Compliance evolution: How to thrive amidst growing regulatory complexity
In 2022, the Thomson Reuters Regulatory Intelligence unit captured more than 61,000 alerts from more than 1,300 regulatory bodies — equating to an average of 234 compliance updates each and every day. Yet, the vast majority of compliance leaders expect regulatory activity to increase even more in the next 12 months.
Keeping up with this volume and pace of change is not a task that any CCO can handle on their own or even with a small team, no matter how dedicated. Organizations can't patch compliance at this level of complexity onto “business as usual” ex post facto. To demonstrate a robust compliance program, compliance must become a matter of company culture.
Here are four essential steps to building a culture of compliance.
Start at the top
Like many major business initiatives, the top-down approach to building a compliance culture helps achieve the buy-in from leadership that drives momentum for effective change.
This means the C-suite needs to become hyper-literate in the company’s approach to compliance, which requires the compliance team to develop a much closer and more collaborative relationship with the C-suite or executive team. This relationship should include frequent conversations with executives regarding the regulatory landscape as it evolves, as well as real-time discussions of any necessary changes in internal compliance policy.
To foster this kind of collaborative relationship, compliance teams need to recast their role: Instead of a siloed entity shouldering full responsibility for a company’s ethical posture, compliance must become a hub of proactive guidance for the entire company, from which it can derive education, feedback, advice and information.
Elevate compliance to a board priority
Shifting the board’s mentality on oversight is also essential. Boards, after all, are responsible for the highest levels of an organization’s vision and governance. If compliance is not a regular part of that conversation, then compliance is not an objective priority — leaving the door open to infractions and fines.
While board members recognize their legal responsibility for the oversight of a company, individual members may need a more unified, complete grasp of the full scope of this responsibility. Getting the board committed to a culture that fundamentally prioritizes compliance will therefore require an educational process, likely stewarded by the CCO. The goal should be for every board member to have the current best practices internalized, plus a sound understanding of emerging trends and the broader regulatory landscape.
Empowered by this knowledge, boards can begin proactively integrating compliance and ethics into the organization's strategic objectives — making robust and reliable compliance a matter of standard business operations. This commitment should be transparently communicated through internal and external channels. As with the C-suite, the board’s prioritization of ethical considerations in all business discussions sets an example for the entire organization. Board members must also be sufficiently aware of the intricacies of compliance in order to ask tough questions and support the executive team in carrying out proper oversight.
Socialize compliance across the company
As boards and executives spearhead compliance efforts along with the CCO and compliance team, they also need to start thinking about how to socialize compliance.
The force of their example will be powerful in setting a standard — but leading by example is not enough. Leadership should look closely at current training programs to examine whether they are built to fit their current compliance needs, and whether these programs are suited to how people understand complex regulatory and compliance information.
There’s a reason why compliance training is often unpopular, after all. It typically takes the form of annual training that is boring, deeply complex and unmoored from the everyday responsibilities of the employees. This ‘box-ticking’ approach to compliance is a limp defense against any sort of infraction. Moreover, it lacks the “what’s in it for me” factor that’s critical to building buy-in toward a culture of compliance.
In some ways, evaluating programs currently in place involves a basic level of human awareness: Can an employee effectively internalize complex information if it’s imparted only once a year, in large training modules, isolated from the rest of an employee’s work? The answer is obviously no. Yet this also offers the upside of an easy path to meaningful improvements.
Make compliance training more human
Thinking through a revamped compliance training program, leaders should have two watchwords: engaging and continuous.
Trainings should make an active effort to be engaging — settling for stale presentations of complicated and technical material is a surefire way to torpedo your training. Presenting the material in smaller chunks and making training more interactive engages the trainee and improves retention. Best practices for imparting information, such as contextualizing general principles in relevant and relatable examples, also apply.
To support this goal, trainings should be continuous, rather than delivered in a giant yearly module. Busy employees will quickly forget the latter. But an enormous body of research on human learning demonstrates that continuously presenting (and reinforcing) smaller, bite-size pieces of information helps individuals fully comprehend, internalize, retain, and — most importantly — effectively apply that information.
Culture starts at the top — but grows from the bottom
As the regulatory web grows, thickens and changes at an accelerating pace, compliance can no longer be considered a siloed responsibility. Organizations must make a company-wide commitment to compliance — one that motivates and empowers all employees to make sound decisions that align with the organization's values.
Yet the practical reality is that the bulk of the burden still falls to CCOs and compliance leaders. And that burden boils down to a core problem as old as humanity: What leads people to do the right thing? And why do responsible people so often knowingly flout the rules?
We examine these big questions in a new Diligent executive brief that outlines how compliance leaders can effectively cultivate a culture of compliance. That recipe starts with gaining the top-level buy-in to set the tone for ethical behavior. But it critically requires strategic and relentless efforts to inform, engage and inspire all staff to act as compliance champions, powering ethical decision-making from the bottom up. You can download the compliance executive brief here.
