Make compliance boring (for once).
My friends used to make fun of the fact that I was a compliance officer.
Some of the less-mean things they said would include suggestions that we were nothing but a bunch of straight-laced wannabe do-gooders hell-bent on introducing unnecessary administrative red-tape and entirely unrealistic procedural demands designed specifically to make doing business virtually impossible — just so we could tick our little boxes and mark ourselves compliant. The insinuation here was that compliance officers didn’t really have anything worthwhile or constructive to do compared to, for example, the business units that were actually generating revenue, and so we simply invented ways to prevent other people from being more productive. The truth, as they saw it, was that compliance folks were bored because compliance, as a profession, was boring. Oh, how wrong they were.
Compliance is exciting. A little too exciting.
If I said that my time as a compliance officer was action-packed, that would be a huge understatement. For me and for many others that I know, compliance was far from boring. If anything, there was always too much to do and not enough time to do it in and to make things just a little more exciting, the stakes were almost always high. On any given day, I would be:
- Advising colleagues on how to achieve the outcomes they wanted while operating within the confines of regulatory or internal standards
- Reviewing and advising on plans to launch new products, services and even business units
- Delivering face-to-face training to new and seasoned employees (and serving as the walking QnA booth)
- Working on and managing investigations of potential breaches on topics that could range from breach of confidentiality, bribery & corruption to conflicts of interest
- Planning for upcoming compliance reviews to be conducted locally and overseas
- Reviewing the implications of regulatory changes and taking steps to implement these while working with other business units
So exciting, it hurts.
As I said, there was a lot going on and I know for almost every compliance professional that I have met since then, this is the norm. Compliance, as a profession, is way too exciting and that is a problem if you’re in the business of risk management. Being able to manage risk well means that you want things to be as safe and predictable as possible. It also means you would prefer to avoid surprises (a.k.a heart attacks) where possible. It becomes exponentially harder to plan for and to mitigate key risks if you are always fighting fires and barely have enough time or energy to ensure your own pants don’t catch fire in the process. The thing is, when it comes to risk management, you actually have to (surprise, surprise) manage it as opposed to being managed by it. This means 1) having great oversight and 2) having the right tools and resources to help you be as efficient as possible.
Unfortunately, most compliance officers (whether they admit it, is a different matter) are struggling to catch up as the risks they are mandated to manage are only growing in complexity and volume while the tools available to them remain unchanged. If you are always playing catch up, it is only a question of when and not if, things will fall through the cracks; and as I mentioned, the stakes in compliance are high, very high. If a compliance officer were to slip up because there is just too much on his plate, the price could be catastrophic. Think fines, reputational damage, investigations, lawyers, remediation plans, business disruption, people getting blamed and…fired. Sadly, I have seen almost all of these things happen. The question is: who’s fault is it if the system is broken?
Make compliance boring (for once)
It is for this reason that compliance needs to be made boring. Compliance as a profession should be as safe and predictable as possible. What does this look like? In short:
- knowing where the key risks for your business lies at any point in time
- proactively tracking key indicators for each of these on an ongoing basis
- being proactively kept up-to-date with key regulatory developments
- having more time to focus on initiatives to improve the overall compliance program (rather than fighting fires)
- front-line employees being well aware of their compliance obligations, the manner in which they should be fulfilled and being empowered to own these without having to rely extensively on the compliance team
If a compliance officer has a boring and a highly predictable job, that can only mean good things for a company. So we say: make compliance boring for once. Heck, maybe we should even change our company’s motto.
P.S.: If you would like to find out what ‘boring’ compliance can look like — let me know by liking this article or sharing your comments!
At RADICALi, we have built MICA, a digital compliance assistant that makes it much easier to comply with regulations so you lower your risk while improving your performance. Connect with us to learn how we can help.
