what is compliance - Creating a Culture of Compliance

According to Charles Elson, Director, Weinberg Center for Corporate Governance, “Compliance really starts at the top, no matter what regulatory regime you put into place”. Many of us think of compliance as being far removed from our daily work. We tend to think of it as a job for the ‘Compliance folks’ in the CFO’s office. While employees are more open to initiatives that contribute to the company’s brand building or social responsibility exercise; they take a back seat, when it comes to compliance.

What is it about compliance that has employees maintaining an arm’s length distance from it? How can it be made part of the organization’s mainstream culture?

What is Compliance?
In my opinion, the whole idea starts with breaking down what compliance really means. Compliance, without all its frills, , simply means “playing by the rules”. However, it doesn’t end there. What separates compliance from other organizational activities like corporate social responsibility or brand building is that when you don’t ‘play by the rules’ – more often than not, you pay for it. Sometimes literally through fines and penalties or more often, figuratively through litigations, audits, closer regulator scrutiny, a diminished brand, higher attrition rates or all of the above. Given this cost of non-compliance, it’s fairly obvious that “playing by the rules” is not just the domain of the compliance officer or her team, but pretty much the entire organization.

Creating a Culture of Compliance

How then do you go about creating and percolating a culture of compliance in the entire organization? High ethics and employee values help in cultivating a strong culture of compliance. Companies should create controls that reduce the risk of employee fraud, with a strong culture of compliance as an essential starting point.

There are a few things that might help the cause:

1. Do not encourage or ignore unethical practices

Be unflinchingly firm when it comes to playing by the rules. All employees must understand that unfair practices, whether in dealing with each other inside the organization or with external parties such as suppliers and partners, will not be tolerated. Rightly put by Scott Borden, the Ethics and Compliance Head at AECOM,”Fraud occurs when a series of errors in detecting red flags and a lack of oversight takes place,”.

2. Lay down the right policies and communication structure

Well laid out policies act as a ready reference and a guiding path for employee behavior, especially when it comes to things like data confidentiality, information sharing, interacting with vendors etc. Communication also plays a key role since the policy needs to be communicated down to and understood by everybody in the organization. There should also be a mechanism to receive feedback and review these policies from time to time. This has to start at the top and drill down to every level in the organization.

3. Make technology work for you

Technology is possibly the compliance function’s best friend. Technology can help build authorizations, introduce checks and balances into processes, automate mundane repeatable activities and provide evidence and audit trails to track and correct any actions. Technology can thus enable compliance professionals to defocus from tactical tasks to more strategic work, all while saving costs and precious time.

To summarise, I would say, achieving an effective ethics and compliance culture in an organization requires much more than adding rules and additional layers of controls. There must be an integrated effort that aligns financial and compliance requirements with the organization’s mission and values. And there are a multitude of things that go into creating a culture of compliance but if organizations can make a start simply by addressing the 3 key areas mentioned above, it can surely give them a head-start to better Complaince Culture. .

To know how technology can add to your arsenal, read our blog on ‘Using Technology to Future-proof Compliance