Compliance pioneer defines the future path of profession

Those are the big challenges that lie ahead, in the view of Hui Chen, former compliance expert for the U.S. Department of Justice and author of its Fraud Section’s guidance to prosecutors on how to evaluate corporate compliance programs, who now serves as an independent compliance consultant.

Corporate compliance didn’t even have a name in the earliest days of government activity to signal to companies that it was their duty to prevent and detect wrongdoing, said Chen during a keynote address at Compliance Week’s annual conference. That spawned a bevy of activity to establish programs and develop policies and procedures to demonstrate that companies were taking steps to deter and detect bad behavior.

Now the focus is not just on whether a program exists, but whether it’s effective, said Chen. “We’re also moving from a rules-based approach to a principles-based approach,” she said.

Today, compliance programs are challenged by a proliferation of risks. “It’s not just one or two statutes,” said Chen. “It’s a whole host of things,” in areas such as trade, anti-trust, bribery, anti-money laundering, financial reporting, regulation, privacy, labor, and harassment, among others.

Compliance officers are also dealing with an onslaught of data, not all of which is connected or integrated in any way. They’re being tasked to better define how they prove or measure their worth, and they’re trying to cope with increasingly polarized values that produce different views of what is ethical and what is not.

All of that suggests compliance needs to evolve and function at a higher level, says Chen. “We are going to move to a trend where we learn how to better integrate trends, data, and risk,” she said.

As a starting point, Chen suggests compliance officers look for new ways to integrate data and processes. In her work consulting with companies, Chen said she encountered a company recently that had established a platform of 93 separate pieces of mandatory training new employees needed to complete as part of the onboarding process.

“I’m sure they hate you already,” she said, before new employees facing that kind of training would even begin their jobs. “It’s an assault on employees. It’s miserable.”

Compliance could instead look for ways to integrate training into everyday business processes, Chen said. As an example, when a company is establishing ties to a new distributor, the initiation process could include built-in mechanisms to produce the information needed by compliance to assure the distributor has been properly vetted for concerns like anti-corruption, trade sanctions, and labor issues. “Instead of making a process that’s convenient for us (as compliance people), think of a process that’s convenient for business people,” said Chen.

One of the challenges of transitioning to such an approach is a corporate tendency to gather and retain information in silos, said Chen. Many companies have become quite savvy about integrating data to improve the consumer experience, but have not given the same effort to improving the business use of data.

“When you buy something on Amazon, it tells you [that] you might also like these other books,” said Chen. “How does it know that? Analytics.” The same kind of data integration provides fraud protection on credit cards and gives ride-sharing app users an easy way to rate the service and tip the driver, she said.

“What if one of those companies tells you we can do all of those things, but we can’t track employee expenses?” Chen asked. “Does that sound reasonable to you?” Companies have plenty of data around sales, marketing, finance, operations, and legal and compliance, but little of it is integrated or harmonized, she said.

Technology exists to extract it, harmonize it, and visualize it in ways that would enhance the compliance experience, Chen said, and the classic objections about scale, cost, and complexity are fast evaporating. In addition to efficiencies, companies can reasonably expect to enjoy more proactive monitoring, better solutions to business problems, and better ways to measure outcomes, she said.

Anheuser-Busch InBev, a global beverage brewer, has done a great deal of work to integrate its data, producing better insights into its business, said Chen. The company has developed platforms designed to assist in identifying, monitoring, analyzing, and remediating compliance risks, looking for problems in payments, AML, cash, checks, wire transfers, conflicts of interest, duplicate payments, travel and entertainment, and much more.

Matt Galvin, VP of ethics and compliance at ABI, said at Compliance Week’s conference he finds the whole experience far more efficient than the traditional audit model. “The whole model of having a rule and auditing against that rule was very inefficient and unappealing,” he said. “From a cost perspective, it’s wildly expensive compared to the alternative.”

Such integration of data will not only make compliance more efficient, but it will help compliance officers better define what it means to be effective. That’s another important step in compliance’s journey as a profession, said Chen.

“Effective at what?” Chen asks any compliance function that deems itself to be effective. “We have the process side down; now we need to measure outcomes.” Better use of data is critical to evolve to that level, she said.

Finally, compliance officers of the future need to tune into polarizing values and assure differing views are considered in defining corporate ethics, said Chen. Surveys are an important means of discerning what people think, as are hotlines or helplines. Compliance needs to assure it is gathering feedback and input at the outset of initiatives rather than after the fact, she said.

Listening is an important preliminary step to understanding what people think, Chen said, and that’s not necessarily a common skill among business managers. “We’ve got to equip managers to help them be better listeners,” she said. “That’s a problem we have got to help solve.”