This is the first in what we hope will become a regular series of interviews with members of the Temple business law community about their work, the business law community, and business law practice generally. Jon Smollen directs Temple’s Center for Compliance and Ethics (CCE), and recently sat down with The 10-Q’s editors to talk about “compliance.”
What’s your background in C/RM?
I began my career as a consumer protection lawyer at the Federal Trade Commission and was very interested in government efforts to incentivize the private sector to adapt business practices to emerging norms. Subsequently, I spent 15 years in the pharmaceutical industry as a chief privacy officer and then as a chief compliance officer. The common thread was integrating evolving legal and ethical standards into organizational culture, strategy and operations.
What are key elements of a good C/RM program?
I don’t want to minimize the importance of the formal elements of a compliance program such as board oversight, tone from the top, policies, auditing, monitoring and robust investigations. For me, one of the most critical aspects of a program is the continuous assessment of an organization’s risks as well as its external environment. The only way to stay ahead of risk is to understand your organization – its culture, strategy, operations and incentives – and the current legal, ethical and public expectations.
What sorts of things are likely to go wrong?
A big challenge is avoiding a “check the box” mindset. Boards, management and compliance officers must actively engage in discussions about compliance related to corporate strategy, business plans and performance. Analyzing the right information to prioritize, measure and evaluate risk always seems easier in hindsight. Although there is no excuse for ignoring facts, well intentioned organizations miss the forest for the trees due to blind spots, rationalizations or a fixation on certain risks or information.
“Compliance” is sort of a hot topic. What value does it have for companies? Is it a fad?
Compliance is not a fad and is its own discipline and profession. Its value has historically been simply as risk avoidance. Compliance can provide insights into how an organization operates, how employees respond to leaders and how strategies and incentives impact real world behavior. If compliance officers effectively communicate these insights, they’ll be positioned to broadly influence their organizations as well as mitigate risk.
Have #Metoo or “Trump Effect” affected the work of compliance professionals?
I’d like to believe that the #Metoo movement has not. Compliance programs should create environments where issues – even involving the most powerful – are raised. The reality is that the shift from speaking up to speaking out changed the landscape in ways that compliance programs hadn’t or couldn’t. Personally, I’m not sure Trump is having a significant impact. In the private sector, compliance officers and boards are no less concerned about the effectiveness of compliance programs. Although deregulation may impact focus areas, I don’t sense a retreat. The disregard for ethics in government has reinforced the importance of concepts such as the independence of compliance. As a professor, the Trump effect appears to be strengthening the next generation’s view that ethics and compliance matter.
What role do lawyers play in a C/RM program?
In its early years, compliance was merely an outgrowth of law. Some regulators insisted on the separation of legal and compliance due to concerns about independence and the over-use of attorney-client privilege. Some lawyers viewed this as a critique of their professional ethics, specifically the ability to defend a client and be an independent voice on ethics. Parts of the compliance community saw this is a challenge to recently earned professional status. The debate about their respective roles has been unhelpful. Compliance officers must understand law, business, organizational behavior and individual decision-making processes and biases. Some lawyers may be a good fit, while others are not and many non-lawyers are excellent compliance leaders. My hope is that we can focus on the competencies and how to foster them.
Are there any special C/RM issues that might arise for educational or other not-for-profit institutions?
Educational and non-profit institutions have unique risk profiles that reflect the laws, regulations and standards that apply to them. Expectations about their behavior are also different based on their mission and purpose. Corporate compliance programs always struggle to balance central oversight with the reality of individual businesses. This tension seems more pronounced in organizations that put a premium on academic independence and have very diverse operations, often more so than corporations. This can make it challenging to design a compliance program across an educational or non-profit institution
If a C/RM problem is discovered, what are the best ways to deal with it?
The guiding principle must be identifying the root cause and scope of the problem. Is the entire organization ready to fully address the problem? Beyond the diagnosis, can the organization hold people accountable, change cultures or sub-cultures and alter long-standing practices and incentives? The commitment to change must exist from the top to the bottom of the organization.
Since C/RM problems are often reputational, do you have any general thoughts about lawyers, public relations firms, and the press?
The press drives changes to compliance programs at a much faster speed than legal changes or enforcement. In addition, reputational effects can be a hard concept to frame for an organization– the press can do that quite quickly. I have mixed feelings about the role of private lawyers. The fact that a lawyer can identify a cause of action based on potential compliance issues does not mean the issues reflect the right focus for a compliance program. Government enforcement carries some of the same risks but usually reflects more thought about the effect on compliance programs. Public relations firms must understand the long-term nature of compliance issues. A desire to manage the immediate reputational risks may conflict with assessing the root cause of an issue and making fundamental changes.
As director of the CCE, what are your goals? Where do you see the Center in the next several years?
I’d like to see the Center at the forefront of student and professional education, shaping academic dialogue and serving as a forum where regulators and the regulated can discuss sustainable approaches to compliance. On the educational front, law is a good start but we have to teach compliance in an interdisciplinary and applied manner. I’d also like the Center to have role in answering some of the key questions that compliance raises. One area of interest is better understanding drivers for ethical decision-making and integrating this understanding into compliance programs. Do compliance programs based on the U.S. Sentencing Guidelines proactively drive ethical decisioning making? Do the current metrics to assess compliance program effectiveness prevent misconduct? Are they simply identifying misconduct after it has occurred? What measurements may be better and why? There is a unique opportunity to influence the field through scholarship and empirical research.