Webinar: Compliance by Design

August 18, 2022

One size fits all compliance programs are a thing of the past. In our new space, where organizations are focused on diversity and inclusivity, it is time for compliance to join the charge. You can’t create the compliance culture you need, or even just get by, without adding a human element to your compliance program. You have to understand the personas within your workforce and build your program around them – put simply, you have to design your compliance program for success.

Join our panel of experts to find out how to identify these personas, build a compliance program around them that suits your needs, and lay the foundation for the compliance you want.

Transcript for Compliance by Design

Nick Gallo: Hello, everybody. Welcome to the ComplianceLine webinar on design and compliance. We are just waiting for some folks to join the room here. So, we’re gonna give them a couple of minutes. So please bear with us, but we have a really exciting webinar today. I’ve been pretty excited for this one for a while. I think it’s a really interesting perspective and a really kind of creative approach about this ascending to the next summit on our compliance journey, right.

So, today’s webinar is called “Compliance by Design: Changing the face of compliance through design.” So, let’s just jump in. Next slide, please. So here is a little agenda. Can you go back to the agenda, please? We’re gonna be doing some introductions. We’ll talk about some logistics. I’m gonna introduce my esteem panel, and we’re gonna dive into this concept of compliance and design and how we can add some dimensionality to compliance by incorporating some design elements. And then, we’re gonna walk into a case study that I think does a great job of putting these concepts to life in a tangible way. The worst is when you come to one of these webinars and you just start hearing about a bunch of academic concepts, and there’s no actionability. We’re interested in boots on the ground. How can we start to take some…make an impact today? And I think this case study is really good at that.

And then, finally, at the end, we’ll have a little bit of a discussion. Like we always say, like the theme of all these ComplianceLine webinars, we want these to be a discussion. These really work best when there’s participation from the audience. So, excuse me. So if there’s a concept that’s unclear, if there’s a question that you have, please raise your hand, please ask it. Cause odds are, given the size of this audience, there’s somebody else who’s thinking that as well. And as we can incorporate those in the discussion, it just ends up being a lot more lively and a lot more actionable. So ask questions.

We will be sending around some emails to all the attendees and all the registrants after this, seeing if you want the recording, and the slides, and things like that. We’ll send you a copy of the infographic that is the takeaway from the case study if you’re interested. And you’ll even get a certificate of participation that you can hang on your fridge and impress your family. So with that, let’s dive in. Next slide, please.

ComplianceLine, we provide corporate integrity services to businesses of all sizes, depending on whether the leadership are smart people who care. So people who care partner well with us, and we have a whole boutique or a whole bouquet of ethics, and compliance, and HR services to help make your world a better workplace. So, next slide, please.

Meet your host. I’m Nick. I’m Chief Servant of ComplianceLine, and I’m here today with Andra Popa and Roy Snell. Hello, Andra and Roy.

Andra Popa: Hi.

Roy Snell: Hello.

Nick: Thank you so much for joining us today. I’m excited to dive into this topic. Andra is a healthcare consultant. She has many years of design legal compliance experience, and she has a really unique perspective on the compliance game. So, really excited to hear your perspective today, Andra. And Roy Snell, the man who needs no introduction, co-founder of the SCCE, HCCA, and author of several books, including one of my favorites from this year, “Integrity Works.” How are you doing, Roy?

Roy: Very good, sir. Thanks for having me.

Nick: So, next slide, please. What are we talking about today, Andra?

Andra: I just wanted to discuss this idea about using design as a tool for compliance, and there are different types of design. It could be the process, operations, things that are intangible, like the experience or actual computational, which would be the actual algorithms in a computer program or object or actual paper, the products that we use for compliance.

Nick: So, the purpose of our discussion today is what? The purpose is to obtain an understanding of the fieldwork involved in creating the design elements needed to report non-compliance in a certain setting.

Andra: Yeah. So, if we were all just in your office trying to create a compliance program, we would get some of the details right. But it probably wouldn’t be as good or as tailored to the actual entity as if we went out and actually spoke with people, either by phone or by webinar or just observe them in their work, or talk to them and figure it out through fieldwork how they work, and what their needs are, and how we can build…

Roy: If I could… Thinking about this an awful lot… Sounds like I’m getting echo, can you hear that?

Nick: Yeah. A little bit.

Roy: Well, I’ll let you…

Nick: Yeah. So, why don’t you walk us through the kind of methodology that we’re gonna take. Let’s sort of plant the seed for the case study in terms of the avatars, and then we’ll dive into the slide that’s up right now, which is kind of an overview of the design approaches.

Andra: Sure. And we’re gonna look at five examples… Is there a problem?

Nick: No, no, you’re good.

Andra: Okay. And we’re gonna look at five examples that we collected through our own experience as examples for design.

Nick: Okay. So let’s jump into… Can you go to the next slide, please? I’m sorry, go back to the slide of the different methods, please. I’d like to walk through these different approaches to design, please. So, Andra, why don’t you walk us through these different approaches to design in general, just as a concept.

Andra: Yeah. So, we have classical design, which is something we’re all used to, which is a physical object. The designer is sort of the person who decides how it’s designed, and they’re not considering how people use it. And that’s…many things are designed that way. And usually, if you become frustrated with something that it’s probably because of the design, either in the operations or the process or the experience, or using something, even a policy. It’s probably because of the way it was made without thought to the person who would be using it.

But as noted though, the OIG does want the user, which is a term that means the person that’s utilizing the design to understand it and to be able to implement it for their work. So classical design is not the best way to go with compliance. So it brings us to this idea of design thinking, which is…you know, people sort of make fun of it now. They think of, it’s just a wall of post-it notes. But they’re sort of satires about design thinking, but at its core, it’s really just thinking about what the other person needs. And in the context of compliance, it would be doing fieldwork and actually speaking with the people that are gonna use the compliance tools that you’re gonna create

Nick: With this eye toward what?

Andra: Yeah. So, the most important thing is you just want to create an effective program that meets the regulatory requirements. So, you can affect the behavior of the people using the compliance tools in a positive way by the way you design the program.

