Reactive Compliance: An Oxymoron?


reactive compliancePeople make bad decisions.  Companies make bad decisions.  In fairness, sometimes a bad decision is the result of a failure to act, or a failure to prioritize.

We are surrounded by oxymorons in our world.  I enjoy identifying them.  We all know the classics – Compassionate conservatism, military intelligence, etc.

In the compliance world, my favorite oxymoron  is – reactive compliance.  What happened to proactive compliance? Proactive thinking is at the core of compliance – risk assessments are forward-looking in purpose; risk management systems are proactive and internal controls are designed to control future behavior.

CEOs can be odd characters.  At the heart of their job is the ability to multi-task, balance simultaneous tasks and provide a broad vision to lead the company.  In the end, the CEO acts like a compliance officer by weighing relative costs and benefits to decide what he or she needs to do.

CEOs can either attend to compliance and ethics in a proactive way or they can ignore compliance and ethics, and put it off for another day after a violation occurs (which may or may not result in a government enforcement action).  There are a number, if not a majority of CEOs, who choose the latter course and decide to embrace reactive compliance.

When they make this “decision,” CEOs delude themselves and justify a failure to act based on on higher risks, higher priorities or too much cost.  A narrow view of compliance, by definition, precludes recognition of bottom-line benefits from compliance and ethics, and instead focuses on the increased costs of the compliance and ethics program.  CEOs are able to rationalize to themselves that, given the relative threats and tasks to a company, reactive compliance is the most efficient choice for the company.reactive3

A reactive compliance program is just that – reactive.  The DOJ/SEC Guidance described a related concept – a paper compliance program.  I can understand why DOJ and SEC attorneys are tired of seeing companies which have violated the FCPA, and which rely on their paper compliance program as demonstrating their commitment to compliance.

A paper compliance program has all the right trappings.  It consists of all the right words and all the right policies.  It looks good when you first read it and you feel warm and fuzzy.  But once you lift the hood, a different picture appears.  The company’s compliance program has a very small footprint.  Ethics and compliance is not a part of the culture.  A risk assessment is not conducted.  On occasion, business managers follow due diligence requirements.  There is very little monitoring, and the tone at the top is non-existent, except for a few statements around the company about the importance of compliance and reactiveethics.  Every paper program devotes time and attention to gifts, meals and entertainment expenses because the issue can be easily defined and addressed.

At its core, the CEO is responsible for a reactive compliance program.   If the company suffers an enforcement action, the board and corporate shareholders will question the CEO why the violations occurred and why the compliance program did not work.  The CEO will be held accountable.  In many cases, the CEO’s tenure may end as a result of the company’s calculated compliance decision.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Michael Volkov, The Volkov Law Group | Attorney Advertising

Written by:


The Volkov Law Group on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.