Since antiquity, the concept of the ‘body politic’ has been well-established: the conception of a polity manifested in a human body. The king is the head, the instruments of government the senses, the citizens the limbs, and so on. What practical purpose this served, other than to provide a metaphor for a society developing at the same time as its knowledge base did (the Romans) or to establish the rights of a sovereign above all other elements (the Tudors), is debatable. But if we accept the idea that all parts of a civic state can be given anatomical twins, this concept can be equally applied to a corporate entity, with – perhaps – more practical lessons to be learned.
Let us start with the spine. Policies are the backbone of any company. Not only do they establish standard procedures and best working practices, they project an outward perception that the company knows what it is doing, and that the unity of the firm is held together by, for want of better words, its internal law. It is somewhat disappointing therefore, that many firms have such a weak spine to begin with, in the sense that the policies and procedures are weak in substance on the issues, or that these are entirely absent. While typically very quick to promote various ‘health and safety’ policies or to advertise cyber-security procedures, there is rarely a rigorous policy written from a ‘security’ point of view. A policy which takes into account that the multiplicity of threat actors (opportunistic, OCG, state-sponsored and so on), their methodologies, and their motivations, cannot be met with a one-size-fits-all approach to security. Which understands that due diligence needs to be both broad and deep, covering essentially every aspect of a company’s work, and puts in place cast-iron regulations on the necessary investigations to be done before a deal is signed or a partner on-boarded. Which ensures that the entire company can effectively be better supported by the material on which it runs internally – and gives partners and contractors external confidence. Without a spine of this type, the entire body corporate quickly begins to fall apart.
Under the original body politic, the monitoring instruments of government (law enforcement, judiciary, security services and so on) were the eyes and ears. In our corporate parallel, this might best be applied to the concept of ‘horizon scanning’ and the act of intelligence-gathering. These are crucial for understanding the context in which the body corporate is operating and provide early-warning of any threats facing it. Just as we do not (cannot) ignore what our senses tell us in real life, and indeed the thought of not using what senses we may have is anathema, so too should information-gathering from a corporate perspective, be constant, and that when the sensory response advises of pain (such as the intelligence pointing out risks or threats) – the rest of the body corporate should pay attention.
Next, we come to participatory elements, in the original model the knights representing the ‘hands’ – or under our metaphor, the actors performing the actions. This could be internal AML teams, independent investigative actions taken by partners/executives, or any procedure to move a project forward. However, it is a common refrain that “the left hand does not know what the right hand is doing” and this is true if assorted elements do not have all of the information to hand (perhaps a deliberate scenario) or if contradictory policies are being enacted: for instance, one department pushing for some measure of diligence and the other unknowing or uncaring. The limbs are not brute-force methods: they are at their best when working in tandem not only with other elements of the body corporate, but with each other, and can best operate if the ‘head’ (to which we are coming) is in possession of the best information. As always, it is about the joined-up approach.
And so, we come to our head: the king, the CEO, the board. It is this element that gives commands as to what every other element should do; despite the apparent policies of the spine, the sensory information supplied by the senses and the possibilities inherent in the limbs, all is for naught if the head acts insensibly. This is often manifested in the drive to generate business at any cost and the choice to disregard evidence from elsewhere, either through an ‘I know best’ mentality or a belief that the threats detected will not be that bad, or that the policies can be ignored in this case, or that the actors will be able to handle anything that goes wrong. This is the biggest failure of all: not necessarily to proceed with a bad decision in light of all the evidence, but to not even attempt to identify such evidence in the first place through application of the other elements of the body corporate.
Only by the head ensuring that these other elements are given the time and resources necessary to perform their functions, can the body corporate rise above its political twin and become a model for a healthy, cohesive and smooth-running business.