Nick: Yeah. And I think, with this design thinking, just correct me if I’m wrong. Hopefully, offline, you’ll correct me, kidding. Like, the eye is not just on the piece of paper, “Hey, I have to get these regulations on here. I have to get these rules on the paper, but it’s the eye is toward… Well, how is the person who needs to utilize this paper going to effectively take this information and alter their behavior? It’s the eye toward kind of that last mile, the delivery of the information and sort of the effectiveness of the behavioral influence, which is really what we care about at the end of the day.

Andra: Yes, exactly. And it makes people perform better if you consider their perspective. And if you make things easy to understand, easy to find, in terms of compliance, they can do their jobs a lot better. The audit, you can see the results in the audits. They’re actually measurable results that you can see in terms if you test it as well.

Nick: And how does that…?

Roy: Could I try again?

Nick: Of course.

Roy: So, the way I would try and help the listener connect to this topic is they’ve heard the phrase, “One size doesn’t fit all.” They’ve heard the government complain about organizations just going through the motions or checking the box, but few people ever tell you what is the fix for that? What’s the opposite? And what Andra has done after looking at this for years is said, “Okay, the profession has done a really good job building blocks, the seven elements, all of the key things that have to be there, like audit, and education, and risk assessments, and investigations, and said, as she has said today, ‘Now let’s add the element of connecting all that to the people.'”

Every department’s different, every company’s culture is different, connecting with the people and saying, okay, how can I design this so that this standard compliance program that everybody uses is now customized to my immediate environment, which, by the way, companies ebb and flow, and a compliance program should ebb and flow. A compliance program in Wells Fargo today is different than Wells Fargo five years ago. And they’re ever-changing and everything that… I’m sorry, I’m almost done.

Nick: No, you’re good.

Roy: Everything Andra is talking about today is taking that wonderfully functional thing called the compliance program and adding the last little bit of connecting it to your environment in a customized way if you will.

Nick: Yeah. It’s this sort of an intentionality behind all of this information delivery. And so, when we’re talking about users here, what are you guys talking about? Are you talking about the end-user, or are you talking about kind of the risk owner who may be a different person? Can you speak to that a little bit?

Andra: Yeah. I see it as a broad set of people, including government auditors because you don’t wanna frustrate them by providing a labyrinth to go through when they’re auditing your organization. They’ll just become…it’s very human to become frustrated and maybe bear down harder on an organization if you just…if everything’s disorganized, you just can’t find the information you need. So, I view the government auditors and representatives to really everyone in an organization from…literally, everyone has a compliance role in an organization.

Nick: So, you would say that we need to have an eye to kind of everybody who might interact with it.

Andra: Yes, exactly. And even the community, because the compliance program will be part of the brand and the corporate presence in the community. So they’ll see the…they might become aware of policies and procedures. And you don’t want those to be detrimental to the organization.

Roy: This is a great thought, Andra, in the sense that, again, I’m gonna pull out Wells Fargo. I’m stuck on them, maybe because they’re headquartered here. But they did not control the message to the community… They haven’t controlled the message to the community since their… The biggest debacle was when they had trouble with some salespeople making up bogus accounts for clients to meet sales goals. But if they were really smart, they would talk to Andra and say, “If your system or way of going about doing this considers everyone, and we have a weakness in our communication with the clients, the community, the government, come talk to us about how we can change the design to pay attention to those people and address their…”

If you are not… If Wells Fargo isn’t telling people what Andra just said, how your program works, and what it’s doing, somebody else is going to tell them. And that somebody else doesn’t know their system, and they have ill intent… There isn’t anybody running around right now for some of these companies saying really super good things about all the work. And I guarantee it, Wells Fargo is spending millions on improving their system, and they’re doing a really limited job of what Andra’s talking about.

Nick: Yeah. They can be more effective in their effectiveness partially just by recognizing that, at some level, the medium is the message. And if we can recognize that, then the intentionality behind that delivery of the message can help us accelerate toward that effectiveness. So, when we’re talking about these approaches, how do these feed into computational design and this hybrid approach that you reference, Andra?

Andra: Yeah. So, computational design relates to the use of any kind of computer program, such as an algorithm or software that is in the background. And probably almost every compliance person right now has some kind of software that they use, whether they know it or not, there’s something in the background that’s running that provides some data on compliance. And they can sort of sketch it out and see, well, where could we put in controls?

With the Wells Fargo example, maybe there could have been controls in certain places where salespeople couldn’t open new accounts without meeting certain criteria to make sure that they’re real people or that the people actually wanted that. Not to pick on Wells Fargo, because they certainly are trying, you know, improving, but one of the solutions they provide to customers now is where the customer literally signs every single transaction, which is extremely cumbersome from a design perspective. Every single little thing has a receipt and a signature, a very…a big piece of paper, and that’s not quite a solution either, where it makes the process very cumbersome and the customer walks out a bunch of pieces of paper.

Roy: Nick, I would love the listeners, the people listening to this, for those who’ve come out of the audit world, they’ll understand and they don’t need to research this. But anybody who hasn’t studied the word controls, which is another element of good compliance program design, they should take some time after this in the next couple of weeks and study the effective use of controls. It’s one of the most amazing tools that our audit colleagues understand deeply and use regularly, and Andra’s suggestion that we think about those is brilliant. It’s a perfect example of her discussion here about design.

Andra: And then, a hybrid just means you combine maybe, you know, classical design with design thinking along with the use of algorithms and controls in your software programs or in the background to prevent serious compliance lapses that way.

Nick: All right. Very good. So, let’s go to the next slide, please. So this hybrid approach, to your point, is what’s needed because of the complex environment that we’re in, the complex things that we’re trying to influence and provide information on. And one of those is never gonna be a silver bullet. You can’t just computerize all of it and just hope that the algorithms are gonna take care of it. You need to have some intentionality in terms of the user experience and the display and so forth.

So, when we’re talking about really kind of putting some of this stuff into action and saying, okay, we’re gonna bring our design mind to this project, talk to us a little bit about what some of these benefits are of the avatar framework and how that can lead into celebrating and accounting for the diversity of the individuals, the human beings who we’re trying to influence?

