Changing the focus of compliance teams to change the world
Most compliance teams will tell you that they have a set of ‘pillars’, based on laws or categories of laws, that they focus on within their department. These pillars will be something like:
- anti-corruption and bribery
- anti-trust
- ethics and code of conduct
- privacy
- third party management
- harassment and discrimination.
For the sake of argument, let’s call these the ‘Traditional Pillars’.
While third party management has likely only been introduced in the last five or so years, the rest of these Traditional Pillars have probably not changed in the last 20 years. They are legally driven and focus on compliance with the set of laws under which the company operates, so they are still relevant; however, they need a revamp to better reflect the challenges facing today’s businesses.
As we move forward into what is clearly a post-pandemic world, compliance teams need to be involved in broader and more holistic initiatives that extend beyond laws and the Traditional Pillars.
Many of these new pillars – the ‘Millennium Pillars’ – relate to society and humans. They centre on the values and expectations of the business and the communities in which it operates.
The compliance teams of the future might have pillars that look like this:
These Millennium Pillars are different to the Traditional Pillars in that they are flexible in order to be able to concentrate on the key issues in our communities that are crying out for attention.
For example, there has never been a more important time to focus on equality and justice for women. COVID-19 has intensified the gender imbalance in the workplace, with women of colour more likely to lose their jobs than any other demographic in the United States, while in Australia almost three times more university-educated females lost their jobs in the pandemic than their male contemporaries. And, in the time of the Me-Too movement, we are hearing new stories of gendered workplace violence every day.
It is clear that the current legal-based thinking of complying with sexual harassment and racial discrimination legislation is simply not cutting it. We seem to be going backwards and not making significant strides in areas like women in the workplace, or how race and equality is understood and managed in companies.
We need more than following a set of laws and doing the mandatory sexual harassment training; we need a behavioural change that leverages incentives and disincentives and attitudes, and ultimately a cultural change led by top management. If legal and compliance teams applied their immense talents to equality, diversity and inclusion as a pillar, just like they did for some of the Traditional Pillars like anti-corruption, imagine what impact that could have not only on their companies but the world in general. The needle has to move and move quickly.
The Millennium Pillars are forward-looking. They are designed to reflect the issues facing businesses today and those that will face businesses in the next 10 to 15 years. They are named in more general terms (rather than following strict legal nomenclature following the names of applicable laws) because the focus should be on the provision of holistic solutions to the problems found within the pillars, not simply focusing on compliance with the relevant law.
Supply chains and ecosystems, for example, represent a pillar that reflects several sub-areas. There is no ‘supply chain law’ for the pillar to focus on, but rather numerous legal and compliance areas, the majority of which have been tested and proved inadequate throughout the recent pandemic years.
The pandemic tested global supply chains and the ability of businesses to secure raw materials from international markets. The underlying issues that give rise to these supply chain problems include contract issues, market abuse, export control, human rights, sanctions, geo-politics, country sovereignty, and taxes, levies and tariffs. Solving the issues in our broken supply chain (which have been very clearly highlighted by the pandemic) requires knowledge of and experience in all these areas. The concerns are broad and must be viewed as part of the solution.
As part of that development, the concept of ‘ecosystems’ becomes even more of a focus for businesses. It is very clear that there is an interconnected system of companies, governments, relationships and personalities that need to come together effectively to allow a business to manage these areas. This interconnection, or ‘ecosystem’, will be essential for global businesses to get right. As the old saying goes, ‘the chain is only as strong as its weakest link’ – but if you build an ecosystem and maintain it effectively, then the risk of a single point of failure is much lower.
Let’s now look at resilience and efficiency. At first glance, this might seem like more of a ‘business’ issue rather than a legal and compliance concern. However, the pandemic and the likely new way of doing business raises areas for legal and compliance teams that do not easily fit into one of the more traditional pillars.
When looking at resilience, we could be looking at the business itself (e.g., its capital requirements, cash and financial resilience), but we could also be looking at the resilience of its people.
On the capital side, we saw businesses struggle with cash flow and capital throughout the pandemic. One could argue that these businesses were too light on capital, or perhaps simply could not pivot to the changed environments fast enough. Many had so many inefficient processes that, when forced to make a major and immediate change, they were the classic ‘battleship’ that needed months or even several quarters to change direction. Many struggled to be resilient enough to make necessary changes quickly enough and suffered the consequences.
On the people side, the pandemic caused totally different working patterns, significant changes in the location and activity of staff, unfamiliar meeting styles, a reduction or cease of travel, and new ways of group engagement and team management. The legal and compliance (and practical) challenges around employee access, working from home (including employees working from home abroad or in different states), providing access to confidential or sensitive information outside the workplace, and the overall mental health of employees raised significant concerns that were likely rarely considered previously.
Take another example: hearing all voices. The old and rather outdated model of having an employee hotline staffed by a room full of notetakers to record compliance breaches and complaints seems like something from 1990.
If the last ten years of social media have taught us anything it is that people have a voice and they will use it. They will use it in open forums and they will use it anonymously. They will use it as both a reporting forum and an attack against the company. The voice can be brutal, and it can go viral and be near impossible to defend against.
Social media, especially combined with a voracious traditional media in an era where ‘trial by media’ is the accepted norm, requires different ways of employee and stakeholder reporting. ‘Hearing all voices’ is not just a quick rebrand of whichever department collects whistleblowing hotlines and does investigations; it is a deep revision of how people are encouraged to speak up, the ways in which they can speak up, the protections they are given and the depth of topics that are reported. The aim is to expand the concept from a whistleblowing reporting system to a feedback messaging system that covers all topics that may affect a company.
The Millennium Pillars are obviously different, aggressive and thought-provoking. While not every business will adopt them, compliance teams are perfectly placed to help tackle some of these issues. They can have a significant impact in making the world a better place.