The Role of Technology in a "Just In Time" Model for Corporate Compliance

Gwendolyn Lee Hassan, Managing Counsel – Global Compliance & Ethics, CNH Industrial
Gwendolyn Lee Hassan, Managing Counsel – Global Compliance & Ethics, CNH Industrial

Gwendolyn Lee Hassan, Managing Counsel – Global Compliance & Ethics, CNH Industrial

The Old Model – Compliance Information “Push”

Imagine a salesperson from your organization is traveling to a country in Asia to meet with government officials about a public tender. The officials suggest a local restaurant for dinner. The employee vaguely remembers a policy she saw during her new hire orientation three years ago that mentioned something about entertaining government officials. The policy says she may not entertain government officials during a public tender but she doesn’t remember this. It’s the middle of the night back at the home office; no one is checking email and she doesn’t know anyone locally to ask for help. She decides to go ahead with dinner and orders blindly off the menu as she can’t read the local language and is unsure of how much things cost. The officials order many bottles of wine and the local specialty liquor.

When the bill finally arrives, it is in local currency and she is unsure of how much it is. Because she can’t remember the company policy, she decides to play it “safe” and pays the bill with her personal credit card with a plan to have the company reimburse her later (a potential books and records violation under the FCPA). The day after the outing, your company is awarded a large contract from the government entity worth millions of dollars. The company congratulates the employee on her successful trip. A week later, a competitor files a protest alleging your company won the tender only as a result of having “wined and dined” the government officials, a potential bribery offense posing tens, or even hundreds of millions of dollars in potential fine exposure under both local and U.S. law.

This type of situation happens with surprising frequency. Employees don’t have access to the information they need when they actually need it. They find applying a policy or procedure in a real-world situation to be much harder than it looks; especially when they last saw the applicable policy months or even years ago.

Traditional compliance programs use what might be called a “push” method. Compliance officers draft policies and communication pieces and “push” them out to their constituencies. They create new hire orientation and training programs and “push” them out to indoctrinate their members with the information they need.

The role of the employee or organization member under this approach is passive. Compliance messages are pushed out to team members who in most cases did not ask for the new information and are receiving it in the abstract context of “If you are ever in this situation, this is the rule that would apply.” Employees are expected to then “inventory” this information somewhere in the minds until they actually need it at some point in the future under the belief they will be able to not only remember it, but will also be able to apply it correctly. The problem is, they often can’t do either.

“Just In Time” Pull of Compliance Information

Remember when it was common practice for suppliers of a manufacturing company to “push out” months’ worth of parts to their customers? Manufacturers had to pay for and store these goods until they actually needed them for production. This tied-up space and capital for the manufacturing company, and in the meantime, parts might be lost or damaged or become obsolete over time as they were stored but not used.

Now, however, with the advent of “just in time” supply methods and technology, manufacturers “pull” and pay for only the parts and supplies needed to meet their immediate manufacturing need. Valuable capital is no longer tied-up in part inventory, storage space is minimized, shrinkage is reduced and efficiencies abound.

  Compliance officers draft policies and communication pieces and “push” them out to their constituencies​  

Similarly, technology can also provide “just in time” compliance resources as well. Instead of “pushing out” large volumes of compliance policies and educational content to employees, technology enables a “pull” model where employees obtain the exact compliance information and resources they need, exactly when they need them.

Imagine the previous scenario, but leveraging technology to limit compliance risk. When your sales person lands in Asia, the compliance application on her company-issued mobile phone uses GPS to determine her location and sends her an alert reading, “Welcome to Asia! For more information about conducting business here, please read our country guide (with a link to a customized guide for that region.) While you are here, please remember the gift limits for this region, you can find them here (with a link to the local gift policy.) Please remember the region you are in ranks high on the corruption perception index and bribes may be demanded. This is an especially sensitive area if entertainment of government officials is involved. To see if your plans comply with our policy, please use our gifts and entertainment decision tree found here (with a link to a decision tree.) To review our anticorruption policy, please click here (with a link.) While you are in Asia, if you have compliance questions or concerns, here is the number to a local English speaking compliance officer who can help you.”

This type of technology, along with a translation app and currency exchange rate calculator can empower your employee to be more compliant. You have given her instant access to the exact information she needs to make better, smarter, and more informed decisions, thus limiting the compliance risk inherent in doing business in a developing market. Mobile apps like the one described here are increasingly available and are truly only the tip of the proverbial iceberg when it comes to potential technology applications for compliance. Exciting advancements in AI and machine learning are paving the way toward a day in the not-so-distant future when we will be able to provide every employee with their own customized, individual, “virtual” compliance officer, right in the palm of their hand. The ability to reach employees right where they are, with the exact information they need, the moment they need it, is a technology use case clearly meriting the investment.

Read Also

Easing Compliance: Expanding an Ethical Culture Through Technology

Easing Compliance: Expanding an Ethical Culture Through Technology

Raphael Richmond, Global Director-Compliance, Ford Motor Company [NYSE: F]
Cybersecurity Risks and Why Internal Partnerships and Cross-Functional Resources Matter

Cybersecurity Risks and Why Internal Partnerships and Cross-Functional Resources Matter

Adrian Mebane, VP & Deputy General Counsel, The Hershey Company [NYSE: HSY]
Chief Compliance Officers And Cyber Security: A Match Made in the Boardroom

Chief Compliance Officers And Cyber Security: A Match Made in the Boardroom

Robert Garretson, GM, Governance Strategy, United States Steel Corporation
Avoid Non-Compliance by Getting Your SSH Keys under Control

Avoid Non-Compliance by Getting Your SSH Keys under Control

Fouad Khalil, Director of Compliance, SSH Communications Security