The misnomer of compliance

So, this thing we call ‘compliance’; let me put something out there...despite my work, despite my job title, despite my best intentions and continued efforts

I struggle to identify it,

I struggle to measure it,

I struggle to actually do it at all.

After much debating with colleagues and peers, churning over and vexing over the years, I am clear in my mind, or at least as clear as I can be now...today... this thing we call ’compliance’, it doesn’t exist in the guise we commonly understand or at least in the manner we often refer to it.

We can’t do it, I can’t do it, in fact, no-one can ‘do’ compliance. If we do try, we will fail, every time.

No longer do I come into the office, open up my laptop and get on with compliance. My instructions to my colleagues, my peers, the members of all of the Boards of Directors with which I work, “please, do not try and do compliance.”

If this is true and we can’t do it, why do we spend so much of our day desperately trying, why do we have whole departments and business functions that seem to focus on this work? Why, when I search my local recruitment agency are over 30% of the jobs advertised seeking compliance specialists?

Well, ‘compliance’ is not something to be done, it’s an outcome, a consequence, a product...simply a result. A result of doing two principal things well, really well, risk management and governance.

Let me explain.

In all the regulated industries, which I have worked, financial services, education, immigration, health and fitness and most recently, online gambling, these businesses have been required to comply with a catalogue of regulatory obligations. Sensibly, perhaps, they have all asked the questions of themselves, “Are we compliant? Do we comply?”.

The trouble is these are not questions with an answer, no organisation can, at least not a definitive ‘yes, we comply’. I guess this is to be expected, because a better and more easily answered question is, “how well are we mitigating our compliance risks?”. Or perhaps, “how valid, how reliable is our information and how good, how effective, how ethical is our decision making?”.

Both these questions address the key activities that in my view produce ‘compliance’; risk management and governance.

Don’t get me wrong, there are other important contributors here, ethics, integrity, social responsibility...doing the right thing, not just that which is ‘compliant’!

This said, to me, these feed into either or both of the above, or are importantly a measure of us personally, as individuals, as contributors.

Careful risk management may not lead an organisation to make ethical decisions, a clear governance framework will not de facto support our integrity. However, regulatory compliance in its widest definition can be achieved by implementing an effective risk management programme and enveloping this within a robust governance framework.

Compliance, this important, critical and precious thing close to my heart, needs understanding, needs promotion and elevation to equal status with all of the other potential outcomes we get from managing risks and governance. Things such as increasing revenue, improved sustainability, operational stability, customer loyalty and innovation.

Compliance is just one of many positive and dynamic outcomes from managing our risks well and framing this in a clear and robust operating governance framework.

Let’s continue to bring ‘compliance’ to the highest levels within our organisations, and let’s ensure that our Boards, our peers, our colleagues develop their understanding so ‘compliance’ becomes an equally sought after outcome that is seen as not only compatible but synonymous with a growing, stable and innovative business.

Thank you