This date has amazingly two great milestones in aviation history. The first is Charles Lindberg’s solo crossing of the Atlantic in 1927. Then five years to the day, Amelia Earhart duplicated the feat by becoming the first woman to cross the Atlantic solo. Lindbergh landed at Le Bourget Field in Paris, successfully completing the first solo, nonstop transatlantic flight and the first ever nonstop flight between New York to Paris. His single-engine monoplane, The Spirit of St. Louis, had lifted off from Roosevelt Field in New York 33 1/2 hours before. Earhart became the first pilot to repeat the feat, landing her plane in Ireland after flying across the North Atlantic. Earhart traveled over 2,000 miles from Newfoundland in just under 15 hours.
Both were wildly hailed as heroes. Lindberg suffered tragedy when his infant son was kidnapped and later found dead in 1932. Later in the decade he became a leading isolationist but whole-heartedly joined in the war effort. Earhart was lost attempting an around the world flight in 1937. Both Lindberg and Earhart were dynamic and leading disruptors in the aviation arena.
These two American aviation heroes and their dynamic disruption of the aviation was much broader than one industry. For instance, Lindberg’s flight was designed to win a prize of $25,000 which was set by a New York city hotel magnate, Raymond Orteig. Orteig hoped his award would help drive travel to increase tourism and bookings in his hotels. That type of dynamic thinking is most useful in the compliance function as well.
One of the key changes coming out of the Covid-19 pandemic is the need for dynamism on corporate policies. I thought about the need for such dynamism in the compliance function when I read a recent MIT Sloan Management Review article, entitled “Turbulent Times Demand Dynamic Rules”, by David R. Hannah, Christopher D. Zatzick, and Jan Kietzmann. The authors believe, “Circumstances can change rapidly in an uncertain world — organizational rules should be designed to change along with them.”
This concept is most appropriate in the compliance arena in the area of risk management. As your risks change, your management of those risks should adapt to the new reality. This is why the Department of Justice (DOJ) intoned in the 2020 Update to the Evaluation of Corporate Compliance Programs that you should assess your risks as they change, modify your risk protocols, monitor your risk management strategy and then update your compliance programs through continuous monitoring.
There are two types of ways to think through your risk manage strategies: traditional and dynamic. In a traditional approach, the policies focus on control: management tells employees what to do, then monitor “employees to make sure they obey the rules, and impose sanctions on people who fail to follow them. The traditional mindset views those in upper management as rule makers, acting independently from those who must follow the rules.” In the dynamic approach, management acts as “collaborative facilitators, working together with employees to create and modify work requirements. Managers recognize that employees are subject-matter experts, with hands-on, practical knowledge that managers often do not possess. Employees are invited into” the process.
Yet another difference in the traditional and dynamic approach is in determining effectiveness. Something like difference between a tick the box approach to compliance versus a fully operationalized compliance program. The third difference between traditional and dynamic rules mindset is that rule makers with a traditional mindset are frequently unaware of or even unconcerned with the entirety of the impact their rules have on those who have to follow them. Instead, there is a narrowed focus on the behavior that a rule’s requirements are meant to effect. As long as that behavior is shaped in desired ways, the policy is perceived to be a success. A traditional mindset in effect assumes that whatever problems traditional rules cause are outweighed by their benefits to the organization. In contrast, a dynamic rules mindset includes a genuine intent to understand the full impact of policies, including their potential detrimental consequences.
The authors present three general areas to improve the dynamic features of policy creation and improvement. The first is to increase employee involvement. This is the natural outcome from a true speak up culture. The keys are transparency and communication to give employees the trust and tools to join in a collaborative effort. Policies involve a purpose and requirements. Yet the authors believe that “too often organizations offer employees only a cursory explanation, if any, about the purpose of rules and instead focus on the requirements that they must follow.”
To create dynamic rules, a compliance function needs to do more to explain their purpose by sharing the goals with employees. A Chief Compliance Officer (CCO) “can explain why a rule is being created, what its proposed requirements will be, and how those requirements serve the purpose of the rule. By opening a dialogue with employees about the entire situation, leaders can express empathy for any extra effort that will be involved in policy compliance and achieve a higher level of commitment.”
The next area might be a bit different for a corporate compliance function. It involves experiment. The authors suggest that “rather than spending months crafting the “perfect” rule, organizations need to develop one that is “good enough” and roll it out with the full understanding that it will be updated and improved over time, based in part on the feedback from employees.” Additionally, a similar process can start in one department, for instance, to test and build an infrastructure for rule experimentation across the organization. Such approach does require robust monitoring, which of course is also a challenge.
The third area is both innovative yet it is something that should be familiar to every CCO, a policy audit. As the authors explain, this is “similar to a financial audit, which involves an intensive examination of the financial state of an organization, a rule audit evaluates a company’s existing policies. The goal is to assess whether existing rules need to be updated to fit the organization’s current” risk environment. The first step is to identify rules that are the most disruptive for individuals and the organization. Ideally, an organization will be able to assess this at both the systems level and the individual level.
This dynamic policy process can build dynamic rules to enhance your company’s ability to anticipate and cope with risk changes. When the corporate compliance function embraces experimentation and learning in the creation and reformulation of policies, it builds flexibility into the organization’s structure, processes, and practices. This type of flexibility is essential as we have moved from disaster recovery to business resiliency to business as usual, especially in the field of risk management.
[View source.]
