White collar workers don’t wake up in the morning thinking “what could I possibly do to bribe someone today?”
And yet, that’s exactly what happens.
According to the World Economic Forum, corruption alone amounted to $2.6 trillion in 2018,[1] or 5 per cent of the global GDP. The World Bank indicates that 1 trillion dollars in bribes are paid each year worldwide.[2]
What have companies been doing so far?
Spending staggering amounts of money on “compliance programs”.
In lay terms, compliance can be defined as the set of rules that companies have to respect when conducting their business, subject to criminal or administrative sanctions: anti-corruption, anti-money laundering, anti-financing of terrorism, protection of personal data, competition law, social law, embargoes, international sanctions…
For lawyers, compliance programs are a key tool in the defence of corporations:
- The “adequacy and effectiveness of the corporation’s compliance program”, and
- Remedial efforts to “implement an adequate and effective corporate compliance program or to improve an existing one” are key factors for prosecutors’ decision to bring charges,[3]
- The efficiency of a compliance program is assessed to calculate the appropriate organizational criminal fine,[4]
- Whether a corporation tested its compliance program to “demonstrate it would prevent or detect misconduct” is namely used to determine whether a monitor is appropriate.[5]
In a nutshell, compliance programs’ efficiency is a must.
Yet, these programs have been described by a former compliance expert at the Department Of Justice, Hui Chen, as “mostly box-checking processes and mindless training exercises”, and “window dressing”.[6]
So, are compliance programs doomed to fail?
Or is it possible to leverage design as a conception method to create user-centric compliance programs, and, in turn, reveal the underlying value of compliance?
In several projects for clients throughout Europe, the agency I founded (www.amurabi.eu) explored user-centricity, identity- and value-based design, affordance, nudge and neuro UX to create more effective compliance programs and documents. We also explored whether leveraging all these design techniques could help revealing the underlying value of compliance.
The main steps of these various projects achieved in the course of 2019 were the following:
> Step 1: exploring identity is a designer’s approach. What is the true purpose of a compliance document? What are the underlying values behind “compliance” to which users could naturally relate?
> Step 2: the main challenge for compliance documents is the lack of use by the intended “target audience”. What’s the usual user journey into compliance issues? How might we trigger usage through values-based redesign?
> Step 3: nudge is a concept in behavioral science using positive reinforcement and indirect suggestions to influence people’s behaviors and decisions. How might we leverage nudge to induce interaction with the content, and limit the “push-back” reflex?
> Step 4: prototyping early, testing and co-creating with users and iterating until finalisation.
The Methodology
Step 1: Exploring identity
Why chose this approach?
The starting point of my reasoning was the observation of the meaningless nature of many compliance programs, as evidenced by Hui Chen, as well as Todd Haugh.[7]
What could serve as an “antidote” to this “tick-the-box” approach, i.e. absence of reading?
During my Master’s Degree in “Innovation by Design” at ENSCI, it became clear over the 18-months classes, group projects and workshops, that exploring identity is fundamentally a designer’s approach. For example, Sylvain Rieu-Piquet explored the identity of the electric car,[8] observing that the imagination “mutates” from a classic representation of power and speed to environmental and social values that transform the very representation of the car.
Exploring the identity of an object, or a company, enables designers to create a form that will subtlety convey key messages to the users, thereby triggering adoption.
Hatschuel’s research[9] on « parure et pointe » (which could be translated as “adornment and peak”) sheds an interesting light on objects’ identity : adding adornment to an object « transforms the object which becomes illuminated and more significant”. At the same time, according to Hatschuel, the object to which such adornment is added has its intrinsic value revealed. Thus, the adornment makes the latent value of the object visible to all.[10]
In addition to design research, I also explored behavioral science. In 2010, two researchers from Berkeley and Dresden University evidenced in a study on 80,000 online users in the US that fine print, jargon and authoritative language in contracts trigger the automatic response in our brain: “do not read”.[11]
Böhme and Köpsell leveraged, in turn, psychologists Daniel Kahneman’s and Amos Tversky’s work on the “dual-process theory”.[12] Basically, our decisions would be based on a dual cognitive process:
- The “intuitive” process (called “System 1” by Kahnemann and Tversky) which is “fast, automatic, effortless, associative, and often emotionally charged”,[13] or
- The “reasoning process” (referred to as “System 2”), which is more serial, slower and deliberate. This is, for example, the system on which we rely to solve mathematical problems, because we identify that they require more attention.
