Former National Security Agency contractor Edward Snowden told us that the NSA tracks everything—who we email, our social networks, even what toothpaste we use—using a huge database of information it has collected. Snowden’s tale poses interesting questions about data security, and shows how tracking data can highlight important information about the way we live and work.
Like other disciplines, compliance programs have begun to embrace data analytics. The idea of tracking data and spatial mapping of data has been the subject of numerous articles about “big data,” including some in Corporate Counsel, that discuss the Moneyball approach to compliance.
This approach notes that tracking data is key to using data analytics in a compliance program and that objective data points can highlight emerging compliance risks. For instance, the number of third party intermediaries in a country or government official customers may highlight a company’s anticorruption risk profile.
Companies also can get useful information by tracking communication within a compliance program. Communication is often the lonely stepchild of compliance conferences, which tend to focus on other elements of robust compliance programs such as risk assessment, audits, investigations, or training—maybe because lawyers and outside consultants are more at ease talking about concepts traditionally in their wheelhouse. And communication is hard to get right. At a basic level, it involves passing on compliance messages to internal and external stakeholders, addressing employee compliance concerns, and program tracking.
Program tracking is where many companies miss the mark. Often companies are sent scrambling to rebuild their communication efforts years after a compliance failure, and the company has to try to retrace several years of compliance initiatives. This is a wasted effort. Before checking the communication box on the next compliance risk assessment, compliance professionals should evaluate how they are tracking their program and communicating compliance wins within the organization.
Key questions may include:
- How do you communicate your compliance program to the board of directors or other stakeholders?
- Does your organization track internal compliance program development on a shared calendar?
- Is there a database of resources for owners of different compliance risks?
- When an organization has a compliance failure, where is the program-tracking tool that shows the history of the compliance program?
If you haven’t thought about these questions, your compliance program likely has room for improvement. Communication is important—it ensures that internal and external stakeholders are aligned with the organization on compliance messaging and initiatives. This is critical to creating a culture of compliance and ensuring that operations and other stakeholders take ownership in the compliance program.
Programs with effective communication strategies are developing program-tracking tools on platforms such as SharePoint that encourage collaboration, and using other external software solutions to ensure communication of messages, ideas, and resources across the program. These tools include ways to share important developments with compliance stakeholders ranging from the board to operations managers. Not only is communication key to the program’s success, but it will lay the groundwork to make dealing with compliance failures go more smoothly—recreating five years of compliance developments for the U.S. Department of Justice is neither easy nor fun. And the outside lawyers hired to investigate the compliance failure are going to charge a fortune to do it for your company.
Communication is a key element of an effective program, and program tracking is a necessary part of an effective communication strategy. Set aside your views about the NSA and Big Brother, because the agency really understands how to track data (if not necessarily protect it). To ensure a culture of compliance, corporate compliance programs have to both manage information and communicate effectively with program stakeholders. A program without an effective communication strategy is doomed.
Ryan McConnell is a regular columnist for CorpCounsel.com and a lawyer at McConnell Sovany—a boutique law firm focused on compliance consulting, criminal defense, and plaintiffs’ litigation. McConnell also teaches criminal procedure and compliance at the University of Houston Law Center and is a former federal prosecutor. Jonathan Davis runs Jenobi, a firm that crafts dynamic presentations to meet training and communication goals. Both think it would be great if the NSA would filter junk emails or tell you when there is a good Groupon deal. Send the pair your compliance tracking ideas at [email protected].