new technologies have demanded new skills for leadership. However, in today’s era of Covid-19 and the Coronavirus health crisis, companies are being forced to face a new set of issues from the oldest of mankind’s scourges – a plague. Coronavirus has accelerated trends that were in place before Covid-19 raced across the planet. Now if you are doing business in an international organization or you are doing business domestically only, you have been impacted. Coming out of this health crisis, as we reopen businesses literally around the globe, the corporate compliance function will be required to use a new set of leadership skills. Today, I in the midst of a three-part consideration of some of the key skills which I believe will be needed by the corporate compliance officer coming out of Covid-19. I drew inspiration from an article in the MIT Sloan Management Review, entitled Four Skills Tomorrow’s Innovation Workforce Will Need by authors Tucker J. Marion, Sebastian K. Fixson, and Greg Brown.
A Bottom-Line Focus
This is far past being able to read a spreadsheet. This means that a CCO and compliance professional must not only understand how the company makes money but how the compliance function fits into that equation. As compliance becomes a more data-driven world, compliance professionals need to be just as skilled at thinking about business models as they are at designing and implementing compliance systems. The authors note, “IDEO’s Tom Kelley describes people who look for business opportunities, beyond the current challenges, as cross-pollinators.” Learning, valuing and fostering that capability in the corporate compliance function will be critical going forward.
Many companies’ value-capture strategies can be shaped by compliance because looking at the numbers and determining what they mean is now a mandatory aspect of the compliance role. Whether those numbers come from hotline reports, gift, travel and entertainment (GTE) spend or looking at all the compliance components in the sales cycle; CCOs and compliance professionals have to understand what the numbers are telling them. The significance of this going forward is that if you can put numbers around it, you can study a system or process and then you can improve it. This is exactly what the Department of Justice (DOJ) calls for when it talks about continuous monitoring leading to continuous improvement.
I consider how the compliance function moves through the trilogy of steps as the ethical edge. Contemplate the following, more effective compliance equates to more efficient business process leading to greater profitability. In focusing on business relevance, compliance professionals can ask some of the following questions: Can the data be used to monitor our compliance performance and be offered as a service? Can that be done in real-time? How else can the data be analyzed to generate insights about the business processes and moving forward?
It may seem strange to discuss the need for compliance professionals and ethical intelligence but this is a bit different than doing business ethically and in compliance and will have consequences for companies, consumers, and society. Doing the right thing will become only more challenging as digital systems become increasingly complex. As every corporate function, including compliance, utilizes Artificial Intelligence (AI) and machine learning, compliance professionals will be required to examine the results through an ethical lens.
Equally importantly, “Companies will have to figure out how design decisions and digital systems affect each stakeholder and factor in the likely unintended consequences. In industries such as aerospace, automotive, and medical device development, traditional engineering processes like risk analysis and failure mode and effects analysis (FMEA) should also be deployed during the development of digital platforms and products.” The same will be true for the compliance professional, only more so. As a tragic example of a failure of ethical intelligence, the authors pointed to the “case of Boeing’s 737 Max 8, where, according to recent reports, pilots complained about an issue with the aircraft software while testing it years before 346 people died in two crashes. However, those concerns never made it to the Federal Aviation Administration — a tragic failure of ethics at all levels of the company.”
Compliance professionals must develop new codes of conduct, fresh corporate responsibility norms, key performance indicators (KPIs) that reinforce personal accountability, and specialized training, all around ethical intelligence. Moreover, compliance professionals must fully operationalize this ethical intelligence throughout the organization. This operationalization will help when decisions are pushed out in the business unit so that there is both rigor and discipline around the process of decision making that involves AI and machine learning. The authors state, “That means a heightened emphasis on developing tools that improve quality and stop bad design from hurting people. Making processes more digital must not take away from the inherent value of techniques such as control plans and independent testing, whose importance should be engrained in tomorrow’s talent.” CCOs and compliance professionals “must build guardrails into their platforms if they want to keep the faith of society, which already views corporations and intelligent machines with distrust. That could include more visibility into management processes and decisions, a clearer articulation of privacy policies, and better identification and reporting of anomalies in the system.”
Tomorrow I will conclude with why the structures matter for compliance in the new normal.