If you’ve worked in our profession long enough, you know the hard reality that in many companies, executive management views compliance as a cost center, dissociated from growth. We dream of more. Of a day when compliance is viewed as intimately aligned with achieving the long-term interests of the organization.
I asked several colleagues how they would make compliance more strategic. Here is what they said.
See compliance as a competitive advantage
Better compliance practices will please more customers and help companies gain more business. Justin Ross, chief compliance officer of FedEx, says this is especially true for specific regulatory areas such as data privacy and export controls and trade compliance.
Regarding data privacy compliance, he said, “We have reams of valuable consumer data and have to be extremely careful we put the right parameters around that data; be transparent about how we use it with our customers; and then have processes that are extremely easy, intuitive, and seamless for consumers to either opt out of using the data or select certain preferences.”
These areas are hard for organizations to navigate and present a huge strategic advantage. This was true when I ran USPharma compliance at McKesson. We partnered with IT to pilot the value of obtaining ISO 27001 IT security certification in one business line, and once complete, our business client was astonished at the positive customer reaction. Their business increased, and they began highlighting the security certification in all their marketing materials.
And with export controls and trade compliance in the face of evolving country sanctions, especially given Russia’s war with Ukraine, Ross emphasized that “sanctions compliance has become very challenging.” Being able to move a good from one place to another now is extremely complicated, “way more complicated than it ever has been.” Having a compliance program that enables you to seamlessly do this is a clear competitive advantage.
For Ross, one key “magic moment” occurred when he reported to the board about FedEx’s first compliance champion awards, and the board chair asked for the email addresses of the recipients and sent each of them a personal congratulatory note of appreciation. Completely unsolicited and unasked for. “Stuff like that makes you feel good about the program,” he said.
Make compliance more proactive
In Lisa Beth Lentini Walker’s experience, the difference between effective and strategic compliance and ethics programs “is like the difference between night and day.” As the founder of Lumen Worldwide Endeavors, she drew the following distinction: Effectiveness focuses on understanding the rules and requirements, educating on those concepts, setting controls in place, and monitoring those controls as well as updating and conducting remediation when needed. Compliance that is effective meets the mark for following whatever the requirements are—whether law-driven or values-driven.
In contrast, “truly strategic compliance and ethics programs are far more proactive. Not only do they cover the base requirements of effectiveness, but they take everything to another level by making compliance and ethics a strategic advantage through forward-thinking collaboration, early-stage advisory, and communication well outside the internal employee base.” A tangible example of this is having a seat at the table for product design and launch, and providing early and regular advisory guidance.
David Wong, director of ethics and compliance at Palo Alto Networks, remembers being pulled into a meeting by sales operations at one company. The sales manager said, “Did anyone check the code of conduct before we finalize this decision?” David noted this was the first time in his experience that a leader had brought the code into a business conversation real-time, and it really had an impact that this company truly considered compliance a part of its DNA.
Take advantage of predictive insights
Due to its ability to look into all corners of the business, compliance is uniquely positioned to discover efficiency opportunities. “The compliance function must drive insight, teaming with the business to enable growth while at the same time mitigating risks,” said Claudia Valdivia, head of compliance for Internet Para Todos.
Here are a few questions Valdivia recommended asking, which provide measures of strategic value:
Has compliance reduced the number of internal audit findings?
Do the first and second lines coordinate in testing activities, processes, or controls?
Is compliance helping the business use risk management to drive value by providing insights that contribute to effectiveness?
Use long-term strategic thinking
Another key approach is demonstrating strategic vision by deploying a compliance plan with long-term goals in mind. “This supplements effectiveness by making it more likely that your initiatives are sustainable,” said Mary Shirley, head of culture of integrity and compliance education at Fresenius Medical Care. Shirley advocates that compliance officers adopt a “what do I know” approach that uses data (including stakeholder feedback), rather than an “I think” approach.
To illustrate her point, she shared this example: A compliance officer might think that everyone knows that giving gift cards is prohibited under company policy as a cash equivalent because they’ve trained on the topic and communicated this rule six times over the last two years. If the compliance officer takes a more strategic approach about checking on their assumptions with stakeholders and having humility, they are very likely to find some gaps that they were blind to.
Ensure the CCO is a member of the executive leadership team
Compliance should contribute to all strategic decision-making, such as mergers and acquisitions. For example, compliance may discover a big price differential due to an acquisition target’s bribery and subsequent fines.
“Compliance needs to understand that there are opportunities to get more involved,” said Rebecca Walker, partner at Kaplan & Walker LLP. Too often, she has observed that compliance toils away without the recognition it should be getting. She wisely advised to take every opportunity to build strong relationships and a visibly deep business acumen to be viewed as part of the strategic team.
In the end, the compliance program is as strategic as the CEO and board believe it is. And to quote Carla Harris, vice-chairman and managing director at Morgan Stanley, “Perception is the co-pilot to reality.” Take these examples from your colleagues and envision, in an ideal world, how do you want compliance to be perceived? What is possible? Then design backward for that outcome. You will likely be amazed by the results.
Compliance programs traditionally focus on being effective, but to achieve the status and recognition they deserve, they must evolve to the role of strategic partner.
Certain regulatory areas—such as data privacy and security, trade sanctions, and export controls—provide a strong opportunity to showcase compliance as a competitive advantage.
Think more broadly about the enterprise—compliance programs that are proactive, provide the business with predictive insights, and are aligned with the organization’s long-term strategic plan are well-positioned to grow their reputation as a valued adviser and partner.
In an ideal world, the compliance officer will sit on the executive team and be viewed as a holistic partner with contributions that go beyond the walls of compliance, improving operations, increasing sales, and promoting customer loyalty.
With regard to the role of compliance at your organization, envision a more robust future. With the right business knowledge, relationships, and perceptions of your function, what is possible? Don’t limit yourself to what is. Instead, consider what could be.
1 Stephen D’Angelo, “Morgan Stanley leader shares her tips for career success with Dyson undergraduates,” SC Johnson College of Business, Cornell, February 19, 2020,