“Compliance is a Business Solution to a Business Problem” could be the motto for second generation compliance, as it leaves behind its origins as a subset of the law department.
Compliance is becoming more like a business discipline than a profession. Or perhaps it’s a hybrid profession like law and accounting. It’s all still a work-in-progress.
Roy Snell, an 18-year compliance veteran, is a founder and long-serving CEO of the SCCE; no one knows more about compliance but Snell also understands business. The SCCE is the flagship organization of the American compliance profession, with over 13,000 network members globally and a powerful, business-sustainability model for its conferences and outreach.
Looking over a room filled with compliance officers, Snell asked a tough question: Why are we here? Good people before us failed to protect their companies, so what are we going to do differently? How can we re-invent compliance?
As he put it: Doing business the old way is inefficient and wasteful. Years of misconduct and legal violations build up until finally an enforcement agency descends on the company. A massive cleanup follows and instead of building for the future and being productive, everything stops to deal with the accumulated mess.
Snell says that in most cases the big problems were known all along — there was always “smoke before the fire.” People knew but no one could fix it because they lacked the authority or influence to make the enterprise wake up.
In an example of how second generation compliance is re-thinking intra-company dynamics for effective compliance programs, Snell relates that when he was a compliance officer and someone wanted part of his turf, he was happy to give it to them, on terms and conditions that they own the problem until fixed, invest their budget, train their staff, acquire the interpersonal skills, and take the political risks of offending senior officers. They let him keep the turf.
Snell’s plenary session (Influencing Decision-Making, moderated with the chief ethics and compliance officer of a major healthcare organization, Jenny O’Brien) was a lessons-from-the-turf-wars presentation for compliance officers in building “soft power” skills to influence the enterprise — the beginnings of the new discipline of compliance that will be taught someday in the top business schools.
In Donna Boehme’s workshop (Relationship Roadmap), the panel discussed a new formulation for what compliance does: Go looking for problems. Study them. And make sure they are fixed — by somebody, not necessarily compliance officers.
The current mantra for compliance programs is derived from DOJ prosecutors. They ask companies defending bribery allegations: If your program was so effective, explain what it did to prevent, detect, and remediate. It’s a formulation derived from the origins of compliance in enforcement actions.
The SEC and DOJ have called compliance officers their “front lines.” That’s true enough but it misses the point. Compliance officers don’t work for the feds, they’re working for their companies. The same emphasis runs through the Federal Sentencing Guidelines, the DOJ/SEC Hallmarks, and the U.S. Attorneys Manual. But the field is outgrowing its law enforcement origins and needs room for fresh thinking that incorporates these still-essential standards but also has a second generation perspective. Compliance is a business solution to a business problem.
Michael Scher is a senior editor of the FCPA Blog. He has over three decades of experience as a senior compliance officer and attorney for international transactions. He can be contacted here.