Donna Boehme is widely credited with transforming the compliance profession into what is now known as Compliance 2.0. For that ten-year pioneering struggle and for creating models for global compliance programs, the SCCE’s 10-year anniversay award for dedicated service went to her as the “Lion of Compliance.”
Donna is the founder of Compliance Strategists, a leading consulting firm based in the metropolitan New York area specializing exclusively in compliance, ethics, risk and governance practice. She was previously in private law practice with Fried, Frank, Harris, Shriver & Jacobson in New York. She holds a J.D. from New York University School of Law.
Donna’s first interview on the FCPA Blog is here.
* * *
Using your new infographic can you explain for FCPA Blog readers what is Compliance 2.0?
It’s fairly straightforward. The foundational element is true compliance subject matter expertise (SME), which is distinct and different than Legal. SME is demonstrated by a successful track record actually designing and managing an effective compliance program. The rest of the model involves positioning that SME in ”architecture” with empowerment, independence, line of sight, seat at the table and resources to do the job well. You can see the architecture in the graphic.
We have created a resource hub that discusses each of these features. (Readers can see the details of the graphic on the resource hub.)
If a CO with SME is in a structure built to succeed, then the CO has the positioning to design and manage a robust, effective program. It will work to find and fix, or to prevent, misconduct and other major problems. The company can fix them before forced by third parties to do so. The new structure supports a culture of ethical leadership, transparency and accountability at all levels of the organization.
You picture C2.0 as a building and use words like “Architecture” and “Structured for Success”. Is Compliance 2.0 a new structure for the old business function of Compliance?
The idea is that compliance needs to be structured with independence (untethered from Legal), empowerment, line of sight, seat at the table and resources to achieve the mission. It is principles-based, since there can’t be a one-size-fits-all roadmap. Staying true to the “architecture” empowers the CCO and COs to have a clear mandate and mission they can accomplish.
In the infographic you put Compliance Officers’ Subject Matter Expertise (SME) at the top of the C2.0 building. Why are COs at the top?
Many of the Compliance 1.0 disasters in the headlines have highlighted the problems that happen when lawyers or other managers without true compliance SME try to “design and manage” compliance. No one with any sense would have triple heart bypass performed by a doctor who has never performed the operation. Why would a Board or C-Suite rely on an executive without compliance SME to design and run a program?
The profession has spent over two decades building expertise, knowledge, best practice and solutions. As I have told many CCOs: “You are the compliance SME here, so remember that no compliance SME comes into this company unless you bring it here!”
It is certainly worth noting that in both VW and GM, the big problems (emissions testing cheating scheme and deadly ignition switch defect) were known for years by insiders who tried to warn management, to no avail. Both of these companies could have benefitted from some true compliance SME.
For C2.0 to actually work, don’t businesses need to reorganize and restructure as well (such as COs reporting to the Board)?
From my experience with the old compliance 1.0, I’ve written: Choices about structure have consequences for success. A bad business structure produces bad results. Led by changes in the healthcare and big bank sectors, the principles of Compliance 2.0 are the New Normal. Surveys have shown that the momentum towards Compliance 2.0 is changing the way companies are structuring Compliance.
Can C2.0 stop scandals, like VW, that burn the house down?
Companies that correctly structure and manage compliance programs empower their COs to achieve their mission. They will be rewarded with programs that can detect and put out those fires BEFORE they burn the house down. The successes won’t be in the headlines. But look for more scandals at companies that don’t change. That’s what the past shows us.
How about changes outside of the compliance community? What about Boards, management, consultants, law firms, investors, prosecutors, media and public opinion?
Compliance 2.0 is all about busting the old myths of Compliance 1.0. The word is getting around. Boards, management, prosecutors and other gatekeepers are aware of the difference between the models. It’s evolving in the right direction. We have come a long way.
Fear of prosecution can’t stop “lawful but awful” conduct. There’s no prosecution for non-criminal, unethical business. But I believe C2.0 can and must stop it. What’s your view?
You raise a good point. When you think about it, every one of the great compliance scandals of our day can be attributed to the narrow, legalistic pursuit of compliance typified by Compliance 1.0. Without true COs with SME, management is in the dark on how the parts of the compliance program interact and support each other. Combined, they foster a culture of integrity, transparency and accountability at all levels.
How quickly we get there will depend on how soon and thoroughly all gatekeepers understand this dynamic and evolving profession. One of the biggest consumers of Compliance 2.0 should be the Board of Directors, who will understand it as a fundamental part of their oversight responsibilities. Two examples of companies that made the leap to Compliance 2.0 are VW and Walmart.
Compliance 2.0 was uncommon before it became the new normal. Why did you persist in making it your personal mission?
It’s been an epic journey. When I first returned to the States after my last CCO job, I had seen firsthand and heard so many “Maritza Munich” stories, that is, COs who lost their careers for doing their job well. It demonstrates Machiavelli’s warning: There is nothing more perilous than to lead in the introduction of a new order of things.
I was sick and tired of seeing Compliance Officers blamed for all the big scandals! But all the while, companies were structuring Compliance programs and functions to fail. I realized Compliance would never achieve success with the old legacy model.
So I gathered together the compliance professionals whom I regarded as the “brain trust” of the profession to discuss the problem. We called the group “Algonquin” after the hotel for our first meeting. For a decade, the resistance to criticizing the old model was intense. The Algonquin team and its growing supporters stepped up to every challenge.
After years of defining the problem and building our networks of influencers, Algonquin decided to reach for the next level, through a partnership I led with RAND, the famous nonprofit research-driven think tank. That partnership’s annual report and white papers on compliance (a symposia series) became a source of thought leadership for the profession and decision making globally.
Do you continue to see yourself as the ‘Lion of Compliance? What’s next for your mission?
All of the “Lions” in my networks advocating for Compliance 2.0 (there are many) have their work cut out for them. We can never again allow uninformed “experts” to define our profession! We did that once, and the result — Compliance 1.0 — was an expensive and disastrous failure. A good mantra for the profession now is much like Ellaria’s line in Game of Thrones this season, “Weak men shall never rule Dorne again.”
The advocacy that is required now is to ward off the backlash from naysayers while making sure the next generation of Compliance 2.0 is successfully established and thoroughly develops its SME. That’s a great mission for all the Lions of Compliance pulling together in this inspiring, evolving profession.
Michael Scher is a senior editor of the FCPA Blog. He has over three decades of experience as a senior compliance officer and attorney for international transactions. He’ll be a speaker at the FCPA Blog NYC Conference 2016.