Andra: Yeah. And you’re right, we don’t have machine learning for compliance yet. We don’t have artificial intelligence where a computer can deter…can run a compliance department. So, there does have to be a hybrid at different points. It just depends on the situation and the fact pattern. So, the use of the avatars is really it’s based on actual fieldwork of actual interviews with people, spending time with people. I like to begin the interviews just asking for people to just go through their process. They get into work, and what do you do? Literally, from the beginning to the end, just you turn on your computer, and I just see how they operate their… Like a classic day in their life at work. And a lot of that is through one on one, and you can also do that online with people.

Nick: Okay. So let’s talk about… So, we just had a great question from the audience, and this is a tough thing to kind of bridge cause whenever we’re talking about effectiveness, we’re really talking about that last mile, right? And this is a great question. The question is, what are some protected class-related risks in using algorithms in a compliance program, for example, insertion of bias about conduct behavior reporting about female employees? And how do we help kind of account for that potentiality at this front end of our process when we’re building avatars and starting our fieldwork?

Andra: Yeah, that’s a great question. I agree. That’s why we…it can’t just be machine-based or computational because there will be bias, and you don’t have the capabilities of machine learning yet or might not ever have that capability to understand the nuances. So, we do have to make sure that there are not biases built into the compliance programs as well as the reporting model.

Nick: Okay,

Roy: Great question.

Nick: Yeah. It is a phenomenal question because, again, if our eyes are not on these potentialities, then we could end up falling victim to them, you know?

Andra: Yeah. And that’s…Sorry.

Nick: No, go ahead.

Andra: That’s also the reason why we actually speak with the people in whatever ways available because the data doesn’t always tell us the whole story. Even if we have a perfect sample set, a perfect data set, when we interpret it, we might be missing all the nuances.

Roy: Good point.

Andra: We might assume that someone doesn’t know how to perform their work, but it might be something entirely different where they don’t have access to policies. They don’t know where to find the policy. They can’t understand the policy, maybe it’s written with too much jargon. So there’s…you have to go beyond, definitely beyond data sets as well. That’s why you do the fieldwork as much as you can to really understand the workflow

Nick: One quick… We’ll probably be using some more of these terms throughout, so we just got a clarification question. Can you explain what you mean by algorithms, machine learning, and AI? For me, we had to have machine learning in place by a mechanism of updating rule sets. So, it is semi-automatic but being updated to improve control. Is that question clear? Just some clarification of some of those terms.

Andra: Sure. I guess I think of algorithms like the part of computational design, the formula, if you will, that’s running in the background of compliance programs that are running in the background of software that corporations use that’s gathering data. That’s how I think of it. And also, where they give you a X or a Y decision, so you can sort of program it where maybe someone using the system can only do X but not Y. That’s how I think of it. I could be wrong.

Nick: Got it.

Roy: Nick, I used to write software programs, long time ago, in the beginning of my career, and every computer program, it has a bunch of decisions and branching. And it does a lot of this work based on data. And I think whether we don’t have AI or machine learning, but there’s always these hidden decisions that have been made, thinking, that’s locked into the software and it’s spewing out answers, and we’re not always sure how it got to that answer, or it’s spewing out data saying this is the complete set or whatever. And it’s probably not a bad idea to question this sometimes as to the information that the people that you’re talking to, the information that they’re getting how was…what filter did that run through. And whether it’s called AI or machine learning or…it’s all software that is essentially some human has put together based on a bunch of decisions. And it may not always be right, and it’s good to review that, not just talking to the people.

Nick: Yeah. That’s a great point. It’s all a function of a bunch of sort of design decisions, and those things may or may not have been, to your point, correct. Why don’t we jump to the next slide, please? So why don’t you, Andra, why don’t you walk us through the case study methodology here, and kind of frame out what we’re about to dive into?

Andra: Yeah. So the idea is, imagine we’ve all gone out and spoken with as many people as we can to interview them, talk about their work. And we all come back and we create case studies to be able to capture everyone in the entity that we can. And one way to do that is to have extreme users. So you have people who use the system in a different way than most of the users, so you can capture a wide spectrum of people, and also avoid biases, cause you might be designing for yourself or for people like you. So, you try to capture the most unusual or intense uses of the compliance program.

Nick: Got it. And again…

Roy: Just evil, and it’s not incorporated into our life enough. We don’t think about our biases enough. Bias get us in the… This is just a great point by Andra, especially the comment about outliers. People who use the system or do things that are unique or uncommon, if we focus on the masses, we could miss the ones that create… It doesn’t take many people to create a gigantic problem.

Nick: Right. Yeah. It’s a great point. And we have to… We’re not necessarily looking for the lowest common denominator solution, but we are looking for the solution that’s gonna be…have the highest level of effectiveness for the highest portion of the population as possible, right?

Andra: We can capture everyone that way. And I mean, hopefully. And again, this is all about, you both mentioned this earlier, you have to constantly iterate, and just because you change something, it doesn’t mean that it was wrong. It’s just the government’s approach changes over time, and their interpretations change the rules and regulations. And then also, just the conditions change in business and in healthcare systems change. So you always have to…it doesn’t mean that a compliance person did something wrong if they’re constantly tweaking things here and there, it’s just they’re responding to other forces either within or without the entity.

Nick: Yeah. And I think that’s an important point you made Andra because when you engage in this design thinking and I think if you apply it to your compliance program, you’re engaging now in an ongoing process of, to your point, iteration improvement, continuous tweaks, and so forth, as circumstances change and so forth. It’s very rare that you’re gonna have a kind of etched-in-stone solution that’s just gonna be good to go for the next 20, 30, 50 years. Right? Cause to your point, the demographics change, the tools that we have change, the regulation change, and so forth. So, that continuous refinement process is a strength and a benefit of this approach, I think, that can sometimes, if it’s not framed right, feel like, well, why do I have to keep changing this all the time?

Andra: Right. And you can do it very methodically, and the recent Department of Justice document that I linked in the presentation talks about, they do wanna see the history of a compliance program and how…why did you make certain changes and what were the reasons? And so, you can provide all that through auditing and monitoring records, and you can…also differences in interpretations of regulations, differences in personnel. You can provide all that kind of history and really make it intentional, tailored to your entity.

