How to implement a compliance culture starting with the board

The Board of Directors acts as the ultimate guardian of the organization, setting overall policy objectives whilst also ensuring that the company stays on the straight and narrow. For this reason, it is logical that any highly effective board of directors must make sure that the organization for which they are responsible takes the right steps to ensure that compliance takes a key role within the ongoing running of the company. 

Compliance is an issue that affects the day to day business operations of all levels of the corporate structure, ranging from the CEO to the graduate trainee. It is therefore essential that the board of directors use their extensive powers to build a compliance culture that guarantees that the company is able to cope with an increasingly complex number of international regulations that are being implemented across the globe. 

Creating a comprehensive compliance framework requires an investment of time and resources that can put off many,  but that is relatively little when compared to the fines and legal battles that are the result of having been caught failing to comply. 

There are a series of steps that a board can take so that compliance has an increasingly central role within the operations of the organization.

Hire a Chief Compliance Officer

Never underestimate the effect that having the right leadership will have on wider company as whole.

This may sound like an obvious step but it is one that can often go overlooked by leading organizations. If compliance is to be taken seriously, it is essential to hire a profile that is willing to challenge leadership on their strategic and operational decisions. 

Companies have often looked at the appointment of a CCO as something almost ceremonial in nature, following the assumption that everything is fine until suddenly it isn’t. If a board is to make compliance a core pillar of their corporate structure then it is essential to ensure that the role of CCO has far-reaching powers so that they have insight into operations across the business. 

A CCO must able to carry out their role whilst freely reporting their findings without fear of retaliation or that their message will fall on deaf ears. 

In a world where fines are growing larger and regulating bodies are becoming increasingly strict with regards to enforcement, the role of CCO takes on a new level of responsibility. It is therefore crucial that the person that takes up the gauntlet is not impeded by barriers within the organization that they’re attempting to safeguard.

Set up a system of checks and balances using committees

Checks and balances create accountability which is essential for long-term success.

Good governance requires people to be held to account, establishing a transparent system that is free from shady practices and dealings. 

If the Board of Directors is responsible for setting the tone within the organization through their decisions then it is important that they use that power to guarantee that there is the right level of oversight and scrutiny to make compliance a leading issue.

One way that they can do that is through the creation of a specialised committee which focuses exclusively on issues of compliance, ethics, and corporate social responsibility. 

This committee should be made up of profiles that have been drawn upon from across the organization as the nature of compliance is that it has a knock-on effect across almost all departments.

The benefit of this cross-departmental approach is that it allows for a deeper level of scrutiny of the goings-on at all levels of the company, shedding light on a wider range of issues.

 The committee should have access to scrutinise not only the Chief Compliance Officer but also other members from the executive level of the organization. This is essential to ensure that ethics and compliance codes are being strictly adhered to. 

Whilst employing a CCO is of great importance. It is crucial that a company views compliance as a shared responsibility. It is something that should become a core element of the DNA of all departments. Effective use of such a committee with extensive powers is crucial in guaranteeing that compliance is at the forefront of the overarching strategy and operations of the organization. 

Create an extensive training program across the organization 

Effective training is the bedrock of building a compliance culture. If your employees don’t have the required knowledge, they won’t be prepared to flag issues.

Companies often talk about ethical culture without ever truly investing the time and effort to ensure that their staff is properly trained on the implications that it can have in their day to day work. 

Employees with a good understanding of compliance and ethics are essentially the eyes of ears of your organization, helping to ensure that regulations and professional standards are being adhered to.  

By having properly trained staff, you can dramatically increase the level of transparency in the day to day operations of your organization, helping to quickly identify issues before they can turn into large scale problems that can pose a threat to the ethical standards of the company as a whole. 

The training should be led by the CCO and be structured in a way that it is not a one-off session for employees but rather an ongoing education that stays up-to-date with current regulatory trends. It is vital that the training schedule is interactive whilst drawing upon case studies to demonstrate how compliance issues can play out in the real world. 

Implementing such training at all levels of the organization is the best way to highlight the importance that compliance plays. Giving your employees the knowledge that they need to recognise and report potential issues is arguably the best strategy available for preventing serious breaches. 

Understand the cultural differences that can affect compliance culture

Cultural differences can affect the approach to compliance which requires your strategy to be adjusted in each region.

For a global corporation, the challenges posed by compliance can be additionally complex when taking into account that the attitudes towards ethics and compliance can be vastly different between the different regions in which they are operating.

In regions such as Scandinavia and North America, awareness of potential compliance and ethics red flags are likely to be far more ingrained than in regions of the world where enforcement of governance and labour laws have not been as strictly enforced.

It can, therefore, be necessary to adjust training programs and structures to help facilitate the growth of a compliance culture amongst staff within distinct regions. 

Further to this, it is important to constantly check that the compliance and ethics reporting structures are being respected and utilised across different regions. It is perfectly feasible that an HR initiative that is aimed at creating greater levels of transparency may be highly effective in one office and a relative flop at another. 

The focus should, therefore, be on continuing to refine processes to ensure that the same message is conveyed across the organization, regardless of where it may operate. 

Eliminate the fear of retaliation. 

A culture of retaliation can cripple compliance at an organization.

The barrier that stands in the way of all of the steps listed above is the fear that reporting an issue will result in some kind of retaliation.

A culture of fear or the realisation that a reported issue is not being taken seriously is fatal to the fostering a compliance culture within an organization. 

Compliance is an issue that has to be led from the top by a Board of Directors that is dedicated to implementing real change even if that means being told uncomfortable truths that may impede upon certain goals and objectives.

There is no use in employing a top CCO if their power will be limited and their advice will go unheeded. Likewise, there is little point in implementing a training programme if employees feel they will be penalized for flagging potential issues that they have learned about through the sessions.

It is, therefore, the responsibility of the board to guarantee that retaliation for reporting has no place within their organization. If they are able to convey such a message through bold leadership decisions, they will to see the beginning of a compliance culture take root within their organization. 

Concluding thoughts

Fines are larger than ever and becoming increasingly common.

Since the 2008 financial crisis, compliance has evolved drastically with regulators taking an increasingly strict stance on those that show a disregard for the rules and regulations that govern the economy. This has led to an increase in the number of companies looking towards technical solutions in an effort to reduce the regulatory burden that is placed upon them.

Regulatory Technology (RegTech) solutions have all too often been associated with a select few sectors such as banking and pharmaceuticals. However, it has become increasingly apparent there are clear benefits to all manner of companies looking towards RegTech as a way to streamline their regulatory and strategic processes.

An example of this can be found in the case of board management software which lightens the administrative load that the board of directors can face as they attempt to navigate through the rough seas of executive leadership. Such a tool should now be seen as vital in attempting to unite and control the steps listed in this article.

A failure to implement the correct steps towards a strong compliance culture (both at a practical as well as a technological level) is no longer just a moral failure, it instead shows a board that is failing to properly safeguard the future of the organization that they are ultimately responsible for. 

Fines are increasing as governments look to pull the brakes on large scale corporate misbehaviour. This is shown by the fact that the average Foreign Corrupt Practices Act (FCPA) penalty in 2017 was more than $66 million, and has increased further in 2018 with this year’s average so far standing at more than $180 million.

The deluge of stories emerging every week about companies being investigated for regulatory violations shows that this is a theme that is here to stay. 

A trend that has always prevailed in markets has been that those who are willing to adapt are the ones that will survive.

The rules of the game are changing rapidly and it now falls to the board to take the correct measures to adjust the course of their organization.