“Compliance.” “Ethics.” “Audit.” These three little words have different meanings and elicit varying reactions from company to company. In some organizations, “compliance” carries negative connotations, “ethics” brings to mind boring presentations and hearing “audit” instills fear. But in other firms, these words, and the critical functions they represent in the company, are so woven into the fabric of the organization that they carry no more fear or angst than hearing “IT” or “operations.”
And those meanings and reactions (even the negative ones) are generally quite different today than they were 15 to 20 years ago, even in the same organizations. As the regulatory and legislative landscape has changed over the years, more and more organizations have come to embrace the compliance, ethics and audit functions rather than treating those functions as painful and unwelcome requirements. That is to say, rather than treating those responsibilities as necessary evils, organizations are choosing to embrace them as welcome allies.
That is a powerful shift. For years, there has been talk about the need for organizations to adopt and foster a culture of compliance and to create a tone from the highest levels of the company about the need to not only follow the letter of the law, but to live and promote the spirit of the law.
A culture of compliance can be defined as encouraging employees to always do what’s right, whether or not anyone is looking. When employees at any level of an organization understand what’s expected of them, believe that firm leaders embody those same principles and know that doing the right thing is the only acceptable way to handle day-to-day responsibilities or situational issues, it can lead to all kinds of positive results:
Everyone wins when companies successfully create, live and breathe compliance and ethics.
Knowing that compliance is important, helpful and needed is one thing; actually making it so commonplace that it’s not even given a second thought is a separate challenge and, frankly, it’s one that some organizations have done really well at while others still struggle.
There are things every one of us does every day that we are required to do by law, but we aren’t thinking about the law when we do them; the element of compliance with the law probably doesn’t even come to mind because the actions are so ingrained in our lives.
Take wearing seat belts as an example. I am old enough to remember driving before seat belts were required, and I remember the challenge initially of having to remember to put my seat belt on in the car. Complying seemed frustrating and constraining. Fast forward more than 20 years later: I put my seat belt on automatically when I get in the car. I don’t do it with any conscious thought about the law behind it; I don’t grumble and complain about how much easier driving was before seat belt use was mandated; I don’t not put on my seat belt if nobody is looking. It’s just something I do now automatically when I get in the car, and I’m betting most people would echo that.
Is comparing seat belt laws to compliance laws and regulations a bit of an oversimplification? Maybe. But, the principles of compliance and ethics for businesses need to be approached the same way. Companies that have been very successful in implementing a compliance culture and a compliant tone from the top have gotten to the point where following policies is just something everybody does at work, every day, without even having to think about the laws or rules behind those policies and procedures. Their employees do what’s expected and what’s right, even when nobody is looking.
If you’re starting with a brand new organization, you have a clean slate (or a clean mixing bowl, if you will) and can start fresh with policies and procedures in which compliance is just an integral part.
Existing firms likely have some corporate governance, compliance, risk and audit functions in place already, so the threshold challenge is assessing what’s already in place and determining its adequacy or shortcomings.
Here’s the shortlist of ingredients needed to bake compliance, ethics and audit into the corporate pie:
When these departments are stretched too thinly, even firms with the best of intentions can end up in hot water because something was missed or overlooked. Adding more personnel and allocating more dollars to compliance is not a guarantee that the organization will never face litigation or regulatory action, of course, but it provides some added insurance. Appropriate staffing for compliance, audit and corporate governance also makes it clear to regulators, the public and the rest of the organization that the company values and expects employees to do things the right way, every time.
The sea change in corporate regulation for every industry has pushed compliance and corporate governance more to the forefront, which ultimately benefits everyone.
To remain successful and compliant, organizations must “bake” compliance, ethics and audit right into the corporate “pie,” making those functions part of every aspect of the business. By adding the right resources, making compliance part of the everyday lexicon and making the act of complying easier on employees, companies that are not already there will get to a place where employees don’t make a conscious distinction between something they do because it’s required by law and something they do because it’s the right thing.
Sign up for our free weekly e-newsletter for more GRC articles, job postings, GRC events, white papers & more…..click here
Cindy Cook DeRuyter writes for Integrify and spent more than 19 years in financial compliance and operations roles for firms including RSM Wealth Management, Nuveen Investments and US Bancorp Asset Management.