Nick: So, we need to kind of cross a bunch of things and balance a bunch of things. We’re balancing this new approach, this new mind for sort of accounting for the diversity within our group, understanding that, hey, a design approach is probably gonna lead to better effectiveness if we’re earnest in it and open to the feedback that we’re gonna get from our fieldwork. But we also need to balance this against the elements of an effective compliance program. So, if we can go to the next slide. I’d love for you to kind of speak to these elements in the context of what we’re trying to achieve in the case study.

Andra: Sure. And Roy, more than anyone, knows these. So I feel I’m stepping on his shoes a bit. So, I will say the first one though. The policies and procedures, those can be definitely affected by design because you can use font and color, and the way that the layout is on the page in order to organize the policies and procedures, create online databases so people can access them, provide education for them, present them in a variety of different ways, for different learning styles. And the designation of compliance officer, I think Roy could better explain that. But the idea of the design behind that is to make sure that they’re independent. So the way that you…the process and the way that you organize them on the chart, especially is important. That they’re not complying with someone from operations because they’re not able to do both roles, but Roy can speak better to that.

Roy: Well, I think… I, obviously, don’t have anything to add to what she said. I think this is terrific. The one thing that’s going through my mind is that I’d be curious, maybe not now, but it would be fascinating, at a minimum, in the future for you to go through this list and order it in the order of greatest opportunity to influence a better compliance program design. In other words, it’s possible that disciplinary guidelines are not as important to design as, say, training and education, or I have no clue because I haven’t been studying this for 10 years like you have.

But it would be a fun thing for a future program to discuss these with regard to their relationship to affect design. And I gotta imagine that… I always love doing this, just like asking people what’s the most important element of a compliance program. That’s not this question. It’s a difficult question, but this question would be, if you could only have one of these, and I’m not necessarily asking now because this is a weird question you probably haven’t thought of, if you could only keep one of these to have the greatest impact on somebody’s compliance program relative to the design, which one would it be? I think it’s a fascinating subject.

Nick: Yeah. I don’t know. I don’t have a good answer there.

Roy: I don’t even have an opinion.

Nick: I’d like to circle back to that at some point cause it would be an interesting discussion. Let’s jump to the next slide. And I wanna talk a little bit about prototyping before we get into the case study. We got a lot of stuff to still cover. So what I find… I love that we’re bringing this up. So, maybe give us an overview of what we’re looking at on the screen here and what this prototyping approach, how it should actually be used in our design framework.

Andra: Yeah. So, the idea is just to have a very quick prototype that doesn’t cost a lot of money and doesn’t take a lot of time. And the less time someone spends on something, the less they’ll be personally offended by feedback. So…

Nick: There’s a lower sunk-cost fallacy with something that you didn’t spend a lot of time on. Yeah.

Andra: Yes. And there’s also business reasons to prototype first before spending time and resources on a project, even in compliance. So this is just an example. It’s very quick. It’s just how someone who’s about to write a policy can think through their policy just by considering it from a high level. One is very organized and the other is the monolith of words. So, you would just remember…it would just recall the notion, the design principle of just organizing the space.

Roy: Bringing people along is extremely helpful, and heaven forbid, they might just come up with a suggestion, as Andra says, before you put a lot of work into it that will head you in a different direction. We have this tendency, as opposed to prototype, is to beat stuff to death before we bring it to anyone. By then, we have had so much of our time invested in it, the least little suggestion for change. Prototype is such a simple idea, but I rarely ever saw anybody do it in my career.

Nick: Yeah. It’s a very interesting thing. There’s no more… The most groupthink occurs in a room full of one, right? So the more people you can get looking at what you’re about to do, to your point, the more effective and the more efficient you are gonna be with that ultimate delivery. And I think about the fact that, at some level, compliance is still kind of a nascent industry. We’re still… You know, 50 years ago, we weren’t around to the extent we are now, obviously. So there’s really a great opportunity for us to not have to reinvent the wheel and sort of like shamelessly steal and borrow from other fields of study that have perfected some of these design elements.

Like the one that comes to mind for me is art. And if you’re making a painting, you don’t just start with that tiny detailed brush, doing all the eyelashes and all the little sort of stray hairs, you start with sketching it out, blocking out the colors, working sort of from the background to the foreground. And only then after all those sort of base layers are there do you sort of put those details in. When we jump to the details and you jump to sort of etching the policy in stone or whatever, to your point, without getting some of that feedback, that many times leads to a message that is not going to be really absorbed well by the user, and the efficacy of that information delivery is many times greatly compromised.

Andra: Yeah. But there is a balance to strike that you can’t also be influenced by every opinion either. So, it has to be really filtered to…

Nick: Good point.

Andra: We can’t change the regulations or the rules because sometimes the conversation veers into that where…

Nick: Yeah. Great point. Why don’t we jump to the next set of protocols? Oh, go ahead.

Roy: I’ve got a strange example of that. We did compliance training… I’m starting to echo here. Go ahead.

Nick: Okay. Let’s go to the next slide, please.

Andra: Messed up.

Nick: So, talk to us about this example, please.

Andra: Yes. This is just another example. I think I’m echoing. I think I’m gonna let you… Show us the way.

Nick: We got a great comment from someone that says, “Design thinking, I guess, is iterative. And I agree with Roy, get something out as a draft and get people to comment on it and get some reactions. I found this really helpful when I’m rolling out policies, but you need to be prepared to listen.” It is a two-way street, it’s a conversation, right? And you have to be able to take that feedback, A, but to Andra’s other point, which is super important, you have to be able to weigh those things out and figure out which pieces you wanna reject and which pieces you wanna accept and implement.

We got an answer to the best…to the most important of those seven, and it’s risk assessment is the most important as it ensures you focus on what matters. It’s not a bad answer.

Roy: Yeah, right.

Nick: Let’s jump to the next slide. I really wanna get into this case study now because I just really love how this is all illustrated. So, why don’t you walk us through these five archetypes, Andra, and what big takeaways or what handles we should be kind of grabbing onto as we move through this case study.

Andra: I don’t know if… I think I’m getting a little…. but I can still speak. It’s up to you. Is this better?

Roy: I think so.

