Turning Around Compliance Programs

Most compliance officers will at some point in their careers find themselves needing to turn around an under-performing corporate compliance program. So today we have another Radical Compliance podcast interview, this time with a compliance officer who styles himself as a “turn-around specialist.” He had plenty to say about how to get under-performing programs back into fighting shape.
My conversation was with Dan Garen, who recently stepped down from Vivint (maker of smart home security systems) after nearly four years there as chief ethics and compliance officer. Earlier in his career Garen also served as head of compliance at numerous medical device manufacturers. You can hear a recording of our full conversation at the top of this page; meanwhile, as usual, I have some of my own thoughts about our conversation below.
First, Garen talked a lot about process optimization. That’s interesting. Compliance officers don’t talk about process optimization all that much, and yet, a good process is crucial to a successful compliance program.

Garen
Garen does have an advantage here. In his younger days he was a medical student, and he later drifted into quality control and clinic affairs for the American Red Cross and then Bayer Diagnostics. Think about that line of work: you spend lots of time managing and monitoring processes, to assure that they meet the exacting safety standards of the Food & Drug Administration. One can easily see how the process optimization skills gained there might apply to ethics and compliance programs writ large.
“When processes are easy, you’re going to have compliance,” Garen says. “When they’re hard — whether that’s submitting expense reports, or doing sales due diligence, or whatever — that’s when you start to have non-compliance.”
So when Garen is building a compliance team to improve a company’s compliance effort, he looks for people familiar with process optimization. He even has a preferred method: kaizen, the Japanese theory of small, continuous improvements, which emerged from that country’s manufacturing sector.
OK, but how does a process improvement philosophy for manufacturing apply to ethics and compliance? Garen gave the example of third-party due diligence. Essentially, you’re “manufacturing” a third-party relationship with a vendor. So you break down your contract management and due diligence processes to identify where bottlenecks might emerge. Once you see where and how those glitches arise — where the real world thwarts the process you sketched out on a white board — you’ll better understand the policy, procedure, or technology changes that might be necessary.
Anyway, lots of good stuff in the interview about how kaizen works and how to apply its principles to the compliance program’s needs.
Diagnosing a Program’s Problems
Even before you get to dissecting and improving processes, a new compliance officer first needs to assess the state of the compliance program you’ve just inherited. Garen and I talked about that, too.
He begins by embarking on a “listening tour,” where he talks with people across the organization. His goal, he said, is to understand three big questions:
- Are the right people in the right roles for a strong compliance program?
- Where does the compliance program “sit” within the whole organization — off to the side somewhere, or with easy access to senior leaders?
- Does the corporate culture support ethics and compliance, or not?
The conversation is more expansive than those three questions, of course. For example, compliance officers also need to talk with internal audit and the finance or accounting team, to understand how internal controls work at your organization. (Or, frankly, to understand whether those teams understand how internal controls work; sometimes they don’t.)
“It’s a lot of little pieces, but again, I’m going to drag you back to culture and tone at the top,” Garen says. “I know we all hear it over and over and it becomes trite, but it’s true — if you have the right tone from the top, it all goes so much easier.”
Where Do AI and Analytics Fit?
Lastly, we talked about data analytics and artificial intelligence. Both technologies are increasingly important to operating your compliance program at a high level of performance over time, so compliance officers need to figure out how to harness their potential.
Analytics should be woven into every process the compliance function wants to monitor. Some of those processes might be internal to your compliance program, such as how quickly you can investigate various misconduct allegations you receive; others might be external to your program, such as how often the company issues a payment to a third party without first generating a purchase order.
Regardless, analytics will help you quantify the business activity in your enterprise, and help you understand, “Is this level of activity good or bad? Is it improving or worsening?” You can’t really claim to have an effective compliance program any longer without some form of data analytics to help you understand how your compliance efforts unfold over time.
Artificial intelligence works along similar lines. AI is here to stay (“You’ve got to learn AI, and I mean in depth,” Garen says), and eventually will permeate business processes the same way that spreadsheets, the internet, and cloud computing all did.
Fair enough. So how could compliance officers put AI to use in their programs today?
Garen gave the example of using AI to sharpen Vivint’s ability to predict fraud or misconduct risk. His team built an AI model that considered a wide range of criteria that could drive a sales rep to commit fraud. For example, has the rep been with the company less than a year? Has the rep’s manager quit within the last six months? Is the rep working in a territory with high corruption risk, or high growth targets? Are that rep’s sales numbers currently more than 5 percent below normal?
Put all that into an algorithm, and the AI will return a list of reps who aren’t necessarily committing fraud, but are in situations where fraud is more likely to happen. Then Garen (or any audit team) could watch transactions with such reps more closely, or conduct audits to be sure nothing untoward is going on. In other words, AI can be a tool to let compliance officers conduct fewer audits, which are more likely to uncover something that needs attention.
Well, that’s how AI is supposed to work. It’s supposed to augment human capabilities rather than replace the humans; so that humans can do their jobs more efficiently and effectively. That’s how compliance officers should be thinking about how to put AI to work.