At a time when all organisations, especially the financial services and banks, are stacking their risk and compliance departments with more staff to address the intensified regulatory compliance approvals, documentation, disclosures and scrutiny, the compliance department continues to be plagued by systemic violations of regulatory compliance because the fundamental cultural issues have gone unaddressed causing severe non-compliance.
Compliance is often terribly mismanaged in organisations that have lost their way from core corporate values. Following the 2008 financial crisis, the shifting regulatory landscape plays a significant role in the corporate change management culture. The chief compliance officer is often on a carousel with changes in the organisation, reporting and management. Therefore, the department usually starts from scratch, reinventing the wheel to implement, execute, monitor and report compliance activities.
Coordinating the Board and Management Responsibility. Prepare a Checklist
- Ensure clear accountability and responsibility for overseeing the compliance economy and identify all components under the compliance umbrella that must be monitored.
- Management or the board must periodically appoint an independent assessment /consulting firm, subject to regulatory nonobjection, to perform a compliance look back when management believes that the scope of the problem is more enormous than the time and resources available to the organisation.
- Many boards of directors, senior management and CxOs are not challenged by the second and third-line defences to go deep into how the business is being run from a compliance perspective
- The compliance department must never be a rubber stamp for what the management or the business wants. For example, if compliance personnel are asked to sign off on compliance activities, policies, and procedures. At the same time, they were still being monitored or drafted. Approving partial or incomplete activities or revisions is a dangerous practice that violates compliance standards.
- Support the CxO to solve systemic risk and compliance problems instead of constantly spinning the wheels.
- Identify the organisation’s compliance cultural deficiencies that result in what the regulator or oversight may find unsafe or unsound compliance practices relating to the compliance risk management program and information technology risk governance program.
- While the organisation is growing exponentially, maintaining a small-business mentality toward compliance should not be ‘approving’ documents merely because business, or worse, contractors say so, especially on a compressed timeline that frustrates our ability to take the necessary time to ensure the records are correct, when complete.
- The organisation’s reporting structure often changes—from reporting into compliance to reporting to the general counsel to registering into the chief risk officer. Without integration between risk and compliance departments, the reporting often loses value. Therefore, it is best to secure to whom the compliance staff and all the business lines report from the start when the compliance program is still in its earliest stages of development.
The missing elements of compliance
- Companies must be assessed independently to identify the key activities and get grades on regulatory compliance. This assessment avoids compliance issues that the department failed to understand due to the rapid development of the regulatory environment as the business grows.
- Management is often creating a development culture in terms of the mentality of trying to provide services and products to help facilitate growth. Therefore, identify the missing key compliance element when the change is being achieved
- Identify the missing element is/was on how vital compliance would be for the organisation to achieve that compliance goal. A great compliance culture in terms of the corporate mentality of trying to provide services and products but at the same time facilitate the compliance security of the organisation
- A shifting compliance culture. The regulatory environment has developed in the aftermath of the added regulations as a catalyst for the transformative corporate culture, which is directly related to risk and compliance but has also trickled into other areas of the business.
- Compliance culture to the military-mentality style of leadership from which it hails, in which leaders are accountable for the failures of their subordinates, as opposed to the teamwork mentality of; We got ourselves into this mess, let’s get ourselves out of it.
Skills and knowledge
- Focus on strengthening the risk and compliance skills and capabilities instead of the compliance department being a regulatory rubber stamp with check-the-box templates and checklists. Encourage the compliance staff to work collaboratively with the business, backed by leadership. The lack of overall regulatory knowledge constraints most companies. Often, compliance activities were not done correctly from the start due to a complete lack of understanding of how different the regulatory environment was compared to all other industries.
- Allow compliance departments to operate with a wide breadth of freedom from regulatory intrusion, self-evaluate their compliance with laws, and ensure knowledge transfer when organisational changes occur.
- Most organisations have a monumental challenge of cleaning up after management that has created or allowed a toxic mess of non-compliance and law violations to linger for years, exhausting the staff to compliance fatigue or burnout. Often the problem had to do with a lack of skills or being significantly understaffed, leaving those in the compliance department stuck picking up the slack.
- Many compliance employees count their tenure in decades. Without bringing more outside people in with the necessary knowledge and expertise in the regulatory space and transplanting managers from other divisions with internal promotions in the regulatory area in the organisation does not create any value for the organisation
- Some organisations have a military-mentality style of compliance leadership. They take direct orders and don’t ask questions that spill into compliance activities, so the compliance department was a rubber stamp for what the business wanted.
- Every quarter or at least annually, uncover all previous compliance violations, with a process of redrafting or updating the internal policies and procedures.
- And finally, conduct the compliance musical chairs exercise that identifies the conflicts of interests at play, the remediation of non-compliance violations, staff qualifications that did not meet the documented corporate minimum criteria, reshuffling within the compliance department at the enterprise level, and update the risk and compliance committee charter the areas that could ultimately lead to the collapse of several compliance and risk activities in the organisation.
To address the corporate compliance issues, join one of our events to get structured guidance.