Obviously, System 2 requires more efforts, energy and time than System 1, so that we default to the intuitive process.
Böhme and Köpsell’s key finding is that fine print, legalese, authoritative legal documents trigger the intuitive response of our brain: this is a legal document, not meant for me, I don’t need to read it. This is why they consider that our brain has been “trained to accept”: decades of incomprehensible contracts have developed our intuitive system to blind sign.
Conversely, their study also shows that it is possible to stimulate the reasoning process of our brain, namely through design. Indeed, their study evidenced that by adding a “welcome message” which calls upon readers’ values and/or which asks for readers’ help, users are more prompted to pause, and read.
Why exploring this technique at this initial stage of the project?
As explained, the main challenge for compliance document is mere rejection and sheer absence of reading. Whatever graphic, service or UX design we could leverage later on, it was necessary to solve this fundamental problem upfront.
Thus, we explored compliance’s identity as a way to trigger the reasoning process of our brain, which encourages users to read. We did so in a project for the International Chamber of Commerce of Belgium: “Unbox compliance”.
How did we do it?
The starting point was the strong ambition of Mathieu Maes, the Secretary General of ICC Belgium: create a compliance advocacy document that would resonate with SMEs, which do not have an internal compliance officer and generally feel relatively unconcerned.
Based on Böhme and Köpsell, we knew it was necessary to depart from the traditional language, and the administrative, even authoritarian, appearance of compliance documents to make “the law” resonate with medium-sized companies.
Mathieu Maes completely changed the original wording of the document. He dug into the very essence of compliance and its fundamental purpose, by asking a simple question:
What do regulators really want to achieve with the different laws on anti-corruption, anti-money laundering, anti-terrorist financing?
And, more importantly: what do companies really need to know in order to do the right thing?
Looking at compliance in terms of its identity implies going to the roots of the underlying values that the legal system is trying to promote/convey:
In addition, our approach also consisted in turning abstract and impersonal rules into practical and concrete cases, significant to SMEs, in plain language and in line with their usual business environment:
Digging into the very essence of compliance also necessarily means to look at the underlying motivations for the behaviors that compliance tries to prevent.
Criminologists consider that the crux of white-collar crime lies in “verbalizations”.[14] In a nutshell, verbalizations are statements that people use to convince themselves that the unlawful behavior they are about to engage in, is actually permissible.
According to Cressey, the words that the potential white-collar offender uses during his/her conversations with him/herself are “actually the most important elements in the process which gets [him/her] into trouble, or keeps [him/her] out of trouble.” Cressey asserts that verbalizations were “[v]ocabularies of motive,” words and phrases not invented by the offender “on the spur of the moment,” labeling “deviant behavior as appropriate”.[15]
It is therefore critical that compliance programs are designed in such a way, as to shortcut verbalizations and, according to criminologists, activate the internal “ethical monitor”[16] of each individual.
This is precisely why we developed this content: “Be Good, Be Honest, Be Safe” are simple and strong principles, meant to activate individuals’ ethical monitor, which we illustrated by practical situations and tools (online version).
The whole point was to use strong but simple principles to convey key messages. “Don’t accept gifts that involve returning the favor”: no technical terms, no jargon. This makes verbalization more difficult.
Step 2: (re)thinking usage
The major challenge for compliance programs is the lack of use by their intended audience: the heavy, technical, authoritative content often makes them useless. As they are not read, they remain unimplemented.
Why chose this approach?
Don Norman’s “user-centric” approach to design seemed particularly useful here:[17] design should be based on the needs of the users. As detailed by Don Norman, the 4 key principles of human-centric design are (i) solving the right problem, (ii) focusing on people, (iii) taking a systems point of view and (iv) prototyping early and iterating.
