The NSA Model for Your Compliance Program (Sort Of)

Former National Security Agency contractor Edward Snowden told us that the NSA tracks everything—who we email, our social networks, even what toothpaste we use—using a huge database of information it has collected. Snowden’s tale poses interesting questions about data security, and shows how tracking data can highlight important information about the way we live and work.

Like other disciplines, compliance programs have begun to embrace data analytics. The idea of tracking data and spatial mapping of data has been the subject of numerous articles about “big data,” including some in Corporate Counsel, that discuss the Moneyball approach to compliance.

This approach notes that tracking data is key to using data analytics in a compliance program and that objective data points can highlight emerging compliance risks. For instance, the number of third party intermediaries in a country or government official customers may highlight a company’s anticorruption risk profile.

Companies also can get useful information by tracking communication within a compliance program. Communication is often the lonely stepchild of compliance conferences, which tend to focus on other elements of robust compliance programs such as risk assessment, audits, investigations, or training—maybe because lawyers and outside consultants are more at ease talking about concepts traditionally in their wheelhouse. And communication is hard to get right. At a basic level, it involves passing on compliance messages to internal and external stakeholders, addressing employee compliance concerns, and program tracking.

Program tracking is where many companies miss the mark. Often companies are sent scrambling to rebuild their communication efforts years after a compliance failure, and the company has to try to retrace several years of compliance initiatives. This is a wasted effort. Before checking the communication box on the next compliance risk assessment, compliance professionals should evaluate how they are tracking their program and communicating compliance wins within the organization.

Key questions may include:

How do you communicate your compliance program to the board of directors or other stakeholders?
Does your organization track internal compliance program development on a shared calendar?
Is there a database of resources for owners of different compliance risks?
When an organization has a compliance failure, where is the program-tracking tool that shows the history of the compliance program?

If you haven’t thought about these questions, your compliance program likely has room for improvement. Communication is important—it ensures that internal and external stakeholders are aligned with the organization on compliance messaging and initiatives. This is critical to creating a culture of compliance and ensuring that operations and other stakeholders take ownership in the compliance program.

Programs with effective communication strategies are developing program-tracking tools on platforms such as SharePoint that encourage collaboration, and using other external software solutions to ensure communication of messages, ideas, and resources across the program. These tools include ways to share important developments with compliance stakeholders ranging from the board to operations managers. Not only is communication key to the program’s success, but it will lay the groundwork to make dealing with compliance failures go more smoothly—recreating five years of compliance developments for the U.S. Department of Justice is neither easy nor fun. And the outside lawyers hired to investigate the compliance failure are going to charge a fortune to do it for your company.

Communication is a key element of an effective program, and program tracking is a necessary part of an effective communication strategy. Set aside your views about the NSA and Big Brother, because the agency really understands how to track data (if not necessarily protect it). To ensure a culture of compliance, corporate compliance programs have to both manage information and communicate effectively with program stakeholders. A program without an effective communication strategy is doomed.

Ryan McConnell is a regular columnist for CorpCounsel.com and a lawyer at McConnell Sovany—a boutique law firm focused on compliance consulting, criminal defense, and plaintiffs’ litigation. McConnell also teaches criminal procedure and compliance at the University of Houston Law Center and is a former federal prosecutor. Jonathan Davis runs Jenobi, a firm that crafts dynamic presentations to meet training and communication goals. Both think it would be great if the NSA would filter junk emails or tell you when there is a good Groupon deal. Send the pair your compliance tracking ideas at [email protected].

Featured Firms

Law Offices of Gary Martin Hays & Associates P.C.

75 Ponce De Leon Ave NE Ste 101

Atlanta, GA 30308

(470) 294-1674

www.garymartinhays.com

Law Offices of Mark E. Salomone

2 Oliver St #608

Boston, MA 02109

(857) 444-6468

www.marksalomone.com

Smith & Hassler

1225 N Loop W #525

Houston, TX 77008

(713) 739-1250

www.smithandhassler.com

Presented by BigVoodoo

More From ALM

As generative artificial intelligence inspires one of the biggest transformations in generations, Practical Guidance continues to provide the latest tips to help you prepare for the rapid evolution in the way attorneys work.

Practical Guidance Journal: Protecting Work Product in a Generative AI World

Brought to you by LexisNexis®
Download Now

The recent SEC release comes with significant changes for private fund managers. Hear expert insights on what happened, what it means, and what the compliance considerations are.

Countdown to Compliance: SEC Private Fund Reforms

Brought to you by Ontra
Download Now

Find out what features make a code of conduct most effective. Hint: it’s not just the rules.

9 Ethical Code of Conduct Examples for the Business Professional

Brought to you by LRN
Download Now

Premium Subscription

With this subscription you will receive unlimited access to high quality, online, on-demand premium content from well-respected faculty in the legal industry. This is perfect for attorneys licensed in multiple jurisdictions or for attorneys that have fulfilled their CLE requirement but need to access resourceful information for their practice areas.
View Now

Team Accounts

Our Team Account subscription service is for legal teams of four or more attorneys. Each attorney is granted unlimited access to high quality, on-demand premium content from well-respected faculty in the legal industry along with administrative access to easily manage CLE for the entire team.
View Now

Bundle Subscriptions

Gain access to some of the most knowledgeable and experienced attorneys with our 2 bundle options! Our Compliance bundles are curated by CLE Counselors and include current legal topics and challenges within the industry. Our second option allows you to build your bundle and strategically select the content that pertains to your needs. Both options are priced the same.
View Now

From Data to Decisions

Dynamically explore and compare data on law firms, companies, individual lawyers, and industry trends.

Exclusive Depth and Reach.

Law.com Compass includes access to our exclusive industry reports, combining the unmatched expertise of our analyst team with ALM’s deep bench of proprietary information to provide insights that can’t be found anywhere else.

Big Pictures and Fine Details

Law.com Compass delivers you the full scope of information, from the rankings of the Am Law 200 and NLJ 500 to intricate details and comparisons of firms’ financials, staffing, clients, news and events.

General Counsel Summit (GCS) 2024

August 12, 2024 - August 13, 2024
Sydney, New South Wales

General Counsel Summit is the premier event for in-house counsel, hosting esteemed legal minds from all sectors of the economy.

Learn More

General Counsel Conference Southwest 2024

September 18, 2024 - September 19, 2024
Dallas, TX

Join General Counsel and Senior Legal Leaders at the Premier Forum Designed For and by General Counsel from Fortune 1000 Companies

Learn More

Women, Influence & Power in Law (WIPL) 2024

September 23, 2024 - September 24, 2024
Chicago, IL

WIPL is the original global forum facilitating women-to-women exchange on leadership and legal issues.

Learn More