What Adds ‘Wow’ to a Compliance Program?

Not long ago, someone leaked to me a short paper that Joe Murphy, compliance consultant extraordinaire, has been writing about “wow factors” in corporate compliance programs. That the leaker was Murphy himself, with a short note attached saying, “Hey Matt, why not put this on your blog?” is purely coincidence.

Wow factors, as corny as that phrase may be, are important. Murphy notes in his paper that corporate compliance officers and government regulators have a symbiotic relationship: regulators want to encourage effective compliance programs, and chief compliance officers want to build those programs—so each looks to the other for signs and cues of what effective programs actually do.

As Murphy puts it: “Those who have done this work in-house depend on the leverage provided by knowledgeable government treatment of these programs. For those in government assessing a compliance & ethics program, it’s essential to sort the real programs from the cosmetic.”

What distinguishes the real from the cosmetic? Wow factors. So let’s discuss them.

Murphy’s paper proposes 34 wow factors acrosss 17 categories, from the Code of Conduct to program infrastructure to discipline, and many more. We both encourage you to read his paper (download it from the link above or at left), and fire off comments—in the comment section below, or by email to me ([email protected]) or Murphy ([email protected]). If we get enough comments, we’ll do a follow-up post recapping the main themes.

Download Joe Murphy's paper on wow factors.

Download Joe Murphy’s paper on wow factors.

My own thoughts about which factors deliver the most wow are a bit mixed. Compliance officers hear multiple messages from regulators about what their ethics & compliance programs should do. We have lofty speeches from the leadership of the Securities and Exchange Commission and the Justice Department, emphasizing culture and CEO involvement and tone at the top reverberating throughout the enterprise. We also have assistant U.S. attorneys and SEC enforcement lawyers, poring over the details of training programs and policies. Your program should try to reflect both messages, with the frank understanding that in almost all instances, those enforcement attorneys are the ones who matter more.

One message where the speeches and enforcement align is the empowered CCO. Murphy touches on a few sample wow factors there, such as “has a strong employment contract… and can only be discharged by the board.” I’m all for a the CCO getting a strong contract, but I would be even more wowwed by how much the compliance officer can actually accomplish in operations, rather than the boardroom. Elsewhere in his paper, Murphy gives the example that a CCO should be able to veto any ethically questionsable business partner or trade association membership—and that is a wow factor. That’s the CCO being able to make a tangible difference in operations.

Another important theme in Murphy’s wow factors is how the company tries to take ethics & compliance seriously. Some of his ideas are superb but perhaps a bit unlikely right now (“the board includes a chief compliance officer from another company as a member”), but others are quite feasible (“when the company’s incentive and bonus systems are being developed, the CCO is involved and has a say over what is done”). Taking compliance seriously is a bit difficult to define—you can do it in multiple ways—but that’s always been the core message from regulatory leaders and enforcement staff alike.

One last question to ask, as you consider compliance wow factors: What would the Justice Department’s compliance counsel think of your ideas? Because we hear increasing anecdotal evidence that the arrival of Hui Chen to that role (she was hired by the department six months ago) really is changing the tenor of conversations the Justice Department has with companies under investigation. Chen held compliance jobs at Standard Chartered, Pfizer, and Microsoft, so she certainly does have experience separating “wow” from “cosmetic.”

To coincide with Chen’s arrival, the Justice Department also outlined seven metrics it will consider when reviewing compliance programs. If you want to match your wow factors to anything, matching them to those metrics would be a good place to start.


  1. Joe Murphy on May 31, 2016 at 1:57 pm

    OK, I’ll start the discussion. On the question of having a compliance officer from another company on the board, I don’t see any reason why a company couldn’t do that today.

    A first point, though, to any company looking at its own compliance officer. If your “chief ethics and compliance officer” is really an assistant general counsel or any other position that another company would consider too low to recruit to their board, then that answers one big question for you: your own CECO is positioned too low and is not a real compliance “officer.” CECOs should be high enough in the company that they would be likely recruits for other companies’ boards.

    Is it difficult to find someone who is a CECO or former CECO as a likely board recruit? I don’t think so, but anyone looking for one is welcome to ask me; I would be happy to make the connection.

    Would a CECO shrink from the risk of being a board member? Not even a question. Anyone who is afraid of risk is not going to be a CECO, period! Any truly empowered and independent CECO should have plenty of experience dealing with a board of directors.

    Would it have an impact on a company’s program? I believe a CECO on a company’s board would know enough to challenge weaknesses in a compliance program. If the company’s own CECO was underpowered and filtered in dealing with the board, a CECO on the board would challenge this very quickly. I don’t believe in silver bullets, but I would certainly pay attention to any company willing to take this step.

    Cheers, Joe

  2. Tolulope on June 1, 2016 at 1:10 am

    Nice one. Very insightful

  3. Andrew McAdams on July 2, 2016 at 3:48 pm

    Thank you for the article. I would add two additional “Wow” factor and maybe enhance a couple. As a writer a policy and procedure, I appreciate that a Code of Conduct should be on the CECO’s desk. I would expand it to having relevant compliance PnP on employees’ desks, and document instances when the CECO refers to the PnP in resolving issues.

    Another program that I would like to see is heavier use of Likert scales and longitudinal studies to track compliance and ethics culture. This would provide measurable results for demonstrating an improvement in compliance culture. Moreover, it provides quasi-referendums on management. Many studies have shown that the lower-level employees are much more in tune with the culture at an institution than the higher-level employees. This should be gauged.

    Finally, I would add a component on an overall project management office that is tracking and evaluating the progress on the various statuses of ongoing endeavors. This would be a consolidated view of front line, second line, and third line projects. The road to hell is paved with good intentions, and PMO better translates intentions to actions through MIS,reporting, and accountability.

    Once again, great article and very well thought out.

    Best regards,


Leave a Comment

You must be logged in to post a comment.