“Focusing on people” means not just identifying all the stakeholders but hearing from them what their needs, constraints, expectations are. According to Norman, it implies starting with the needs and abilities of people: “it means considering all the people who are involved, taking account of the history, culture, beliefs, and environment of the community. The best way to do this is to let those who live in the community provide the answers.”[18]
In addition, Norman’s expansion of James Gibon’s concept of “affordance”[19] seemed very promising to tackle the lack of reading: designing objects as “mediators” between the user and the task, and creating forms which would intuitively trigger the usage of objects.
Transposing these principles to compliance programs, the design of these programs should be built around the needs and interests of their users, with an emphasis on producing content that is easily, intuitively used and understood.
How did we do it?
In practice, the key questions are: Who are the users? What are the key steps for users, what are their information gaps, questions, difficulties, frustrations, needs?
This is what we identified during a “user workshop” in a distinct project, which involved the design of an EMEA anti-corruption code of conduct. We conducted a series of user workshops, attended by about 20 operational individuals, which were chosen to be representative of the teams that are most exposed to compliance issues. Participants were also carefully chosen to constitute a representative sample in terms of gender, age, hierarchical seniority, location and time served in the organization.
During the workshop, we facilitated 6 different exercises, each of them was carefully worded and timed to allow both individual thinking and group sharing.
The structure of the workshop was the following:
1. Exploring the topic: the first exercise aimed at identifying spontaneous word associations on a number of compliance-related issues
2. Defining the user journey: the second exercise aimed at defining the key steps of their user journey when faced with certain compliance issues: what are their main pain points, expectations, information gaps…? We facilitated several exercises of user journey, on generic compliance issues to very specific topics we had previously identified with the client
3. Digging further on main pain points: the third exercise aimed prioritizing the most problematic issues and enabling users to (individually) provide their own ideas to solve the main pain points
4. Ideation and co-creation: one of the last exercises consisted in putting aside constraints to prompt users to collectively imagine their own ideal solutions.[20]
Unfortunately, we cannot disclose the results of these workshops for confidentiality reasons, but one of the key steps of their user journey was “why should I care “(classic engagement problem), and more importantly “how do I know what is the right behavior to adopt in practice”?
To address this specific pain point, we created the concept of the “Trust Compass”. For each legal topic covered, the page starts with a question, a user “verbatim” from the user journey workshop.
These verbatim enable self-identification, and thus the beginning of ownership.
Then, the “Trust Compass” allows the user to know precisely which behavior he has to adopt in practice, in clear terms that reflect the business situations experienced by the users (stemming from the user journey workshop).
For certain relatively technical or complex topics, a “translator” is added: a section that explains the rules in particularly lay terms and makes them fully accessible.
In another project, aimed at ensuring reading and the understanding and full application of a compliance “letter of engagement” sent by a holding company to hundreds of its subsidiaries, the creation of a user journey revealed quite unexpected difficulties of understanding.
For example, during the user workshop, it emerged that subsidiaries’ managers and finance directors did not necessarily see the connection between financial flows outside and within the group, and the legal risks associated with international sanctions and embargoes.
Thinking in terms of usage and user-centricity consisted, in this large decentralized group, in creating “the journey of a euro”.
The idea was to visualize the path the money might take before arriving at one of the group’s subsidiaries, and the implications this could have in terms of embargoes and international sanctions.
This “journey” consists of very concrete situations:
A partnership in Iran, an investment project in Russia in an entity whose ultimate beneficiary is Belarus, a business trip to Cuba by a US Director…
User centricity is not new, even in compliance matters. Actually, the United Nations official practical Guide on anti-Bribery ethics and compliance programs for companies (UNODC, 2013) advocates a user-centric and collaborative approach. The UN thus recommends, for example, providing training that focuses on “employee needs” and on “practical examples, tips and tools, as a way to make these programs relevant from a practical point of view.”
