Introducing ‘Compliance Offense’: How to Generate Revenue From Your Compliance Department


By John Joy, FTI Law

Over the last two decades almost every industry has enjoyed a boom in innovation. Sadly, compliance seems to have been left behind. The success of the Securities and Exchange Commission (SEC) whistleblower program shows that even the government is out-innovating the private sector in compliance, which is an embarrassing state of affairs.

Compliance is mostly viewed a defensive mechanism designed to ward off legal violations, prevent investigations and mitigate punishments. However, legal innovations have been paving the way for compliance to act as a revenue generator for shrewd companies who have chosen to add some ‘compliance offense’ to their business strategy. For compliance professionals facing calls to reduce costs, now is the perfect time to explore compliance offense initiatives that could monetize the talent of the compliance department.

Unfair Competition Lawsuits

One of the long-held complaints about corporate misconduct is that fines do little to dissuade or punish corporate wrongdoing. Fines for corporate misbehavior typically come years after the misconduct and long after the company has enjoyed the positive effects of revenue, PR and market share. Winning large contracts can be critical to ensuring the continued presence of a company in a region or staving off a takeover, asset sale or even bankruptcy. Paying a bribe is unethical, but sadly, it could be an economically sound decision for an unprincipled company. Compliance personnel working for ethical companies have a duty to pursue profits lost to unethical competitors, and unfair competition lawsuits can be a great way to do this.

A good example of this strategy can be seen in a recent settlement between Nokia ($NOK) and rival Ericsson ($ERIC). Nokia and Ericsson have long competed for cell tower business but historically, Ericsson appears to have taken a lax approach to legal compliance. In 2019, Ericsson was fined over $1 billion by the U.S. Department of Justice (DOJ) and the SEC to settle allegations that Ericsson bribed government officials to win business in several countries. Presumably, some of those contracts were won at the expense of ethical competitors, like Nokia.

In a deft act of ‘compliance offense,’ following Ericsson’s regulatory settlement, Nokia threatened to sue Ericsson over its compliance transgressions. The compliant was never disclosed, but presumably Nokia’s claim was based on a theory akin to unfair competition. Unfair competition is a legal doctrine that allows companies to bring lawsuits against competitors who engage in illegal behavior which gives them a competitive advantage. This was a bold strategy for Nokia and it paid off handsomely when Ericsson settled the dispute for almost $100 million in May last year.

Nokia’s actions provide a great template for compliance professionals working for ethical companies who face competition from unethical rivals. With the DOJ and SEC regularly publishing enforcement actions, compliance personnel should be on the lookout for competitors who have recently settled regulatory actions. This could provide the perfect opportunity to assert a claim for damages as a result of a rival’s unethical behavior and generate revenue for the company. By ignoring these opportunities, compliance professionals are reducing the costs of corporate misconduct for unethical companies.

Whistleblower Bounty Hunting

Companies traded on the NYSE or NASDAQ are subject to a host of laws that require their filings, financials and public disclosures to be honest and accurate (typically referred to as securities laws). Compliance professionals working at companies that are not publicly traded may ignore these rules, but doing so would be ignoring a valuable opportunity to potentially generate revenue through whistleblower bounty hunting.

Not only can reporting competitors put a stop to unethical business practices, it could also result in lucrative whistleblower rewards. The SEC runs a wildly successful whistleblower rewards program which has paid out over $1.3 billion to whistleblowers in the last 10 years. Whistleblower awards range from 10-30% of any fine collected by regulators and last year, two awards were over $100 million.

While the SEC won’t pay awards to a corporate entity, there is nothing stopping a company from allowing an employee or group of employees to report a competitor’s misconduct, potentially with an arrangement that allows for the company to share in the award as well. The SEC whistleblowing process is low-cost, straightforward and anonymous, making it particularly attractive. Market intelligence firms and short sellers are incorporating SEC whistleblower reporting into their business models and the SEC has paid several whistleblower awards to whistleblowers who didn’t work at the company they reported.

Compliance professionals should learn about the SEC whistleblower program not just to understand the potential risks it poses for their own company (defense), but also to explore the potential benefits of reporting competitors that are not operating ethically (offense). If a company turns down a business opportunity because of compliance concerns and a competitor snaps it up, this could put the ethical company in a good position to report the violation and map out their concerns to regulators. In addition, there are also several other federal whistleblower programs that could provide further opportunities for ethical companies to reclaim revenue lost to unethical competitors.

(CaaS) Compliance as a Service

The industry for third-party risk management is expected to grow to over $8 billion in the next three years.  Despite the size of the market, many large companies manage compliance with inhouse systems and software to help comply with rules covering AML, KYC and sanctions. This is especially the case for financial institutions who have to screen hundreds of thousands of transactions and party names each day.

Compliance personnel can often view these systems as an internal resource without realizing that they could provide revenue generating opportunities if they were used to offer Compliance as a Service (CaaS). The key to unlocking CaaS opportunities is to identify customers, business partners or other firms who could use the compliance infrastructure that has already been developed by the company. This could be a customer who is already paying for third-party compliance screening or is hoping to expand into an unfamiliar business line or region. Many startups in the digital asset space are struggling to understand and meet compliance obligations that some companies have been dealing with for decades.

Compliance personnel who are proud of their company’s compliance infrastructure should explore whether they can offer CaaS to clients or business partners. By seeking out CaaS opportunities, companies with excellent compliance systems can monetize a resource they already have at relatively low cost, and turn their compliance function into a revenue generator.


Compliance personnel should think of ways to align the skills of the compliance department with the revenue generating goals of their employer. While compliance costs are an inescapable part of business, this does not have to be the only dimension of the compliance department. Compliance departments are often filled with great minds, but the employees are risk averse by training. Compliance and corporate leaders need to encourage these individuals to innovate for the benefit of the organization and think about adding some compliance offense to their business strategy.

About the Author

John Joy is the Managing Attorney of FTI Law, a whistleblower law firm in New York specializing in securities laws and whistleblower awards. John has worked for almost a decade on financial crime, corruption and FCPA cases around the globe. He regularly acts as an expert commentator in business and legal media on corporate crime, whistleblowing and other international corruption issues.