It goes by the perhaps obvious name of 'Compliance 2.0'. Although the name leads to being understood as a fad - including numbers normally indicates a mere successful pop remake of last season - this is exactly what the new revised and expanded edition of the compliance methodology is not.

In fact, it changes everything. If until now the concept followed by companies was that of compliance with strict concepts of conduct, the perception becomes that of flexibility and the understanding that not everything can be controlled. It's not that the organization's basic notions of commitment to truth, ethics, and self-protection have changed. They remain. The change was due to the fact that these commitments affect reality and are affected by it. Flexibility then means seeing that red is not always red: there are shades. To get out of theory and go into practice in an extreme example, it is clear that paying bribes is not legal. But if a company and its employees are under threat from a terrorist or criminal group, would it be illegal to pay one of the thugs to betray the gang and provide data to disrupt it?

This question is almost a metaphor, but I think it helps to give the executive insights as to why it is important to think louder and more airy about this topic. Brazil is experiencing a paradoxical moment of great ethical pressure in political, corporate, and personal relations, faced with a unique growth in public scandals and in the debauchery of some of its actors regarding what is happening. It's innocent to assume that the type of situation that led to the Car Wash doesn't continue to exist at that exact moment. This is one of the areas in which there are clear risks for companies, but it is not difficult to think of many others where recklessness is blurry but, as always, ready to explode. And the results, well, the results are covered in examples full of lessons - as the recent cases of Volkswagen, Pactual and Samarco prove it.

The question, therefore, is not whether it is worth it for a company - of any size - to have a compliance policy. That's already set. The question is whether this policy will be true or, this is the worst of all worlds, if it will just be a marketing action. I think, and then I finally get to the point of this article, that the core idea of compliance 2.0 is to place this question at center stage, offering companies that don't like to see their market value burned a wonderful possibility to rethink their risk management policies.

Let's see why this is true by confronting six key points that distinguish the old compliance 1.0 from the brand-new 2.0 model. The first of these has to do with the relevance that compliance policies have gained. This is the place inhabited by the compliance area in the company's organization chart. In version 1.0, it is common to find the professional housed under the Legal Director or similar. In 2.0, he gains board status. One of the implications of this change is the second key point: if before the executive in the area had no power, or had borrowed power, he currently has autonomy. Another change is that until now the department was limited to one guy or maybe a couple of them, whereas today it's a real team. The fourth point is also derived from the new status: before the position was vulnerable, but now it has its own resources.

Note that these changes are not makeup at all. They demonstrate a powerful transformation under way in a company's “existential” format. But there are two other fundamental inflection points, and both already denote the result of this conquest of power. Fifth on the list is that if the head of compliance used to be perceived as the “boring Mr. No!” , and any executive in the sector knows how that is, in the 2.0 model, the compliance director is the object of cooperation and collaboration. This comes not only from the power he receives, but from the perception of his colleagues as to his value as someone who avoids trouble - in fact, he avoids the kind of trouble that can make the life of the company and of everyone in it hell. The last of the key novelties is, perhaps, a corollary of the previous ones: while in edition 1 the professional in the field was sometimes offered up on an altar as a scapegoat when things went wrong (or even just when they were going the right way), in version 2 his position is that of a center of effectiveness and excellence, thus shielded against corporate immolation.

It's no wonder that, in avant la lettre companies, a new acronym has emerged in step with the rise of compliance 2.0. In them, the acronym CCO, for Chief Compliance Officer, gained a letter and a little more responsibility when he became CECO, or Chief Ethics & Compliance Officer. It's no small thing, no. With all this, plus my misunderstanding at the beginning of this article seems pertinent to me: after all, why is the 2.0 edition of compliance still not a dominant topic in Brazilian organizations?

*Postgraduate lawyer in Economic Law from Yale Law School and Master in International Law from Cambridge, Barry Wolfe is director of Wolfe Associates (www.wolfe.com.br), a consultancy in preventive compliance, risk assessment and corporate fraud investigation.

‍