Andra: Okay. Okay. Sorry about that. Yeah. So these are all examples based in real life that we’ve all seen, I’m sure. I went from…I sort of created these based on amalgams of real people. So after you’ve done your fieldwork, you begin to see patterns and you can create your own examples, your own case studies with… I have here two extreme users on either end. I have Ariadne who’s extremely experienced in this area, and then on the newer user side, I have Neo. And then in between, we have…not average, but just regular users. And then, we all created these archetypes based again on real facts and on real patterns that we saw emerge. To be able to tell a story is really important because we begin to see what…I think the term now is pain points, but we begin to see what their struggles are at work and in complying and trying to fix that.

Roy: So. Nick, people are trying to implement compliance programs for departments that couldn’t be more different. I’m segueing a little bit here, but from IT to customer service, to manufacturing, whatever, why is it that we don’t spend a little bit more time, and you gotta be careful making generalizations, but it’s a positive trying to understand the people you are connecting those seven or eight elements of a compliance program to. What are these people that Andra’s showing here have completely different ways that they are best communicated with. And education is the easiest example, but we’ve gotta think about these.

And again, to tie this back, for years we’ve had all the elements of a compliance program and people like Andra now are in this very, as you say Nick, young profession are trying to get us to a little bit higher level of connecting the compliance program in a way that, Andra’s mentioned it a couple of times, the DOJ is gonna come in someday, and they’re gonna ask, are you just checking boxes? And you’re gonna say, no. Not only are we not checking boxes, we are doing compliance by design, and here are the seven or eight things we’re doing which connects our compliance program uniquely to our unique organization.

Nick: Great. I mean, it’s just such a great point, such a great summary. The efficacy at the end of the game or at the end of the day is what we’re after. We’re dealing with a human game. We’re dealing with human behaviors and it’s on us, it’s incumbent on us to be effective in the communication of all of this information that we have to translate. So, why don’t we dive in and let’s start talking about each of these five archetypes starting with Adriande.

Andra: Sure. So the first one I have is a busy…

Nick: Ariadne, sorry. Next slide, please.

Andra:… is a busy MD/PhD student and at academic medical center. Of course, extremely busy in two academic programs. Very direct with communication, which could be misinterpreted as argumentative, but when you dig a little deeper, you realize she’s just very busy, really just wants to know the answers. She’s in a program. She’s completing research in a program, and the director of the department, she’s concerned that he has some irregularities with his research, but he’s very eminent in his field. He wrote the book, you know, in her profession, so she can’t…she doesn’t feel like she can talk to anybody about this, even though a lot of people in the department might be thinking the same thing.

So for her or someone in that position, there are many people in that position, whether academic or not. So some of the things we can design are really not just anonymous reporting, but investigations that are anonymous in some way where you, you say, well, we’re just randomly investigating these 5 investigators or these 10 research clinics. In that way, you don’t draw attention to who you’re really looking at in order to not draw attention then to the person who might have the information. Maybe she wants to research this on her own, so maybe resources online or in paper around her that she can read to research with decision trees, where she could understand better. Is this really a violation? Is this something I should report?

So those are just some ideas. Already, that affects a lot of the elements of a compliance program with the communication, the way that you design the compliance officer to be accessible. If you walk around or you make yourself accessible to students, as well as to faculty, you can pick up on the atmosphere better.

Nick: Great.

Andra: It also…

Nick: Go ahead. No, no. I wanted to make sure that we talked about auditing a sample of research, cause I just…I think these design solutions are very thoughtful with respect to this fact pattern. And I think as we can draw more of these connections between sort of the answer and the question, I think it really helps to illustrate sort of the different sides of the shape of this design approach that we’re talking about.

Andra: Yeah. So, not only providing an anonymous way to communicate. If she does decide, well, this does look like it’s non-compliant, and I am worried about these children or these research participants, that she has a way to…that it’s not obvious that he’s the one being investigated or if it could be obscured in a way where they say, well, we’re investigating these five clinical departments in our university for no reason, just a random audit, preparing for X, Y, Z, and then, but the real reason is to look at this one clinical research office, for example.

Nick: Great idea. Great idea. Does that make sense, Roy?

Roy: Yes. I think that, again, this is an effort to try to find a better way to connect the elements of a compliance program to the people, and the culture, and the uniqueness of the organization. And this is the future. I’ll tell you what, you know, Nick, you keep talking about how youthful our profession is. There have been professions around for hundreds of years, we’ve been around for a couple of decades at best. And for those who are trying to answer some of these questions or prevent the problems of one size doesn’t fit all, going through the motions or checking the box, the opposite of that is this.

Nick: Is this.

Roy: And that we keep saying those are bad and the government just loves looking, doing investigations and finding a lack of this kind of case study, this kind of example, this kind of thinking, and then saying, no, you need to be sent a bigger message. And so…

Nick: It’s a great point for a study.

Roy: I’m excited about the future because of these kinds of changes, the maturing of our profession.

Nick: Yeah. So, talk to us about Alex, Aandra?

Andra: Sure.

Nick: Or Felix. I swear I can read. I promise I can actually do that.

Andra: This is another example of someone who works in…these are sort of all people that work in the healthcare sector simply because that’s where my experience lies, but it’s another example of a healthcare sector person. And he’s…like one of the threads that runs throughout is that everyone’s busy for some reason or another, either their job, their schooling, or their other aspects.

So this gentleman, Felix, he provides data intake for an academic medical center, but… So I’ve audited this type of person before. They’re fantastic at what they do, they’re the best in their office. And they truly don’t have time to read a 300-page policy and procedure manual. Normally, that wouldn’t matter because they know what they’re doing, but if you have a huge change in your policies and procedures, like I was… The reason this idea came to me is because someone just like this, we were… I was implementing the first compliance program within an institution. So when you have a really big change, they do need to be aware of the policies and procedures.

And so, the solution to that would be to create very discreet policies and procedures, about two pages maximum to separate the policy from the procedure, and to make sure that it’s searchable, for example, using a simple Google Search query, and just make sure that they can access exactly what they need for their work. And that makes it simple, and they’ll follow it. It’s just sort of understanding their needs and how they work, and it could be that they need something on paper or not. You could see what they prefer.

