Compliance ... how difficult is it?
What is Compliance?
Many organisations and their staff misunderstand the fabric of compliance. Most people can describe it, and explain its need, however, the common perception is that it can be injected into an existing structure like it is some new gadget or networking process.
Compliance is more of an ethos than a process. It cannot stand alone in an organisation, but instead, must attach itself to the systems and processes that currently exist. It helps to guide processes and measure outcomes.
Like a parasite, a compliance system needs something to cling to. In an organisation, it is dependent on four things:
the organisation’s systems and processes
the structure & hierarchy
the communication processes
Compliance will only work if it is fully supported. To flow freely throughout the organisation and to ensure success, the organisation must be conducive to a compliance system. An ideal organisation will have the following in place:
Culture: a positive attitude amongst staff with a ‘can do’ disposition that supports innovation and change, confronts problems openly and embraces quality outcomes
Communication: open, transparent and unhindered flow of information, dialogue and ideas
Structure & Hierarchy: flat ‘organic’ structure that enables everyone to communicate with each other, inter-department collusion to implement improvements, hands-on management with high Emotional Intelligence, and a fully inclusive approach to involving all staff
Systems & processes: compliance relies on things being done in a particular way to ensure a guaranteed outcome. Systems must be firmly implemented, but updated as improvements are identified
Is your organisation ready for a compliance system?
The greatest mistake with implementing a compliance system is to dump it on the organisation without determining if the organisation is ready or adaptive to it. The easiest way to judge an organisation’s readiness is to implement an ad hoc change. This will ‘rattle the cage’ and will normally identify some of the immediate threats to the success of the compliance system. Things to look for are:
Culture: negativity towards the change, arguments and excuses for not implementing the change, complaints to management, attacks on the compliance team, ‘point-scoring’ such as ‘proving the change isn’t working’, redefining the change goal to a higher or lower level, or simply ignoring the change. Monitor the attitude of management. Do they support negativity and complaints from staff or do they support the change? Are they threatened by the change and react negatively? Do they close-ranks with the staff against the change (often with passive aggression)? Do they play ‘one-upmanship’ with the compliance team? Do they ‘pull-rank’ on the compliance team?
Communication: Are some people deliberately left off the communications? Are meetings generally ‘closed-door’? Are positive ideas and feedback encourage? How is negative feedback handled? Is there free discussion and support across departments?
Structure & hierarchy: is there a flat or bureaucratic structure? Do managers tightly control information and decision making? Do managers work closely with their team or are they an ‘absent manager’? Are managers always ‘busy’ (may be a sign of inefficiency and/or ineffectiveness)? Are job titles really ‘ego symbols’ rather than descriptions of the position? Do staff understand the roles of their colleagues and how each dovetails to produce the organisation’s goals?
Systems & processes: Are processes in place and adaptable? Do staff regularly seek and voice better ways of doing things?
Who should be your Compliance Manager?
The best person to take charge of the compliance system is the business owner or CEO.
If that is not possible, then the compliance team should work alongside the CEO or senior operations manager(s), on an equal level.
The most important knowledge the CEO of an organisation must have is financial management. If the organisation is in a regulated industry, then the CEO also must have intimate knowledge of the regulations and the compliance that surrounds the regulations. They need this knowledge to ensure that the systems, culture, structure and communications they introduce are designed to support the compliance system that guarantees adherence to the regulations. Of course there is a lot of specific knowledge that a CEO must have to operate an organisation, however, financial management, and compliance if in a regulated industry, are at the top of the list. It should not be hand-balled to a third party.
The CEO might have a ‘direct report’ compliance team to help them to roll-out and monitor the compliance system. The most frequent and disastrous mistake that many CEOs make is to delegate the compliance responsibility to someone who has no authority over the organisation. There should be no need to describe the ‘politics’ and dysfunctional manoeuvring that occurs in organisations that make this mistake.
The first step to the roll out, or maintenance to a compliance system is to undertake a health check of the organisations four areas described in my previous post (being the organisation’s systems and processes, the culture, the structure & hierarchy, and the communication processes)
Once the organisation is functioning well, rolling out the compliance system is easy. It may require adjusting a few systems. It will require lots of open and transparent communication. A focused, productive, and positive workforce will adopt new processes and reporting systems with ease.
Compliance is about achieving outcomes through processes. The outcomes are generally fixed but the processes should be fluid; adaptable to the idiosyncrasies of the organisation and easily supported by staff.