No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Compliance

6 Steps to Build a Change-Ready Compliance Program

A practical guide to establishing adaptive compliance systems that evolve with regulations

by Robert Tull
December 10, 2024
in Compliance
giraffe becoming elephant change concept

Regulatory change is a constant challenge, but it doesn’t have to be a source of anxiety. Robert Tull, compliance leader and consultant, shares a practical framework for transforming your compliance program into an adaptable, opportunity-driven operation.

Change is a constant for compliance professionals. Once we believe that things are close to feeling settled, cosmic humor dictates an entirely new regulatory or industry development is about to streak into our world. As effective compliance professionals with effective compliance programs, we have the resolve to continuously navigate and adapt to changes.

If we want more grace and ease in adapting to changes, we can resist interpreting change as a source of ever-expanding anxiety and responsibility and view change as the opportunity for growth that it is. Change provides opportunities to embed new efficiencies and to further foster meaningful partnerships. It creates targets of opportunity for compliance to demonstrate its value-add function. 

Change is good; it stimulates growth. Regulatory and industry changes invite opportunities for compliance programs to adapt into more efficient and effective workflows and structures. To maximize our value in the change management process, we can implement six important steps to adapting to change.

Step 1: Change identification

The first step in change management is identifying and navigating the stream of changes. We must have a sense of the winds of change, watching for movements of new regulatory developments, such as new rules, enforcement, risk alerts, FAQs and speeches or statements. Our antennae should be pointed toward industry and regulatory groups and publications, as well as other channels. As we see developments forming, use it as an opportunity to reflect on previously identified deficiencies, gaps or exceptions in our program. Change could impact the present as well as the future. While reflecting, also consider internal sources of changes, such as changes to or the expansions of products, services, clients, investments, markets, affiliates, systems, vendors, owners and personnel.

Staying informed means having communication and awareness systems in place within the organization to funnel and direct information to us, and to promote our desire — our curiosity — for information about potentially incoming changes. By maintaining collaborative internal relationships, we can stay informed about current and potential future developments in the business and industry. Having recurring touch points with client-facing, marketing, business and operational teams, will nurture our communication channels. This energy should be fueled with curiosity and care. Compliance requires continuous learning, and it helps to have a thirst for information. 

Step 2: Impact analysis

Once we identify a regulatory or business change, the question then becomes: What does this mean for us? 

Each change affects an organization differently, whether product offerings, system functionality or even the way teams collaborate. After identifying the change, we need to analyze the effect. We translate our technical understanding of the change into reality of our organization and personnel. We peel back the layers of the change and trace it to assess how it might manifest in each part of the organization — products, services, systems, processes and teams. This analysis requires the affected parts of the organization to have a voice in how the change will be digested within the organization.  

This analysis begins from a place of unknowing and might still result in some degree of unknowing. Even with seemingly thorough and comprehensive analysis, we must recognize and acknowledge that it’s unlikely that we will have all the answers. Answers will be revealed through the next steps. An overriding commitment to clarity and continuously assessing the broader impact will be illuminated. 

arrows in target
Compliance

What Compliance Metrics Are Important for Reporting to Management?

by Giovanni Gallo
October 22, 2024

From board to regulators, many stakeholders want insight into compliance metrics

Read moreDetails

Step 3: Sponsorship & partnership

Once we understand the effects of the change, we enter into the relational part of the process: engaging sponsors and partners. Getting buy-in from management is crucial, but it isn’t always a given, particularly where change comes with a price tag. In large part, it depends on how well we distill the scope and impact of the change down to its critical components and the precise “ask” of management to support and sponsor the change. This process of securing buy-in requires a genuine relationship founded on trust and communication, where the compliance professional understands the concerns and priorities of stakeholders and can present a change management project that honors awareness and agreement with those priorities. 

Finding and converting the appropriate sponsors and partners in the change management process is an opportunity to build new relationships and strengthen existing ones. More importantly, it’s essential to be successful and make the endeavor as less painful as possible for all affected. However, securing commitment as a sponsor or partner does not imply consensus, nor does it require it. Differing perspectives and opinions on the path forward in response to change is not a barrier; it’s an opportunity to create and arrive at an optimal solution. A mature change management process provides an environment where harmonizing differences is seen as accretive and supporting the long-term success of the compliance program. 

Step 4: Planning & execution

Once we have executive sponsorship and buy-in from the critical business partners, we are able to shift into planning and execution. The focus of this step is understanding dependencies, setting timelines and creating clear action items and milestones, transitioning into project management.

Our internal partnerships will help us understand the dependencies and limitations of systems, processes and personnel affected by the change. This collaboration is essential and valuable, as it enhances our assessment of and proposed response to the change. These dependencies and limitations provide the path and guardrails for the change management project plan. The planning process establishes required deadlines and timelines, as well as critical path action items, milestones and decision points. Additionally, with an eye toward a later step in this process, the change management project plan should identify areas where the organization can monitor the implementation of the action items.