Nick: Can we load the design solutions please? Oh, there we go. Okay. So again, we’re just talking about how can we make these actionable? How can we get somebody, the information that they need without having to go through reams of paper or find it on the scroll of regulation?

Andra: Yeah. So, someone maybe 20 years ago or 40 years ago would’ve gotten…I mean, compliance didn’t really…it wasn’t a term, I guess. I guess Roy invented it, but it wasn’t really a discipline that long ago, but someone would’ve just gotten very mad at this person before, right. They would’ve said, you’re not reading our manual. What’s wrong? You’re not competent. But it’s really not about that at all. It’s just as simple… It’s really designing the information in a way that is…that they can find exactly what they need to read, and then writing it and presenting it in a way that’s easy to understand. And that…

Roy: And I just think this is so important. This is kind of what…you gotta ask yourself, why is compliance here? Those who came before us, failed. Well, they didn’t fail to have policies and procedures. They just put ’em in a three-ring binder, and they turned yellow on the shelf. They didn’t do this last step that many compliance officers have been doing for years. And Andra is suggesting that we refine even further by understanding the people that are going to be reading them. They are all different. And then, making sure that not only we have policies, which they did before compliance came along, but that people read ’em and understand ’em, might even get tested on ’em. But furthermore, depending on the department or the type of people, the policies are written in such a way that connects with the people. And Andra gave a good example about the PhD researcher who, well, maybe they wanna study this a little bit.

Real quickly, one of the first things I was taught about trying to communicate to physicians is that they have… I was a compliance officer for a group practice. They’re gonna tear apart what you built. You say, here’s the system, we’re gonna implement it to make sure we’re in compliance with the rule of law, and the doctors would tear it apart. And the head doctor was the chair of the compliance committee said, “Roy, don’t be offended by that. That’s what they do for a living. They don’t implement any procedure on a human being without understanding it fully and making sure they understand how it was created in every element. So, they’re gonna come to your compliance program, cause this is what they do for a living, and they’re gonna take it apart and put it back together and see how it works. And then, they’re gonna listen to you. Don’t get upset about that.” And Andra’s talking about, let’s do that in a preventative way that not, you know, help them by understanding these various types of people and communicating with them in a way that they get.

Nick: Yeah, it’s a great point. And I think, again, part of our job is to meet people where they’re at, and you can exhibit that level of empathy and exhibit that level of servanthood, so to speak. And when you do that enough, and that iterates enough, you can begin to kind of elevate to this sort of role as like a trusted advisor. And we have a really great comment from the audience. It says, “Andra made a phenomenal point. If you have a visible compliance officer, then people will discuss compliance as they know someone is listening.” Again, it feels like the keyword there is listening, right? Listening is such an active thing, right. “It worked for me. If I was not in meetings on risk, process, regulations, then compliance was not really talked about in detail, and the end result would have been really a check the box function or program.” And so, again, this breathes so much life into our role when we start trying to connect it to people and sort of engaging in that active listening.

Real quick, we got a couple of more avatars to go through. So we’re likely going to run over. So, anybody who needs to leave, the replay will be available, and you can catch up on that. I just wanted to give everyone a heads up that this is probably gonna run a few minutes long. Anything else on the design solution for Felix, Andra?

Andra: Yeah. I just wanted to mention for both of these avatars, the Ariadne who was MD/PhD, also to speak to Roy’s point and also for this example, it doesn’t take extra time really to just think very quickly about who this…what the background of this person is. They have a clinical, analytical background, medical background, allied science background. A lot of these regulations were, especially in human protections for research, were actually developed through accords, like international treaties. And also, if you look at the people that form those committees, a lot of them had medical backgrounds. So, it’s a great way to bring in not all regulations are created by lawyers or anything like that.

Nick: Good point.

Andra: You can find connect connections in a lot of places. It doesn’t have to be just, this is the law. You could really explain the history really quick. It only took about a minute to explain that, so…

Nick: Right. Yeah. Just that context though can, again, help frame and help people understand kind of what’s behind it, what the driving force of it is, what the purpose is, and so forth. So let me ask you this question. Oh, I’m sorry.

Andra: It’s not just bureaucracy, I guess. They’re real ethical considerations that people have thought about for a long time, especially in…

Nick: So, here’s another great question. So, is the goal here to identify similar traits in a business and then target that approach across the business and see what sticks with teams as some approaches may align with some but not others? How do you think about that sort of acclimation?

Andra: That’s interesting. I’m not sure. I guess I see each of the different… I see everyone sort of in a different…has different needs from the government to the actual person using it for their work to the community, to the patients, all have different perspectives. And then, within those groups, I see similarities across them, and then, there are similarities across everyone, I guess, in each of the groups. But yeah, that’s a great way to look at it. And you do, you can see what works cause you don’t know unless you do a quick prototype and try, you know.

Nick: Yeah, that’s right. That’s right. Let’s go to the next avatar please.

Andra: Yeah, so

Nick: This is Carly. I’m kidding, it’s Claire. I’m gonna mess up everything that needs to go.

Andra: This is actually, it goes to both of your points that getting feedback is important, but this brings out another reason why it’s important because the person can feel included in the process. And if you don’t end up using their ideas, it’s always nice to go back and say the reasons why, and just to talk to them about it really quickly in a quick chat. But this might help our friends who might appear hostile to coworkers, but in reality, they just want to… As it says here, it’s a boxed cake mix person, where there’s a study performed many years ago where they thought that people would love all the ingredients of a cake to be all included in a box. But they realized that the cake is a very personal thing, and it’s showing a lot of emotion towards someone. So people wanted to feel that they added to it with the eggs. So that sold much more than including dried eggs.

Nick: That’s so interesting.

Andra: Yeah. So, but this person wants that. She or he wants to, or they want to be included in the process, which I’m sure everyone, to some extent, wants to feel, you know, not that it’s something that’s imposed on them. And this doesn’t take a lot of time, again, to communicate these ideas to people. Yeah. And again, this is how data could misinterpreted. This might be a person who has a lot of complaints about her coworkers with confrontation, but it could just be that the data, it doesn’t show the whole story. They just wanna be participating in the process.