The United Nations advocates “a participatory approach in the implementation and continuous improvement of the programme, thereby creating a sense of ownership among stakeholders. This method leads to awareness and acceptance of the anti-corruption programme.».[21]
Step 3 : leveraging nudge and neuro UX
Nudge — Why chose this approach?
As we have seen, neuroscience sheds some interesting light on lawyers’ debates: our brain works either in automatic or in reasoned mode, the use of one or the other system depends on the type of decision, the level of commitment of the individual, his or her personality but also on background elements.
Thus, what lawyers should be asking themselves is really how to ensure that a compliance document (i) is used and (ii) generates reasoned thinking?
Again, behavioral science can help. “Nudge” can be defined in very simple terms as a way to influence people’s behavior in their own best interest, without any coercion. I’m fully aware of the wide academic debates about the definition of nudge,[22] and about whether or not it should be used in public policies, given that nudge could be seen as a threat to our individual freedom.[23]
I was personally inclined to explore this method given the very high stakes of fighting against corruption globally, but also after listening to Celia Hodent, the psychologist behind the game “Fortnight” telling us the story of how Amsterdam airport leveraged nudge to keep the gents’ restrooms clean.[24]
I was also influenced by the realization that we’re being nudged daily by social networks, on-demand video services and the like, to keep us hooked on services or platform that we don’t necessarily need.[25]
In the ICC Belgium project, the question was clear: which form might we create to avoid users’ usual reflex of push-back when faced with compliance content?
In order to trigger ownership of the document, we created an object that triggers an interaction between the document and its users.
The redesigned document is an A5 brochure that can only be read with the help of a red filter that the user applies in front of each page to discover more information.
Without the filter, the user sees only parts of the text that contained engaging values. By using the filter, the user discovers more information.
The interaction that is created is the starting point for a dynamic between the user and the rules.
The shape of the object enables its manipulation.
A first step towards use.
The filter is thus also a kind of adornment that reveals the value of compliance, as the user can discover and understand more content and meaning by using the filter:
In several other compliance projects, I also leveraged “Neuro UX”. I’m deliberately putting aside the debate as to whether neuroscience-based design should be called “neuro UX” or just “UX design”,[26] to focus only on how to increase engagement towards, and understanding of legal documents.
(Neuro) UX — Why chose this technique?
I was deeply concerned by the amount of compelling research over at least a decade clearly evidencing blind signing of online contracts and privacy policies.[27] To my knowledge, no one has ever dared measuring blind signing of corporate policies, for obvious reasons. But if most of us don’t take the time to read a legal content that might affect our budget or our personal data on a daily basis, is it reasonable to assume that we would behave in a drastically different way in our professional sphere? My 15+ years of experience in private practice and in-house providing compliance training was unable to substantiate that assumption.
I then came across a study by the Behavioral Insights Team, commissioned by the UK government in 2019, which tested no less than 18 design techniques as regards their effect on engagement and/or understanding of online T&C’s and privacy policies.[28]
Based on online testing on groups from 300 to 600 people, the results of the study are the following:[29]
Based on that evidence, as well as on evidence stemming from the video games industry,[30] we inserted reading time on top of each user-centric section in a global privacy policy, as well as a progress bar:
We also turned neutral titles into meaningful questions (in addition to a complete restructuring of the privacy policy, dividing sections by users instead of legal topics), and clearly identifying what users need to know and they need to do:
Step 4: Testing and iterating
In all our projects, we conducted test workshops with users, to test various usage scenarios of the prototype and iterate.
For the ICC Belgium project, we conducted the test workshop in May 2019 in Brussels. Given the sensitivity of this topic, the test workshop was conducted with compliance officers, whose job is to enforce compliance in the company (not “ordinary” users). They considered that the new version was likely to help them generate more than twice as much reading and interest during the compliance training they delivered in their respective companies. The iteration process enabled us to test various color versions, based on the color theory, as well as various types of content being discovered though the filter.
As regards the redesign of the EMEA anti-corruption code of conduct (confidential client), the test workshop led to very significant modifications of the wording and the design, and a total of more than 15 versions until finalization.
