Regulatory compliance is the raison-d’etre of your team. Ensuring that your firm avoids breaches and the penalties that accompany them is essential if you are to protect your reputation, brand and integrity.
While short-term and superficial exercises can have a temporary impact, if you really want to improve compliance, you need a more entrenched approach.
It’s essential to build a culture where compliance is an inbuilt part of your corporate DNA, rather than something bolted on as an afterthought or tick-box exercise.
Here we look at how to define a compliant culture, and identify the steps you need to put in place to implement one.
What is a compliant culture?
A compliant culture can be defined as an environment that enables and encourages compliant behaviour. And its importance shouldn’t be underestimated. An article by the International Compliance Association claims that ‘Compliance culture, especially in financial services, is a really important element that can impact on the wider cultural challenges that a firm could face’.
An essential building block, then, in creating a firm that meets its regulatory obligations, does the best by its customers, and stands a good chance of avoiding breaching the rules.
The costs of non-compliance
The financial penalties for regulatory breaches are all too clear; a Guardian article earlier this year reported that the regulator’s fines ‘ballooned’ to £320m in the last six months of reported figures.
The benefits of a good governance ethos are therefore evident.
But how can you achieve this?
Six steps towards a culture of compliance
Achieving this inbuilt ethical approach requires:
- Awareness of what’s needed
Understanding what’s required of you is the first step. You cannot comply with regulations and expectations if you don’t fully understand them. Regulatory practitioners need to know deadlines, requirements and anything new coming down the regulatory pipeline.
The FCA’s speeches and publications are a good source of insight into its priorities. Read this blog on the Authority’s views about what makes good conduct regulation, find out more about its priorities in its 2019 business plan and understand what we can learn from its complaints data. All of these will give you a good idea of its areas of focus.
Suitability, for instance, is currently a priority for the FCA; in a previous blog.
- Top-level backing
An ethical ethos needs to come from the very top of your organisation. Increased accountability, particularly at the most senior levels, is an ongoing concern for the FCA; new rules like the SMCR, which comes into force for all FCA solo-regulated firms at the end of this year have put the onus on firms and individuals when it comes to governance.
Filtering this high-level commitment to the rest of the firm is also essential, with clear communications on what is expected. Transparency and clear messages around conduct are vital – whereas a lack of transparency is identified as one of the red flags that indicate a poor corporate culture.
Ongoing regulatory training ensures that everyone is fully up to speed with the latest requirements. Make sure your team is aware of their ever-growing responsibilities.
And of course, compliance isn’t only down to the Compliance team.
- Harnessing effective technology
Earlier this month, the FCA admitted that it needs to adapt to keep pace with technological change. For firms, harnessing technology can be a huge help in building an ethos of good governance.
We looked in more detail recently at how technology can help Compliance teams, whether it’s technology to support training and education or automation that can help to mandate compliant approaches, there are ways to use technology for improved governance. Explore the ways you can use the tools available to help you reduce regulatory breaches.
- Focusing incentives on the right behaviours
Make sure your approaches to pay and reward reflect the actions you want to see. This is something the FCA has returned to time and again in its speeches.
Ensure your pay and incentives support the type of compliant culture you are looking to build.
- Incident reporting and case management
Having clear processes for reporting any transgressions or errors is essential, as is a strong process for record-keeping. Honesty and transparency are key: being aware of breaches is the first step in addressing any shortfalls and mitigating risk.
Any systems you use should give you the MI you need to continuously improve. Identifying the causes of any regulatory slip-ups is vital to making sure they’re not repeated.
Follow these six steps, and you will be well on your way to creating a culture of compliance.
How can we help?