Nick: Yeah. And they could also just be hypervigilant, and they might not know what needs to be reported or what doesn’t, or maybe they just have extremely high conscientiousness and that can be misinterpreted by other folks. And it can frankly be misinterpreted by the compliance team, who’s kind of…who are responsible for that person’s…or at least in informing that person’s behavior.

Andra: Yeah. And they could… One way to tailor education for that is you could have educational case studies, just like we’re doing now. You could say, you know, is this something that you find would be reportable and then you could go through it with the whole group. And that’s another element of an effective compliance program, and you can make it really fun. It could be… We’ve done jeopardy compliance and included the whole office. And that it brings people together, and it makes it fun for them to understand.

Nick: Yeah. Just gamifying it and breathing some life into it can help really bridge that last gap to take those words off the page and help to kind of embed in people’s minds to drive their behaviors.

Andra: Yeah. And making a little quiz at the end seems too far, but it actually builds their confidence. You put five questions, and they’ll get it all right, because you go over it so many times in the little course. So, it builds their confidence and they feel that they can confidently go to the manual or go to the policy and procedure online, and get their questions answered.

Nick: So I love this design solution. Again, meeting people where they’re at, encouraging them to speak up about ideas they may have or things they have seen is phenomenal, but also helping them curtail any inherent bias that might be causing havoc in the organization or interrupting sort of interpersonal relationships is phenomenal. But what I find is with somebody like this, when they wanna have input on things, I love how your design solution says allows for that feedback on the policy and procedures. And it really overlays well and dovetails into this comment that I think is spot on.

Such a great point, Andra. Tracking the feedback is extremely important. People love to hear about the evolution of the feedback. And it’s really just a dignity and respect thing. Like, if someone is going out of their way to sort of say, provide some kind of a recommendation, you can at least, to your point, Andra, like circle back to them and say, “Hey, thank you so much for that feedback. We were able to use this piece of it.” Or, “Thanks for the feedback, we weren’t able to implement it because of X, Y, and Z,” and some sort of exogenous thing that maybe is not in their purview, communicating that back to them to continue to encourage that type of active participation, and the development of the program is phenomenal.

Andra: And it cuts back on misunderstandings. In my own experience, there have been misunderstandings where maybe I don’t include someone’s feedback, and they think it’s because of some of other or reason, but it’s just because it’s, for example, maybe they saw it on something in California and it doesn’t really apply in Illinois or something like that. And they don’t realize that, and we just talk about it really quick, and you can invite them to prepare their own draft, a piece of a policy or something like that for the next time. Just try to include everyone. But also, keep moving and do your job.

Nick: Yeah. And I mean to something you said earlier, you can’t take it all. You can’t take all the feedback. It’s our job to be that air traffic controller on the feedback and translate that into the effectiveness. But to your point, if we can start to crowdsource risk management by engaging people and activating them to be those human sensors in the field and you can open up those lines of communication to kick off a conversation, then we can really begin iterating in a more intelligent way.

Andra: I don’t know how you feel about this, but one trick I learned and you could tell me what you think. It might be incorrect, but one trick I learned was to kind of prepare a policy and procedure, and then sort of vet it by someone in the government in the appropriate agency, and then use their feedback as a way to say, “Well, this is the boundary, I guess, of this policy and procedure.” And then, we can figure out the procedure in between, but this is…

Nick: Oh, that’s super smart.

Andra: But I don’t know if that’s the…

Nick: He’s the perimeter. It’s at least the, to your point, those are the lines of the field at that point, then you can sort of organize your team, which is your process kind of within those parameters. I think that’s super smart.

Andra: Cause they might not believe me just saying, well, these are the requirements, but if it’s from someone from the actual agency, that’s going to audit them, it’s, you know.

Nick: Yeah. Again, I mean, it’s an eye toward effectiveness. So you can arm wrestle somebody, or you can kind of shortcut it by borrowing some of that authority in the deliverance of this…

Andra: Yeah. That’s what I did.

Nick: Let’s jump on over to Brutus here.

Andra: Oh, this one was just unusual. This did happen in my experience where someone kept asking me questions about being a whistleblower, or he or she was constantly kind of asking me about standing and what it takes, and I sort of politely said, “I don’t think you have standing to be a whistleblower.” But they…

Nick: Like, they saw whistleblowing as an opportunity to line their pockets or something.

Andra: I’m not sure. I hate to view it in a negative way, but it was just lots of unusual questions. And then, just kind of pointing things out but not actually doing anything. So, it was, I couldn’t… It was at the start of my career, so I wasn’t sure what was going on, but it was a lot of questions about whistleblowing. So, my idea is maybe with…because it is in the news, there are large whistleblower settlements, and the biggest reason why there are real whistleblowers is because they feel ignored, and they constantly have spoken up and said something and then they don’t feel heard. Is that in your…

Roy: Yeah. I think this is absolutely the case that people just don’t feel like they’re being listened to. And then, again, I started to keep harping on it, but that’s what compliance by design is all about, connect with you. You’ve given two examples in the last minute, kind of opposite ends of the spectrum. You’ve got the government who, why don’t I involve you a little bit in some of the things I’m working on, let you know that I care, give you the impression that you don’t need to send us a big message. And then, the flip side is acknowledging that there are people that are gonna be frustrated if they’re not listened to and make sure you listen to them.

I was gonna say this earlier, it’s a great place to put it. The best compliance professionals I have ever seen see the best in people, and boy, that Andra is number one on planet earth and see the best in people. And the compliance officers that suffer and have a miserable life, see the worst in people.

Nick: That’s funny.

Roy: And any effort that you can make to change the way you design your compliance program to understand people better and see the best, the better off you gonna be.

Nick: Yeah. We call that assuming positive intent. And I think if you can lead with that, it opens up a lot for…it opens up the pathways for a lot more collaboration and a lot more authentic connection, right, between your department and these other individuals. And really, just a much better feedback loop as we begin this process of sort of continuous improvement and continuous iteration to dial this thing in, cause you know… Real quick, Andra, how does this fit in with the overall implementation of ESG? So, this is a broad concept that a lot of us are talking about that’s making its way into the broader conversation. How do some of these designs, you know, before we transition here, how do some of these design elements overlay with this broader ESG approach and initiatives that folks are tackling?

