Is compliance empowered to change company culture?


The International Compliance Association (ICA) is a professional membership and awarding body. ICA is the leading global provider of professional, certificated qualifications in anti-money laundering; governance, risk, and compliance; and financial crime prevention. ICA members are recognized globally for their commitment to best compliance practice and an enhanced professional reputation. To find out more, visit the ICA website.

It might seem peculiar to pose this question. After all, compliance teams were developed to ensure adequate controls were not only in place but remained there—to provide assurances and a stable foundation from which the business could proceed. In other words, compliance was designed to maintain the status quo.

These are not the obvious characteristics of those seeking change. Guardians of policy and process, yes, but less so people and culture.

Let’s think historically to find answers for the future.

Industrialization led to large organizations being built around departments: production, HR, finance, etc. Information flowed from the board down through hierarchical structures in a “command and control” fashion, with the feedback loop of reporting back up to the executive. Departments tended to operate in functional silos, and risk was perceived as a cost to be avoided.

So, the perceived value of compliance with laws and other standards was the “license to operate” and little more.

For a compliance team renowned for inspections, audits, and gatekeeping policy requirements, where would their impetus to change culture derive from, even if they could?

The growth of culture

Extensive literature has been produced on culture at an organization level in an effort to understand it—its components, how it is formed, how one compares with another, etc. It takes time for culture to form, whether it be through folklore, word of mouth, the stories people tell, the signs and symbols, the nature of work undertaken, the demographics of employees, and more. It’s shaped by the real values of the business that are lived, tolerated, and rewarded rather than the values espoused on posters.

In recent years, greater emphasis has been placed on how to influence or even change culture within businesses. For example, a compliance culture exists so that everyone follows the rules on financial regulations and reporting. In the health and safety arena, a safety culture is required to help reduce accidents or a speak-up culture for human performance to build trust and engagement. In catering and hospitality, a food safety culture must be cultivated to ensure customers do not suffer from food poisoning or in relation to food allergens. Further, a safeguarding culture is necessary to prevent abuse, for example, to children in sports associations, schools, and other institutions.

While the growth of these protective cultures is admirable, they are likely to be based upon professional and technical criteria or as result of a serious, catastrophic event. Seeking to align the whole culture with the strategic aims of the organization is less prominent. The logical consequence is a queue at the door of the boardroom and competition for airtime.

Previously, we explored how the world is quickly changing and digitizing and why there is a real struggle for compliance in keeping up with this frenetic pace. If a compliance team could change culture, what would it take to make this a reality? How would the team need to think, act, and communicate differently to change the culture in the organization as a whole? What is the motivation, the timeframe, or the resource commitment? To what would they change the culture? If they could, why aren’t they doing so already? Who are their stakeholders and how would they be managed? And who is the ultimate sponsor?

These questions are estuaries to the bigger question of whether a business can stay the same and continue to be successful while the world is changing around it. The evolving retail landscape of recent years demonstrates the perils of remaining static in a dynamic operating environment—book shops, video rental chains, and department stores losing ground to e-commerce and social media. Change is fundamentally required, specifically in the ability to manage and thrive in areas of flux.

What compliance can do

Compliance teams might recognize opportunities for change. To do so, they need to adapt readily in both purpose and approach.

Both the disciplines and functional departments of compliance have often been described as policing activity, acting as enforcers and constraining business. A reframing of this concept is required, and the reality needs to be the visible transition from defensive end-of-product testing of inspections and audits to collaborating proactively as part of integrated risk management. Rather than separate entities within the business, compliance needs to be seen as a key enabler, understanding the aspirations of cross-functional teams and simplifying concepts and principles to help them through tailored communication with internal audiences.

Compliance teams need to think and act more holistically, strategically, and embrace innovation—to “design in” rather than “bolt on.” It’s vital they play their part in unlocking synergy and adopt a mindset that values reflection. There will always be laws, policies, and process requirements; governance needs to be more agile, adaptable, and resilient to form the basis for transformation of the business.

The focus needs to shift to people; innovation; and technology, even within high-risk and heavily regulated sectors. This approach will facilitate fresh thinking and greater diversity and will make compliance more attractive to wider demographics. As part of a C-suite sponsored change program, involving HR, communications, operations, IT, and other stakeholders, compliance can help to equip the business to learn for the future.

A soccer analogy might be useful here. Compliance teams used to help a business avoid conceding goals, settling for 0-0. We now require a more agile team formation that can anticipate threats more intuitively and help the business score more goals (1-0 wins). Such a style will help confidence grow within the business, enhancing reputation and promoting the brand.

The International Compliance Association is a sister company to Compliance Week. Both organizations are under the umbrella of Wilmington plc.

Jonathan Dempsey, MBA, is the director of Red Laces, a management consultancy unraveling the mystery and requirements of risk, safety, and compliance to empower business leaders toward success. Jonathan is a member of the ICA Panel, a body of leading industry thought leaders and subject matter experts who work in partnership with the ICA to support the compliance community.