Before you read through this article it’s important to set out a few markers. Firstly if you are on the Board of a business, or a senior leader in a business and you are not finding compliance hard your business is probably not compliant and you might want to start asking some searching questions. Harsh, but experience suggests fair. Secondly, if you are finding it hard and are struggling to get good information and support from your often overwhelmed compliance team, you are not alone.
Over the past two years, The Compliance Foundation (TCF), has worked with many firms who are wrestling with compliance and regulation and who, as a result, are engaging in programmes of change to alter everything from their products, their governance, their technology, their business systems, their operational processes, their sales and marketing practices and their compliance and risk arrangements to ensure they can meet regulatory standards of compliance. They are most definitely not doing this for fun – they are often doing it in response to direct demands from the regulators or pre-emptively, having spotted a problem, to head of such demands.
So what’s happened in the world of regulation and why is compliance seemingly harder than ever? This article provides a few thoughts on the whys and wherefores and hopefully a few useful tips on what to do about it.
Without doubt the last few years has seen the regulators extend their powers and broaden their reach whilst governments have increased their regulatory expectations, but that is only a part of the story and plenty of other things have changed too.
Regulators are no longer simply accepting that firms have done the right things. They are now deeply engaged in not only the what, but the how and even more importantly the customer outcome generated. This is about the regulators not just accepting a ”box ticking” approach from firms. Regulators are demanding Boards and leaders apply judgment and create “compliant cultures” within their firms so that all staff might apply effective judgment. This is made harder as the regulators, whilst providing some principles for guidance, are not providing many specifics as to what a compliant culture actually looks like. Indeed, while they have talked about what ‘bad culture’ is, they have tended to avoid articulating what a ‘good culture’ looks like. At the same time, regulators also demand evidence and want to see effective monitoring processes completed. So while they require judgment to be applied, they also still want their boxes ticked.
Regulators are also expecting compliance functions to be strong, well resourced and capable of challenging the Board and leadership and raising concerns on a regular basis. This means that for many businesses greater investment in resources and training is required. For compliance functions, this means being pulled in many directions, both strategic and tactical.
The last 10 years has also seen a massive change in how customers, suppliers, employees, regulators and the media interact with businesses. Opaque firms are being regularly challenged and transparency is the order of the day. An action perhaps thought seemingly insignificant in one part of the business can have a massive impact across the whole of the business if it is captured and goes “viral”. Think United Airlines. This is the new normal and is not going to go away. Firms in
multiple industries have to rethink their focus on treating customers fairly and delivering compliant, customer centric cultures. Firms need to be prepared to respond to breaking news, both mainstream and social media, and manage their reputations whilst putting in place the procedures to ensure it doesn’t happen again. Compliance has moved out of the back office and is now providing critical support to Boards and business leaders.
To complicate matters further, exerting the necessary level of control over today’s businesses to ensure compliance is not simple. The days of direct command and
control are long gone as today’s businesses have complex and long supply chains. Algorithms in business critical systems and software may well originate from a couple of contractors working for a third party supplier based overseas. Firms are now having to work extra hard to ensure they have a clear line of sight and appropriate controls throughout the supply chain. They have to ensure that everyone who contributes to the business is aware of and delivering to the necessary compliance standards.
So yes, compliance is hard and it’s not going to get any easier.
However, the firms that are managing compliance well seem to be doing so by following a few simple guidelines.
Here are the top five things that TCF think make the difference for those firms and Boards who are doing OK at compliance:
- They take compliance seriously and work on it proactively – making the business changes required before they have a regulator breathing down their neck – they undertake regular external reviews
- They ensure the business (not just HR) is taking real and meaningful steps to build a compliant culture – they have measures in place to support this
- They ensure the compliance team has the necessary resource, support and capability to flag and resolve complex compliance related challenges – they have done their homework and allotted sufficient budget and resources
- They ensure that the firm’s regulatory requirements are understood and managed throughout the supply chain – they take seriously their commitments to customers and ensure that all who contribute to the design, building, dissemination and servicing of a product or service are aware of their compliance responsibilities
- They ensure that supplementary compliance advice and support is available to the business at an early stage in the development of new products, technology, operations processes and advertising campaigns – ensuring compliance is baked in at an early stage.
To do all these things requires line of sight to the Board and leadership and strong management, both programme and ongoing. That is a huge task, but at TCF we would remember the 80/20 rule and recommend that a business leader is better off making a start on one or two of these than being daunted by the prospect of doing the lot and not starting at all.
If you would like to talk more about how your firm is dealing with compliance then please do get in touch or email TCF – email@example.com
At LS Consultancy, we offer a number of distinct products and services which can be deployed individually or combined to form a broader solution including copy advice.
When you face business or regulatory challenges, we provide solutions that are tailor-made to your needs with a view to releasing your energies to focus on your clients.
We work both within individual teams and across many departments to offer a complete solution, with a range of cost effective, compliance and marketing solutions which are uniquely suited to supporting firms.