How would you describe the current state of the ethics and compliance profession?
To borrow the popular expression, the pace of change affecting the profession has never been this rapid, and it will never be this slow again. The profession gets more complex, and the expectations heaped upon it become greater, every day. On one hand, repeated failures in the absence of compliance and ethics programs continue to demonstrate their need, while also resulting in increased regulation.
At the same time, excellent compliance and ethics programs are rewarded in a “no good deed goes unpunished” manner, with increased scopes from within, and increased expectations from, regulators. But I’ll take this any day of the week, because it illustrates the value that strong programs bring to an organization. The biggest thing hampering organizations in addressing this onslaught of change is simply a head-in-the-sand mentality that ignores all the warning signs of impending problems.
Many companies that have what are considered world-class E&C programs still find themselves facing problems arising from corruption or other misconduct--are you worried companies spend money to build robust programs for appearance, when they just want to continue business as usual?
A speaker at one of our conferences recently noted that senior management in her company doesn’t want “best practices” for the compliance program, they want “good-enough” practices. There is a practical element to her comment, in that “best” can imply “costliest” to management, and compliance will never be granted an unlimited budget. There is also a suggestion of the acceptance of mediocrity that I dislike about her comment.
I also dislike using the term “best practices” for another reason–it suggests we can’t get any better. Compliance should always be focusing on improving and doing the best it can within the confines of whatever budgetary constraints it is presented with. And risks are continually changing. A supposed world-class E&C program will have vulnerabilities no matter what it does. Yet that world-class program will still be much better positioned to deal with compliance risks than the organization that does not strive to have such a program. That’s the message E&C folks need to communicate.
Every time I think about this issue I am reminded of the scholar Edward Gross, who said “all organizations are inherently criminogenic” due to a focus on maximizing profits for shareholders. While I think that statement by itself paints an overly bleak picture, there is a truthful element to it that explains the constant tug between mission and compliance that exists within most organizations. And that’s the second part of the message E&C people need to communicate–that you can have it both ways, achieving the organization’s mission in a compliant and ethical environment.
How is digital transformation changing the way ethics and compliance is practiced and thought about? What can organizations do to better encourage conversations about ethics and morality when it comes to the changes being brought about?
The digital transformation is affecting the scope and nature of ethics and compliance, but also how ethics and compliance programs are managed. An example of the former is the impact of new technology in general on compliance risks–whether it be privacy or any of a myriad of other issues. New technology is a driver of compliance risk, and compliance professionals must proactively consider how new technology changes existing compliance risks, and creates new ones.
An example of the latter is found in the use of data analytics in the compliance monitoring process. We could significantly cut back on fraud, corruption, and many other compliance issues--or at least detect them much sooner--if we analyzed all of the data we are legally allowed to analyze. But some of this data, while allowable for use in such analytics, brings with it issues of employee trust, and even privacy concerns. Organizations need to decide how far they want to go in the fight against corruption and noncompliance in using all legally available data. Just because it’s legal doesn’t mean a company should be reviewing it.
What should organizations be doing to prepare for the ethical questions that are being raised by the rising use of artificial intelligence?
These need to be conversations that are held at the highest levels within organizations. We could stop a lot more wrongdoing, and do so within the confines of existing privacy and other laws, but the techniques can look like snooping, and can create a “big brother” atmosphere within an organization. I have seen some amazing capabilities using AI. The ethics and compliance team should have a clear understanding of the corporate tolerance for the use of these techniques before embarking on the AI journey.
What role can SCCE/HCCA play in bringing about workplaces that are diverse and inclusive?
As an association, our role is limited, but there are clearly opportunities for us to help. We represent the entire profession of ethics and compliance professionals. Fortunately, the profession as a whole is one that has generally been open and committed to inclusion. We try to mirror that in terms of how we operate the association, both internally as well as in our programming at our conferences. By being inclusive in our own operations as an association, we can hopefully serve as a good example, and as a catalyst for positive conversations about inclusion in the workplaces of our members.
You've had a few years now at the helm of SCCE, what are two or three goals you have for the organization in the next few years?
It’s been a great first two years at SCCE, and the transition from cofounder Roy Snell to myself as CEO was completed one year ago. Since I started in November 2017, SCCE’s staff has grown by more than 50%, reflecting both our commitment to better serving the compliance and ethics profession, and our own growth in membership.
With our launch earlier this year of Cosmos, our digital platform, we are focused on developing practical tools and resources that compliance and ethics professionals can access quickly anywhere. We’ll also continue to focus on expanding our educational offerings both from a content perspective as well as geographically. In 2019 we are bringing our academies and conferences to 11 cities outside the U.S., and next year there will be even more. It’s an exciting time to be in this profession and I am tremendously excited for the future here at SCCE.