Results and impact
The results in the ICC Belgium project were:
3 paper versions of the redesigned content, in English, French and Dutch
An online version where the red filter is triggered by clicking/scrolling
An exhibition during Paris Design Week 2019
The redesigned EMEA anti-corruption code of conduct looks like this (anonymized version):
The redesigned compliance letter of engagement looks like this (anonymized version):
The redesigned privacy policy looks like this (anonymized version):
For confidentiality reasons, clients who have entrusted my agency with their compliance programs do not wish to make any indicators public.
However, we are launching a global community of “legal design testers”, in collaboration with various universities including Singapore Management University. On an anonymous basis, this community of volunteers will be divided into 2 representative groups (in terms of age, gender, social background, knowledge of the law, location…), one of them will be provided with the original document, the other will be provided with the redesigned version and both groups will be asked the exact same questions as to their understanding of the documents.
Results will be shared as soon as possible.
[1] United Nations, Global Cost of Corruption at Least 5 Per Cent of World Gross Domestic Product, Secretary-General Tells Security Council, Citing World Economic Forum Data (United Nations meeting coverage and press release 2018)
<https://www.un.org/press/en/2018/sc13493.doc.htm>
See also Stephen Johnson, Corruption is costing the global economy $3.6 trillion dollars every year (World Economic Forum 2018)
<https://www.weforum.org/agenda/2018/12/the-global-economy-loses-3-6-trillion-to-corruption-each-year-says-u-n>
[2] Ibid.
[3] The United States Department of Justice, Principles of Federal Prosecution of Business Organizations (Justice Manual) JM 9–28.300 and JM 9–28.300, citing JM 9–28.800 and JM 9- 28.1000.
[4] The United States Sentencing Commission, (Sentencing Guidelines) U.S.S.G. §§ 8B2.1, 8C2.5(f), and 8C2.8(11).
[5] Brian Benczkowski, Selection of Monitors in Criminal Division Matters (The United States Department of Justice October 11, 2018).
[6] Hui Chen and Eugene Soltes, Why Compliance Programs Fail — and How to Fix Them (Harvard Business Review March-April 2018).
< (https://hbr.org/2018/03/why-compliance-programs-fail) >
[7] Todd Haugh, The Trouble With Corporate Compliance Programs (MIT Sloan Management Review September 6 2017)
< https://sloanreview.mit.edu/article/the-trouble-with-corporate-compliance-programs/>
[8] See Adrien Guerin, L’imaginaire électrique par Sylvain Rieu-Piquet (Sysmolab Blog 2 May 2013)
<https://blog.ensci.com/sysmolab/2013/05/02/limaginaire-electrique-par-sylvain-rieu-piquet/>
[9]Armand Hatchuel, under the direction of Brigitte Flamand, Quelle analytique de la conception ? Parure et pointe en design
(Editions du Regard 2006)
[10] Hatschuel specifies that the adornment operates an « extension of the object », which has « new attributes », but the object keeps its identity. In practical terms, an oven which is painted in red may become a luxury object, but remains an oven. On the contrary, the « peak » (« la pointe ») operates a shift in the very identity of the object, which is thus transformed. The function of the object changes and thereby, the identity of the object is modified. For example, Matali Crasset’s Regenesi project plays with « peak » and changes the identity of the object : the object is a type of origami in which a slight modification of the folding changes the identity of the object which changes from a tray, to a bowl and a basket <http://www.matalicrasset.com/fr/projets>
[11] Rainer Böhme & Stefan Köpsell, Trained to accept? A field experiment on consent dialogs (2010)
<http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.182.8938&rep=rep1&type=pdf>
[12] Kahneman and Tversky’s work was popularized with the publication of Kahenman’s 2011 book;
See Daniel Kaheneman, Thinking, Fast and Slow (New York Farrar, Straus and Giroux 2011) 20–24. See also, for example, Daniel Kahneman, Maps of Bounded Rationality : Psychology for Behavioral Economics (American Economics Review volume 93 no. 5 2003) 1449–1450.
