Large, global companies have plenty of language barriers to consider. The need for better communication isn't just for foreign tongues, though, it is also bridging the communication gaps that divide business functions that companies need to consider.
The all-too-common isolation between IT, compliance, and business units can be problematic, especially when new regulations or a compliance mandate looms. During a panel discussion at last week's Compliance Week Europe conference in Brussels, business leaders looked at how compliance executives can unify all three entities early, often, and effectively.
“There is this partitioning about how we address compliance within a firm, and also outside a firm,” said Chris Pickles, head of industry initiatives, global banking, and financial markets for telecom giant BT. “But sharing information and knowledge is critical. Working together is key.”
Pickles equated going on the road to evangelize compliance to being a scout in a Wild West movie. “It is always good if the scout gets back without the arrows in his back,” he joked. “Like a scout, I can serve as an interpreter. I speak a bit of their language and they can speak to me and feel like I might actually understand what they are talking about. I can talk to my troops as well and explain what they are saying. It is very much an interpretive role.”
The goal, he said, is to use compliance for a competitive edge. The notion that doing things the right way ultimately benefits customers and the business is a starting point for bringing multiple parties to the table. Doing so, can change thinking about compliance, which is typically viewed by many as a cost center and as a barrier to getting things done.
“My job is looking at what's changing in the industry and trying to understand it,” Pickles said. “I describe it as the one-eyed man in the land of the blind. I can't know everything. I can't know all the regulations in the world, but I need enough to know what's dangerous for our customers and us and interpreting what can we do.”
Pickles emphasizes compliance's role in interpreting regulations for business units or an IT department that is also working on a compliance solution. He points out that many within these departments may be aware of regulations, but don't comprehensively read, analyze, or understand them.
Above, Chris Pickles, head of industry initiatives, global banking & financial markets at BT, shares his thoughts with the audience.
When separate business units, on their own and in isolation, do take the time to really consider the effects of new regulations, the effort is just as unproductive. “Everybody takes it into their corner to look at it,” Pickles says. “It's a bit like a cat and a mouse. I'm going to take it over here, play with it, and see what happens if I poke it. But it is my mouse. Nobody else can play with my mouse.”
That's what happens within the firm, he says. “Each different business unit will take its bit of the problem away to look at it and no one ever actually comes together to bring all those problems together,” he says.
Breaking a Vicious Cycle
Compliance managers like to understand every aspect of what a regulation does, Pickles further explained. They don't like to go and talk to anybody until they have all the answers. “When somebody asks a question, they know they are going to be expected to know the answer,” he said. “Meanwhile, the IT department thinks that there can't be a problem, or otherwise compliance would be telling me. Business doesn't know there is a problem because they never read the regulation in the first place. They may have heard something in the press, but oh, ‘regulation is boring.' So, they will wait until compliance tells them.”
Pictured above: Patrick Ambrose, solicitor, group legal services at the Bank of Ireland.
That vicious circle is one that must be broken, Pickles said. Otherwise, coping strategies cannot be developed, needed budgets will not align with objectives, and necessary services from vendors will be delayed.
There should also be board-level support for efforts to look across functions, said Patrick Ambrose, solicitor, group legal services, for Bank of Ireland. “Having board level support to go in there with a mandate is critical,” Ambrose said. As compliance personnel reach out to business units they need to establish ground rules. “They need to know what's on the table and off the table,”
He suggests forming a Common Risk Analysis Committee to formalize these working relationships and set objectives for what the parties at the table can coordinate. Clearly define the risk framework under discussion, “so that everyone is talking about the same things to begin with.”
COORDINATING COMPLIANCE, IT & BUSINESS UNITS
Below is an excerpt from the CW Europe presentation of Patrick Ambrose, author of “The Inside Job: Working as an In-House Lawyer.”
Coordinated Compliance
Board-level support
Set the principles and ground rules
Identify the key personnel
Understand existing governance, risk and
control environment
—Financial services vs. non-financial services
—Complexity of entity
—Maturity of risk and control functions
Common Risk Analysis Committee
Objectives
Agree on approach
Independence and objectivity
Align approach to risk across the organisation
Information sharing across risk-management
Functions
Complex Organisations
Opportunities to integrate, link business
units and make operational changes
Scoping
Set principles
Baseline vs. in-depth analysis
Pilot programs
Ongoing self assessment
Improve coordination:
Define roles
Regular cross-functional forums
Key person for each major business unit
Agree approach to eliminate duplication
Training and communication to reinforce
responsibilities
Source: Patrick Ambrose CW Europe presentation.
“What you are talking about may not be what they are talking about, so getting everyone speaking the same language is a very important starting point,” he said. “Respect the independence and objectivity of each of those functions. They have their own interests and their own things they are trying to achieve, and it is important to recognize that.”
The typical reaction to new regulation, from compliance and legal, is to seek ways to push it off. “By slowing it down we may get time to react and hopefully the law never goes through in the first place,” Pickles says. “But most companies become successful by embracing change. Your customers also need to change and you have the opportunity to sell them something again.” Involving other business units in the regulatory discussion can tap their expertise to find those otherwise hidden opportunities.
“By getting business units onboard and having their understanding of a regulation as it evolves, you will not have a case where you are going to them with this thing on your doorstep and saying, ‘Here it is; change now.' They have buy-in and the opportunity to get their heads around it,” Ambrose said. “Getting them involved early gives them time to reflect on how this will impact the customer.”
What to do, however, when a business unit won't play ball and compliance has to flex its muscles? Ambrose said an important factor for success is having board support for the compliance outreach. “Ultimately, if somebody says they are not doing it, then obviously you have board approval that says this is happening anyway. The nicer way to do it is to say well, this is happening; you aren't going to stop it, but you can change the way we do it. You can make it better.”
“It takes longer to do it that way, but it gets a better result,” Pickles says. “Once people know what you are aiming for and have a chance to shape the solution, they are more likely to be engaged.”
No comments yet