Compliance Culture

With the financial crisis of 2007 in the distant past, we seem to have forgotten the forces that converged to harm both the financial markets and the economy. Risks are no longer contained by borders or walls, and can now travel at the proverbial speed of light around the world. In 2010, the Dodd-Frank Act set off new rules governing everything from mortgages to trades defining disclosures of executive compensation to top management selection. With most of those regulations now in place, are corporate executives doing a better job of promoting a culture of compliance?

According to Charles Elson, Director, Weinberg Center for Corporate Governance, “Compliance really starts at the top, no matter what regulatory regime you put into place”. Many of us think of compliance as being far removed from our daily work. We tend to think of it as a job for the ‘Compliance folks’ in the CFO’s office. While employees are more open to  initiatives that contribute to  the company’s brand building or social responsibility exercise; they take a back seat, when it comes to compliance.

What is it about compliance that  has employees maintaining an arm’s length distance from it? How can it be made part of the organization’s mainstream culture?

What is Compliance?
In my opinion, the whole idea starts with breaking down what compliance really means. Compliance, without all its frills, , simply means “playing by the rules”. However, it doesn’t end there. What separates compliance from other organizational activities like corporate social responsibility or brand building is that when you don’t ‘play by the rules’ – more often than not, you pay for it. Sometimes literally through fines and penalties or more often, figuratively through litigations, audits, closer regulator scrutiny, a diminished brand,  higher attrition rates or all of the above. Given this cost of non-compliance, it’s fairly obvious that “playing by the rules” is not just the domain of the compliance officer or her team, but pretty much the entire organization.

Creating a Culture of Compliance
How then do you go about creating and percolating a culture of compliance in the entire organization? High ethics and employee values help in cultivating a strong culture of compliance. Companies should create controls that reduce the risk of employee fraud, with a strong culture of compliance as an essential starting point.

There are a few things that might help the cause:

1. Do not encourage or ignore unethical practices

Be unflinchingly firm when it comes to playing by the rules. All employees must understand that unfair practices, whether in dealing with each other inside the organization or with external parties such as suppliers and partners, will not be tolerated. Rightly put by Scott Borden, the Ethics and Compliance Head at AECOM,”Fraud occurs when a series of errors in detecting red flags and a lack of oversight takes place,”.

2. Lay down the right policies and communication structure

Well laid out policies act as a ready reference and a guiding path for employee behavior, especially when it comes to things like data confidentiality, information sharing, interacting with vendors etc. Communication also plays a key role since the policy needs to be communicated down to and understood by everybody in the organization. There should also be a mechanism to receive feedback and review these policies from time to time. This has to start at the top and drill down to every level in the organization.

3. Make technology work for you

Technology is possibly the compliance function’s best friend. Technology can help build authorizations, introduce checks and balances into processes, automate mundane repeatable activities and provide evidence and audit trails to track and correct any actions.  Technology can thus enable compliance professionals to defocus from tactical tasks to more strategic work, all while saving costs and precious time.

To summarise, I would say, achieving an effective ethics and compliance culture in an organization requires much more than adding rules and additional layers of controls. There must be an integrated effort that aligns financial and compliance requirements with the organization’s mission and values. And there are  a multitude of things that go into creating a culture of compliance but if organizations can make a start simply by addressing the 3 key areas mentioned above, it can surely give them a head-start to better Complaince Culture. .

To know how technology can add to your arsenal, read our blog on ‘Using Technology to Future-proof Compliance