Smart Compliance: Embracing Proactive Solutions
Over the last twenty years, we have seen a fundamental re-orientation in compliance. I would argue that as the compliance profession has expanded and taken on greater space and responsibility in the corporate governance world, a fresh perspective has developed.
In my view, compliance is devoting more attention, and properly so, to the idea of “proactive” compliance. This is in contrast to “reactive” compliance. What do I mean?
A proactive compliance perspective is dedicated to “preventing” misconduct and problems rather than “detecting” misconduct and then remediating the problem.
Let’s make this more practical.
Assume that a CCO learns (or happens to learn) that a specific business office or function is suffering from a rash of HR complaints, most of which may be focused on one or more supervisors. This phenomenon has also resulted in an increase in complaints of employee misconduct. Such a picture presents some important issues – even just the HR aspect of the issue.
The organization’s office or function has a culture that is deteriorating. In the proactive mode, I would challenge the CCO to define the problem, identify potential remediation and then intervene to address the problem before it manifests itself into more serious misconduct. This is the perspective of “proactive” compliance.
The reactive model is much different. A CCO is committed to enterprise-wide ethics and compliance and implementing such a program across the organization. In doing so, by definition, the compliance team will not react unless and until it learns of a “problem,” meaning a hotline report resulting in a “substantiated” allegation. Only then will the CCO begin to remediate the problem – usually by understanding the nature and extent of the misconduct and then imposing discipline against the bad actor.
The problem with this perspective is that it forecloses a broader consideration of the culture in that part of the company’s operations – i.e. the office or the function – and what other troubles may lay ahead. A CCO often will then respond to the situation by developing a remediation plan.
From my perspective, the CCO may have ignored or downplayed earlier warning signs. I am not arguing that the process is full-proof but a proactive perspective may have caught the potential misconduct at an earlier point, and avoided the impact of the misconduct and reduced the cost of remediation. I would bet that the overall cost of a proactive intervention is probably much lower than the cost of specific misconduct and post-misconduct remediation.
CCOs have to broaden their perspective to help identify proactive opportunities to address specific issues. I am not naïve to think that CCOs have resources and time to broaden their perspective but it is an approach, especially in high-risk areas, that can be successful and prevent serious misconduct that can result in costly scandals and reputational damage to companies.
A proactive approach is what I would call smart compliance by using your resources to prevent more than remediate problems. A proactive approach is usually more consistent with a company’s risk appetite and commitment.