[13] Daniel Kahneman, Maps of Bounded Rationality: Psychology for Behavioral Economics (American Economics Review volume 93 no. 5 2003) 1451.
[14] Todd Haugh, Sentencing the Why of White Collar Crime (Fordham Law Review volume 82 Iss.6 2014). <http://ir.lawnet.fordham.edu/flr/vol82/iss6/19>
[15] Donald R. Cressey, The Respectable Criminal (Trans-action 1965): 13, 14–15: describing an offender’s motivation to commit a crime as involving three “essential kinds of psychological processes,” one of which is a neutralization.
[16] Todd Haugh, The trouble with corporate compliance programmes (MIT Sloan Management Review 2017).
[17] Donald Norman, The Design of Everyday Things (MIT Press 2013).
[18] Donald Norman, The Four Fundamental Principles of Human-Centered Design and Application (23 July 2019).
<https://jnd.org/the-four-fundamental-principles-ofhuman-centered-design/>
[19] Donald Norman, The Psychology of Everyday Things (Basic Books 1988).
[20] Further to the initial workshop, we analysed all these insights and applied the principle of “maximum impact with minimum ressources” to identify the most promising ideas for the new prototype.
[21] United Nations Office of Drugs and Crime, An Anti-Corruption Ethics and Compliance Programme for Business: A Practical Guide (2013).
<https://www.unodc.org/documents/corruption/Publications/2013/13-84498_Ebook.pdf , p.25.
[22] Pelle Guldborg Hansen, The Definition of Nudge and Libertarian Paternalism: Does the Hand Fit the Glove? (European Journal of Risk Regulation 2016).
[23] See e.g. Ryan Calo, Code, Nudge, or Notice (Iowa Law Review 99(2) 2014) 773 et sqq; Henry Farrell and Cosma Shalizi, Nudge No More (New Scientist 26 November 2011); Pete Lunn, Regulatory Policy and Behavioural Economics (OECD Publishing 2014); Thomas Ploug, Søren Holm and John Brodersen, To nudge or not to nudge: cancer screening programmes and the limits (Journal of Epidemiology and Community Health 66(12) 2012) 1193 et sqq; Anthony Randazzo, The Case Against Libertarian Paternalism (23 April 2013); Mark D. White, The Manipulation of Choice: Ethics and Libertarian Paternalism (Palgrave Macmillian 2013); Mark D. White, The richness of personal interests: A neglected aspect of the nudge debate (23 October 2013); Paula Zoido-Oses, The problem with nudge policies is that threaten our freedom to choose to act well (9 July 2014)
[24] In a roundtable to which I participated in January 2019, organized by the French Data Protection Commission, Celia Hodent explained how the usual posts and warnings had completely failed to keep the gent’s restrooms clean at Schiphol airport. Until a designer had the idea of putting a fake fly in the toilet bowl. From then on, gents would target the fly, keeping the facilities spotless. A short story of how leveraging users’ tendency to play can help maintaining public spaces.
[25] Nir Eyal, Hooked: How to Build Habit-Forming Products? (4 November 2014). See also, The Centre for Humane technology: <https://humanetech.com/>
[26] Neuro UX may be defined as using cognitive neuroscience in designing the user experience. Neuro UX may also be called cognitive research as a tool for understanding user path choices and thus how to design interfaces.
[27] See for example, OECD Directorate for Science, Technology and Innovation, Improving online disclosures with behavioral insights (OECD Digital Economy Papers №269 2018): see in particular page 23.
<https://www.oecd-ilibrary.org/science-and-technology/improving-online-disclosures-with-behavioural-insights_39026ff4-en>
[28] The Behavioral Insights Team, Best Practice Guide: Improving consumer understanding of contractual terms and privacy policies: evidenced-based actions for businesses (2019)
[29] I would question their results as far as “simple language” goes, as it does not seem that they actually used “plain language” but rather an over-simplification of legal terms, which left users confused.
[30] See Yu-kai Chou, Gamification & Behavioral Design
<https://yukaichou.com/gamification-examples/octalysis-complete-gamification-framework/>