Andra: I mean, it’s very similar. I’m sorry, I have a small feedback. It’s a very similar approach where there are lots of different layers. You have the interview and fieldwork, and then, you overlay it on top of the requirements.

Nick: So kind of a similar approach, the principles will apply. I mean, really these design principles apply to anything that you’re trying to make or build, right. I mean, whether it’s a compliance program, whether it’s a policy or a procedure, whether it’s a report, whatever it is, this is really just a framework or a mentality or the production of that thing.

Andra: Yes, exactly. And it can apply to a lot of different industries as well, across many different types of fields, and to areas other than compliance. So, it’s being applied to medicine to actually design of things, our computers, the way that it looks, our phones, the way that they feel and look.

Nick: Let’s go to the next slide, please. Anything else to add on old Brutus here?

Andra: No. So, he’s a contrast to our next person who is Neo and new to compliance. He’s also a student, so he doesn’t…isn’t familiar with how compliance would work. Very busy. So even though someone might be computer savvy, they might just be extremely working on four different things at the same time on lots of different devices. They might be watching a film while studying, while texting. So even for someone who really understands how to use technology, it’s still really important to design compliance things with technology that are very simple to use. So as a student, he might be submitting things for school related to compliance that have to be very simply designed.

Nick: So, let’s talk about the fact pattern here. So, he heard something.

Andra: He did. He heard… So, they’re all required… In this case study, they’re all hypothetically required to complete a research project for their dental school work in order to graduate. And he heard that a classmate left a stack of patient files that he took home with him, in a public space, and the patient files had sensitive information in them. And he’s not sure about if this is a violation, what to do to report this, and he’s truly new to the school, the fields. And his advisor at school is too busy to help answer these questions and his teachers as well. It’s just very, maybe they’re online now, and it’s a different environment.

Nick: So when we’re talking about this design solution, I love that you brought up here empathetic hotline/service to answer questions. And to me, this is really such a great picture of this last mile, and what we find is that a lot of these pro… Look, I really haven’t met many compliance officers or people in the compliance game that are not smart people who care, they put their heart into their work. They wanna make a difference in the world. These are the people that make up our industry. And what I unfortunately see is I see a lot of effort going into building a good program and putting a lot of thought in and trying to keep people out of trouble and pushing out notifications for folks to speak up. And hey, if you see something, say something, and so forth, and then that last mile falls down because there’s not that…someone who’s raising their hand with an issue are not…they’re not met with that empathy.

It’s kind of akin to starting a new restaurant and putting all this money into your ambiance, and the table cloths, and the menu, and you get the right chefs, and all the advertising and so forth, but you don’t care about the waiters and whether they’ve ever waited a table before, and whether they come and just drop the plate on the patron’s lap or not, right? A consistent experience is gonna be great food cooked in the kitchen that matches the ambiance and the services totally phenomenal because we’re talking about a dining experience. We’re not just talking about a bunch of slop on a plate, right.

But that last piece, that last connection, I’m just trying to talk… I’m just trying to speak into, like when we’re thinking about design, we need to think about each of the interaction points and each of the touchpoints that an individual is going to have with our program. And those are not just gonna be with training. It’s not just gonna be with some policy that they read. It’s also gonna be with what they’re met with when they raise their hand to speak up, whether they go and talk to a manager or whether they go and they call a hotline, or they do any of these other things. If you can just kind of talk maybe about like a tip or a kind of a framework, how to apply this design thinking to sort of all the nooks and crannies in that sort of employee experience, which is what we’re talking about at the end of the day.

Andra: Yes. With respect to particularly with someone who has a concern, I think it’s most important to not interrupt them, I guess, when they’re talking and just listen to, and try to assess their… I’m sorry, try to assess their concerns.

Nick: We have a little guest. We have a little guest sneaking onto the webinar, Andra.

Roy: That’s right. We got echo, and we got stuff on the screen, and now…

Nick: You know what? We battled through. We’re battling through to the end.

Andra: So just to make it a place where they… Again, it can still be professional, but also be where they can finish their sentences and outline exactly their concerns. So it doesn’t have to be, you know, they’re obviously adults and they can hold their own, but they also should not be yelled at or not listened.

Nick: Or barked at. Or barked at.

Roy: Nick, I do… The one thing I’d like to add here is it’s interesting because my personality, luckily, I spent most of my time running SCCE and not being a compliance officer, but as a compliance officer, I had a tendency of saying, “This is the rule, follow it.” And the mature compliance professional doesn’t do that and takes into consideration these things. I get a real kick out of this is how far we’ve come.

Nick: Yeah. We have come a long way from the crawling up out of the primordial soup to now talking about design and overlaying on compliance and efficacy, and really trying to meet folks where they’re at. But I mean, it’s just appropriate. I mean, we’re in a knowledge work economy now. We’re not a bunch of atomicons pulling levers in a manufacturing setting. We are our work. We’re all human beings that have different acclamations and personalities. And for us to meet our mandate, we need to account for those different things and that diversity, which is, can be a…it can be a challenge, obviously, but if we can harness it and you can unleash it, so much greatness can come from it, you know?

Roy: Yep.

Nick: All right. Well, we ran over, lively discussion. If there’s any other questions in the chat, I’d love to cover them now. If we can go back to the question page. Thank you. Yeah. So if there’s any other questions in the chat, please share them. Otherwise, we’re gonna go ahead and wrap up. If any others come through in the chat or through our correspondence with email, from time to time, we do a follow-up discussion. So be on the lookout for that. But I just appreciate Andra and Roy. Any parting remarks before we wrap up here, gang? Andra?

Andra: I just wanted to thank you. It’s been a pleasure to speak with both of you. Thank you.

Roy: Yeah. As I wind down, a lot of people don’t have retired and to be a lot less active in this sort of thing, it is just an absolute treat to see the evolution from the primordial goop, a lot of great line, Nick, which I was heavily involved in and to see people like Andra and yourself, Nick, and Gio and others at ComplianceLine. Your organization is just an excellent example of the positive evolution of the profession. And although I won’t be very busy in it, I will certainly be in the bleachers enjoying the progress.