Each aspect of the change management project plan should clearly designate the individual accountable for execution. Practically speaking, if compliance personnel cannot execute — or compel those under their supervision to execute — an action item, then compliance personnel should be designated as being accountable for that task. Lastly, there should be a process for reporting to the executive sponsor on progress and implementation. When determining the information worthy of reporting, consider the relevant priorities for the executive sponsor and how the project is addressing those priorities and reducing the risks stemming from the change.

Step 5: Communication & reporting

Clear and consistent communication throughout the change management process will define whether the project will stumble or shine. 

Any successful project requires ongoing dialogue, both within teams and across the organization. A common mistake when compliance professionals initiate a project is to assume that the initial communication at the outset was sufficient to provide all the necessary information. It serves all parties best when communication reinforces the salient aspects of the project, clarifies areas of ambiguity and to acknowledge progress. Periodic and organic reporting can flag previously unidentified dependencies and limitations, as well as reinforcing why these changes matter and how they affect the business. This stage of the change management process is an opportunity to provide training, explain expectations and reaffirm a shared understanding of the regulatory landscape that the business is navigating.

A lesson from implementing various regulatory and business changes over the years is for compliance to maintain records of key decisions in the change response process and the rationale behind them. These records prove to be invaluable when revisiting the justification of decisions (particularly when scrutinized by regulators) and when we need to look back and evaluate what worked and what didn’t in the change management process.

Step 6: Monitoring & evaluation

Once we implement the revisions to the operational processes and the compliance program for the regulatory or business changes, it’s tempting to consider the process complete; however, it’s not. As with any change, we cannot simply set it and forget it; we need to assess whether the change is adequately embedded. Sufficient change management requires monitoring and evaluating how the change is absorbed into the organization and that all aspects of the change are implemented as intended. 

Part of the change management project plan should consider what and how the organization will monitor to measure implementation and ensure that previously identified and unidentified risks remain within the organization’s risk appetite. This phase requires candor and a willingness to admit when something isn’t working as conceived. Where did we identify potential potholes and pitfalls? In the planning process, it benefits us to identify the areas where monitoring and testing will provide insight into the effectiveness of the changes. It’s tempting to close the project as soon as the final action item is completed, but real compliance value is found in revisiting and refining processes over time. Continuous improvement is one of the hallmarks of an effective compliance program as lessons learned are transformed into better policies and procedures. Lastly, the monitoring should also inform the executive sponsor on the effect of the change management implementation. Compliance professionals must have the confidence to take ownership for the outcome of change management projects.

Lessons learned: Growth through change

In reflecting on decades of experiences with regulatory change management, a few lessons stand out:

  1. Accept uncertainty: We won’t always have all the answers at the beginning, and that’s OK. What matters is the ability to adapt and keep moving forward.
  2. Foster relationships: Compliance doesn’t happen in a vacuum. Building strong relationships across departments is key to managing change effectively.
  3. Accountability and ownership matter: Clarity in roles and responsibilities can make or break a change management project plan.
  4. Continuous learning is key: Monitoring and revisiting our processes is where effectiveness is built.

In the end, change management is an ongoing process that requires technical expertise, collaboration, adaptability, and emotional intelligence. Every regulatory and business change is an opportunity for the compliance program to demonstrate its value in the organization, and that requires both courage and commitment.


Tags: Corporate Culture
Previous Post

Recalibrating Cross-Border Corruption Risk Controls

Next Post

Don’t Let Regulators Catch You Off-Guard

Robert Tull

Robert Tull

Robert Tull, CPA, CFE, CCEP, CSCP, FRM, is managing director and founder of of Effective Compliance, a compliance consulting, coaching and training firm. Rob has 25 years of comprehensive experience in compliance, including roles as a global CCO, regulator, consultant, educator, certification adviser and thought leader. Rob was the chief compliance officer and chief risk officer for a global investment management firm and the CCO for an exchange-traded closed-end investment fund. He earned a finance degree from Villanova University and a master's in business law and compliance from Loyola University of Chicago School of Law.

Related Posts

layoffs woman with carton of items

Beyond Fair WARNing: Regulatory & Reputational Pitfalls of Workforce Reduction

by Nancy Mann Jackson
June 11, 2025

Nearly 700,000 workers have lost jobs this year as companies respond to economic uncertainty, but employment law experts warn that...

elephant vs donkey

MAGA Hats and Pronoun Disputes Test Workplace Speech Boundaries

by Gorev Ahuja
June 10, 2025

Private employers can regulate political expression more freely, but public agencies must navigate a 3-part constitutional test that weighs speech...

doj exterior sign

How to Use the DOJ’s ECCP to Build (or Fix) Your Compliance Program

by Susan Divers
June 5, 2025

Corporate compliance programs face increasing scrutiny as the DOJ applies its evaluation framework across industries and company sizes, from multinational...

Ethisphere 2025 E&C Program Trends & Employee Perceptions

2025 E&C Program Trends & Employee Perceptions

by Corporate Compliance Insights
May 27, 2025

Are ethics and compliance programs keeping pace with risk? Annual report E&C Program Trends & Employee Perceptions What’s in this...

Next Post
plastic punching toy

Don't Let Regulators Catch You Off-Guard

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights