The Compliance Officer – From innovation brake to innovation driver
Keep calm and data on!
We live in times of great uncertainty. Our world has come apart at the seams. The second wave of Covid-19 has reached Europe. Politicians, industry, and society are working flat out to combat the global pandemic. This means first and foremost compliance management or risk management.
Risk management is not just another word for averting risks. It means prudent action based on highly diversified data analysis. And – this may sound paradoxical, but it is not – the taking of new risks. A good example is Chancellor Merkel’s cool analysis, which brought down the exponential development of the virus to Sesame Street level for all of us.
Day-to-day political business is dominated by crisis and risk management. This will continue to shape our everyday lives for the time being.
Nothing else applies at the organisational level of companies. For the big players in the medical and pharmaceutical industry, for the health care system, but also for every single company, not necessarily of systemic importance, which is fighting for survival. Risk management also characterises day-to-day business. We have to fend off risks every day and take them at the same time.
Compliance Management: Shaping the future by taking risks
Does this only apply in times of crisis? No. Because if we beam ourselves mentally into the future, into the “New Normal” of a post-Covid era, then risk management will continue to be the issue. It will always be about fending off risks and, at the same time, taking risks to secure our future. Because the willingness to take risks is fundamental for innovations and elementary for shaping the future of a company. Innovations give companies decisive impulses that can ensure their long-term survival in a highly competitive market.
Innovation and Compliance Management: Make peace, not war
Compliance has a decisive influence on innovations within a company because they must always meet the requirements of compliance. However, the strict guidelines always seem to be a popular reason for missing innovations.
Behind this is an outdated mindset. How is compliance supposed to play along when its task is to inhibit and minimise the taking of risks?
Many companies still see compliance as a brake on innovation rather than a driver.
We are faced with the problem that innovation needs room to develop, but compliance takes away that room. Because compliance detects violations of rules everywhere and seeks to minimise the risks that lead to them. Apparently, compliance management and innovation cannot go together. Compliance management takes the air out of innovation: innovation is only about risk. How can we solve this dilemma?
Anyone who follows this blog knows that this is primarily about a changed understanding of compliance and that our product, the Rulebook, helps to implement the changed role of compliance operationally in everyday business.
In concrete terms, this means that we are moving away from the traditional understanding of compliance as risk defence. By not seeing compliance as the end of innovation.
And even more so, that “a growing digital economy can only be sustained if innovation and regulations work in tandem.”, as Forbes puts it in a nutshell.
That means: Being innovative with compliance management
In 2020, an innovative company should have a modern understanding of compliance. This means that compliance should be proactively integrated into all activities of a company.
A company that has integrated compliance management into its DNA can respond quickly to changes in technology, legislation, or customer expectations.
As more and more data regulations such as GDPR must be complied with, organisations have to integrate data protection “by design” into their processes. Non-compliance can result in heavy fines and can seriously damage your reputation and the trust of your customers.
However, many organisations only look at compliance in the context of their processes after the fact and leave it by the wayside. Taking a compliance-first approach to processes such as supply chain management or insurance policies not only ensures compliance, but can also become a driver of innovation, not a brake. Digital process platforms make it possible to map regulatory requirements. In this way, compliance can be checked in a very visual way.
The Compliance Officer of tomorrow
The Compliance Officer (CO) of tomorrow, or rather already of today, no longer sees his role exclusively in defending against risks, but rather in proactively minimising risks in advance of a “danger situation”. In the language of the organisational structure, this disruption is explained with a modernised Three Lines of Defense model. The Three Lines of Defense (TLoD) is a model for the systematic approach to risks that can occur in companies and organizations. A governance system for identifying and managing corporate risks. These must be recorded, identified, analysed, and evaluated at an early stage and communicated within the company. This means that its scope has become wider.
For the topic of innovations, this may even mean that the CO can take a leading role in innovation.
Back to the example with the German Chancellor mentioned at the beginning. Averting risks means acting prudently based on highly diversified data analysis.
Even when taking risks in the field of innovation, data provides access to customer knowledge. This way, it can help to advance new technologies such as IOT and machine learning. Data can open many new opportunities and business processes, but it can also be the downfall of a company. It is important to protect data appropriately and to consider it as part of risk management. It is the responsibility of the compliance officer to keep it under control.
In concrete terms, this does not mean that the compliance officer himself should check every algorithm.
The new role can only be performed jointly and responsibly with the leadership. And help to set the framework.
The programming of AI algorithms, for example, will be aligned with the valid legal framework and the own understanding of values. But what do these look like in detail?
Effective compliance communication, integration into and harmonisation with existing organisational structures, and promotion of the compliance culture are seen by compliance officers themselves as challenges and trends of today. Digital ethics is one of his new tasks.
Digital ethics or data ethics, partly also algorithm ethics, deals with the moral standards that are to be set for digitalisation and big data.
The Deutsche Telekom, for example, was one of the first companies worldwide to commit itself to digital ethics in dealing with artificial intelligence through self-created guidelines.
Barmer, one of the largest health insurance companies in Germany, has created a value system called “Digital Ethics”, in which good and responsible decisions can be made with a focus on people.
Nowadays there are also more and more discussions on the topic of digitisation in connection with ethics. For example by Prof. Dr. Dr. Frauke Rostalski, member of the German Ethics Council. In an interview with WDR, she aptly states that risk must be borne by a person and responsibility must be attributed to a person, not an algorithm.
The Compliance Officer cannot be expected to check algorithms in detail. Rather, it is his responsibility to leave people in charge and to provide employees with a suitable framework for digital ethics with this understanding.
Furthermore, according to a modern understanding of compliance management, the compliance officer can assign responsibility to his employees by integrating them into a system of corporate values. The compliance officer is thus also an ambassador for good corporate conduct.
Both functions can only be achieved through good communication. Framework conditions must be made transparent for all employees so that they can be involved in good corporate conduct.
Compliance Communication is Key
The C2S2 Compliance App Rulebook provides the best tool for this. Because it provides the right answer to every question. Always and everywhere knowing what is and is not feasible: The C2S2 Rulebook provides employees with a tool that generates competence to act in all situations. This creates motivation and trust, while at the same time avoiding breaches of rules and defensive attitudes.
Technically from thematic content sets, which are developed from the regulatory content of your guidelines or provided by C2S2 – optimised on request. We have developed a protected technology for this purpose: Interactive Rule Modeling (IRM®). Your guidelines are digitally mapped: The results are intuitively retrievable rules that communicate what employees can do, what they have to do and what to pay attention to in certain processes. Convenient user guidance and clear language make dealing with your company rules a motivating process.
In addition to being a concrete communication tool for daily use, the Rulebook can also be a companion for the compliance officer on his sustainable path from innovation brake to innovation driver.