What Is Your Compliance Strategy?

by Thomas Fox

Do you have a strategy? The Houston Astros claim to have a strategy that involves being the worst team in baseball for up to the next five years and then magically they will become a winner. I suppose that having the worst record in baseball demonstrates that they are on the right path. Another three game series, another three game sweep by the visiting team, thus ending three games of some of the most pathetic baseball I have ever seen. However, even the ever-optimistic Astros manager, Bo Porter, admitted in an interview to the Houston Chronicle last week that “He has no idea if the Astros’ rebuilding plan will work.”

Now suppose you are in management, though not in the Houston Astros where you are implementing a strategy to set the all-time season record for losses, but a successful compliance program. How can you go about it? While most companies have compliance programs, they do not have a compliance strategy. To endure, a compliance strategy must address the interests of all stakeholders: investors, employees, customers, governments, NGOs, and society at large. A compliance strategy should increase shareholder value while at the same time improve the firm’s performance on environmental, social, and governance (ESG) dimensions. These concepts were recently explored in an article on sustainability in the May issue of the Harvard Business Review (HBR), article entitled “The Performance Frontier”. I found the concepts that the authors Robert G. Eccles and George Serafeim put forth, translate into the compliance arena as well.

The basic posit is that corporate investments in compliance do not necessarily require trade-offs in financial performance. Instead, if a company will focus on the issues that are the most relevant to both risk and shareholder value, a company should be able to boost both financial value and compliance performance. The authors believe that to do so, companies should focus on four areas.

1.      Identify Material Compliance Issues

While the overall list of compliance issues may be long and broad, the key is to determine the material issues to your company. In the context of sustainability, the authors suggest you can use a “Which Issues Matter Most” data map. They also phrased it in another manner by stating, “Evidence of economic impact is determined by evaluating both anecdotal reports and quantitative studies to gauge whether management (or mismanagement) of the issue will affect traditional corporate valuation parameters: revenue growth, return on capital, risk management, and management quality.” In the compliance arena, this would correspond to a risk assessment.

2.      Quantify the Relationship Between Financial and Compliance Performance

After you understand your company’s material compliance issues, assess the impact that improvements in each would have on financial performance. Compliance performance has many dimensions and depending on the company’s compliance strategy and the issue being considered, the most important dimension could be cost reduction, revenue growth, or gross margin defense. In the sustainability area, the authors state that a “host of factors complicate evaluations of the relationship between ESG and financial performance. Not the least of them are limitations on the ability to precisely measure ESG performance—a challenge that SASB and others are working to address.” However, even with this difficulty, I believe that a company can make an informed estimate of the slope of the performance-frontier curve for any pair of compliance and financial variables by determining whether each incremental improvement in compliance performance causes a corresponding positive or negative change in financial results – or has no impact.

3.      Innovate Products, Processes and Business Models

As with any strategy, it should be informed by your analysis. Once you determine the compliance issues to focus on, you should benchmark your industry peers on these issues. If your company’s performance falls short of industry benchmarks in a particular risk parameter, getting it up above par is the first priority. Within the sustainability context, the authors state that “At the very least it will mitigate your risks, since stakeholders tend to focus on industry laggards in campaigns aimed at increasing corporate ESG performance. Many improvements, such as reducing manufacturing waste, involve minor or moderate innovations that can enhance efficiency and, therefore, financial performance. Those sorts of innovations are increasingly necessary (but not sufficient) to ensure competitiveness.”

In the compliance arena, there are many resources available to you for benchmarking. The first place to start is the Department of Justice (DOJ)/Securities and Exchange Commission (SEC) Foreign Corrupt Practices Act (FCPA) Guidance released last November. The “Hallmarks of Effective Compliance Programs” set forth in the Guidance is an excellent compilation of where we are and what you need in place to go forward. I recommend this as a good a starting point to evaluate the state of an ongoing compliance regime so assess your company’s risks and use these hallmarks as a basis to move forward.

4.      Communicate the Company’s Innovations to Stakeholders

This may be one area of a typical compliance strategy that a company does not normally take into account. A company’s compliance function cannot assume that shareholders and other stakeholders will understand how its innovations have improved both compliance and financial performance – and how the two interrelate – unless such information is communicated effectively. As the authors state in the framework of sustainability “This is more than a matter of public relations; major innovations often require substantial investments whose benefits will not be seen for years to come. If a company expects shareholders to commit for the long term in order to receive those benefits, it needs to provide them with information that justifies their investments.” The authors call this “integrated reporting” and I believe that this is also true in the area of compliance.

As a communications tool, integrated reporting involves more than posting a PDF version of the Code of Conduct on a company’s website. As with almost all reporting, the most effective reporting is as much about listening as talking, and it serves as a key platform for stakeholder engagement. The authors believe that integrated reporting is a “way to establish a conversation that considers a company’s performance in a holistic way, identifies the tough trade-offs, and builds a case for innovation and the benefits it can generate. This engagement is also central to eliciting feedback on how well the company is meeting expectations, the quality of its communications, and what it can do to improve them.”

On the final point, the authors state something that I believe is often overlooked as a part of any compliance strategy. It is that “integrated reporting enhances discipline. It forces management and employees to think about both the financial and the ESG implications of their decisions and helps spur innovation as they seek to improve both kinds of performance.” The FCPA Guidance speaks to Incentives and Disciplinary Measures, which is generally considered to be both the carrot and the stick. The stick to demonstrate that there should be appropriate discipline in place and administered for any violation of the FCPA or a company’s compliance program. The carrot as the DOJ and SEC recognize that positive incentives can also drive compliant behavior. This would dovetail with the authors’ observation that integrated reporting enhances discipline.

Eccles and Serafeim discuss in their article the corporate benefits of having a sustainability strategy. I think their ideas are applicable to the compliance field and give you new ways to think about old problems. As for the Astros, maybe they could develop a winning strategy.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thomas Fox, Compliance Evangelist | Attorney Advertising

Written by:

Thomas Fox

Compliance Evangelist on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.