By Louis Sapirman, Chief Compliance Officer, Dun & Bradstreet
Warren Buffett once said, “Everyone must be his own compliance officer. That means everything you do can be put on the front page of the newspaper, and there will be nothing that cannot stand up to scrutiny.”
We are living in an age in which the spectre of regulation hangs over businesses, along with the threat of any misstep or oversight being exposed in the media. From the Panama papers to scandals at major banks and multinationals, there have been numerous compliance breaches in the headlines over the past several years that exemplify the impact non-compliance can have on a business’s reputation and bottom line.
With that in mind, it seems counter intuitive that compliance is often not prioritised by the C-suite.Compliance teams are fundamental to upholding good practice and protecting the reputation of a business, and they require more than a passive relationship with C-level executives; they should always have a seat at the table. Compliance in an organisation represents the height of operational excellence, and is most successful when owned by all employees. Thus, it is an integral element of an organisation’s culture.
From police to partner
Under the traditional view, compliance is sometimes seen as an inconvenience that delays customer on-boarding and revenue-generating activity, or worse, an arbitrary block on a crucial deal. Compliance teams develop new policies and enforce them to ensure adherence with law and regulation – and while this is a fundamental requirement for any business, it is often the compliance team which is seen as a police force, rather than a valued partner that is essential to business growth.
Placing the responsibility for doing the right thing solely on the compliance team is never an effective approach.Best practice approaches involve the C-suite building compliance into the fabric of their organisational culture. Employees are often the first line of defence, and ensuring everyone is aware of their responsibilities is vital; after all, one small mistake can result in far-reaching financial and reputational damage, as well as individual liability. If every employee is aware of their personal responsibilities and the importance of compliance to the success of the business as a whole, risks can be substantially mitigated.
When employees understand that compliance is part of an organisation’s DNA, the value can extend well beyond simply complying with policies and regulations. Employees will begin to consistently consider the impact of the actions on all of the organisation’s constituents: customers, other employees, third parties and shareholders.
The dynamic between compliance teams and the wider business must morph.The ideal of a compliant enterprise is possible to achieve and maintain when employees feel informed, as well as empowered to call the right people for help and advice. Instead of being identified as the team to fix issues once they’ve occurred, the compliance team’s role must adapt to become an essential and proactive partner rather than a ‘police officer’.
Changing the compliance culture
Taking a strategic approach to compliance and aligning it with the business’s priorities is an important step toward cultural change. Through a data-led, risk-based approach, compliance teams can establish themselves as strategic business partners. Instead of being seen as a hindrance, compliance teams have the opportunity to both protect the business and minimise delays to the realisation of new business opportunities. Having a thorough understanding of business strategies and priorities is key to building successful internal relationships. Access to the latest technology and robust data will only enhance a compliance team’s potential return on investment.
Putting compliance at the centre of the business can foster proactive relationship-building. While ultimate responsibility for compliance sits with board-level executives, the compliance team must be positioned to understand the priorities of all employees and develop processes that support growth rather than stifle it.
Similarly, employees should view the compliance team as a valued partner, reviewing practices and making positive suggestions. This builds trust and reinforces the fact that ultimately the compliance professionals are on the same team with the business and is working toward the same goals. Digital media, such as internal blogs, social media tools and instant messenger services, are excellent tools for maintaining communication with the business and sharing best practices –although there is no substitute for getting away from your desk and meeting your employees face-to-face. Building a personal dynamic by getting involved and sharing tips across internal networks can not only reduce the likelihood of breaches, but increase the likelihood that matters are consistently reported internally and investigations will run smoothly.
It’s well understood by most employees that organisations have a legal responsibility to comply with regulations in the areas they operate. But beyond this, there can be a sense of pride in doing the right thing and being a responsible business: compliance can and should be a core part of an organisation’s culture. This can be achieved through education and regular training, as well as a clear commitment from leadership at all levels.
In an age of increasing regulation, businesses need to be compliant from the ground up. Having smart, compliance-led practices that all employees believe in is a key enabler to ensure regulatory requirements are met. It is vital that compliance and doing the right thing is owned by all employees as their responsibility. The compliance team must be viewed as expert business partners, to support the organisation whenever questions arise.