Compliance Culture

By Pattison Boleigha

Introduction

The pace of regulatory change isn’t slowing down. The volume of regulatory changes will grow, especially as new rules go into effect and rollback measures and clarifications are issued for existing requirements. The best defense against this mounting workload and cost is creating a culture that responds to change with swiftness and efficiency. In the U.K conduct rules have been introduced to moderate employee’s behavior. Regulators and the new certification regime seek to encourage individuals in the U.K to take greater responsibility of their actions and the key action taken to impact on culture is to introduce sets of enforceable Conduct Rules.

These rules will form a framework against which regulators will make a judgment about an individual’s action as part of the general supervision of Banks and firms. This will make strengthening risk culture and risk governance become top priority for Board members and Senior Management staff in companies. It would also assist in shaping the culture and standards of firms by promoting positive behaviors that reflect the regulators’ statutory objectives. In Nigeria, we need to follow the same path.

What is Culture?

Culture is a way of life by a group of people.It is a Communal Habit.

Ethics Culture is the extent to which employees at all levels are committed to doing what is right and successfully upholding values and standards. Ethics culture includes ethical leadership (tone at the top); supervisor reinforcement of ethical behaviour; and peer commitment to support one another in doing right.

Culture of Compliance

This is a situation where all officers of the Company (not only the Chief Compliance Officer and his Team Members) have a very clear understanding of the intent of the Rules, Regulations and Principles governing the work they do, able to design innovative business Solutions, Process and Products without contravening any regulatory or internal rule and act consistently in line with the letter and the spirit of the applicable rules and regulations.

Compliance culture is therefore the establishment and maintenance of a company culture that embraces compliance and builds compliance management into the every day work flow. A good compliance culture has the following attributes:

  1. It is established by top management through appropriate policies and procedures
  2. It is characterized by senior management example where management walk the talk and refrain from untoward behaviour.
  3. It is inseparable from the organization structure, processes and management style such that all the activities of the organization revolve around the need to ensure full compliance always.
  4. It is clearly communicated and embedded in activities through trainings and other awareness creation programs.
  5. It is reinforced by a penalty system for non-compliance ensuring that there are consequences for all wrong doing and a generally acceptable disciplinary and corrective processes.
  6. Compliance should be integral to information system and their use and management.
  7. Compliance should also be incorporated in enterprise risk management and captured as part of the organization’s holistic risk profile and risk appetite.
  8. Compliance helps to establish control points for the risk elements.

Compliance and the Corporate Culture

As the regulatory landscape continues to evolve throughout the world, large international companies are faced with an increasingly complicated mix of differing and occasionally inconsistent rules governing their work.

Many businesses have invested heavily in compliance on their own volition or in response to one or more regulatory breaches; however, a large number of global businesses have compliance functions that are still in their infancy.

From his Article: Balancing Legal Compliance & Customer Satisfaction in the Call Center

by Jeffrey A. Kauffman and his proposition on Ladder of Commitment model, heasks the question, between commitment and compliance which do organisations demand from its employees? Do managers need the commitment of employees so long as they complied with the policies and procedures of the company and performed to standard? Let us consider this statement by a manager:

“As long as an employee complies and does what I want, why do I care whether or not he is committed? I don’t need his commitment, I just need his compliance”

Jeffrey concluded that commitment drives compliance because for an employee to comply he has to first be committed to comply by the letter and the spirit. The compliant employee should have a full buy-in and be ready to invent ingenious ways of complying and yet provide customer service irrespective of the conditions he or she finds himself. That is the true compliance which became possible because the employee was committed.

How to Embed a Compliance culture in your Organization

There is no one single way of embedding good compliance culture practices in an organization. All staff (Group office and subsidiaries) should be committed to High standards of integrity and fair dealing in the conduct of business; and should be held accountable for their actions and inactions.The Board and management should invest significantly in the transformation of the Compliance function to be centred on not ‘Only keeping the company out of trouble but also making its processes better’. Organisations should have Compliance Culture statements that will be recited and internalised by all staff during all presentations and organisation pitch sessions. However, the following key requirements should be in place in any effort to embed a compliance culture in any organisation:

  1. clearly articulating and communicating values
  2. tone at the Top: ensuring board oversight and top-down communication of a culture of compliance
  3. cultivating employee commitment to that culture
  4. empowering employees at all levels with the knowledge they need in order to be compliant
  5. understanding and addressing areas of particular risk
  6. setting up supervisory expectations for at-risk activities
  7. putting punitive and corrective measures in place
  8. Having policies and procedures in place

Compliance Comes From Above - The best way to achieve compliance is to make it an unalterable part of your corporate culture. The tone at the top must be clear. Without organizational commitment to compliance, policies and procedures are merely documents.

What Are the Signs of a Strong Compliance Culture?

How strong your compliance culture is, is determined by what is called the Three C’s of Compliance.

  1. Communication: Evident in consistent messages to personnel. Individuals know what is expected of them and provide vertical as well as horizontal communications.
  2. Confirmation: Each position has a defined set of competencies, and performance is measured and rewarded. Monitoring and feedback are characteristics of all automated systems and procedures.
  3. Correction: Because of clear and consistent communication and confirmation, it is immediately known when a process, activity, result, or condition is outside of its acceptable parameters.

Conclusion

It is better to over comply, as non-compliance is ultimately costlier in the long run. “While the costs of compliance are considerable; the cost of non-compliance is significantly more”. A Compliance Culture must be embedded and evidenced as embedded throughout firms. While the ultimate responsibility for compliance program rests with the board of directors, regulators expect compliance officers to ensure strong compliance culture by all companies.Clearly, the regulatory authorities are intolerant of non-compliance and place a greater emphasis on penalties and regulatory actions.There is a need for a more robust data analytics tools to effectively detect red flags for conduct risk and poor compliance cultures in organisations. Financial institutions should have a strong compliance philosophy that is anchored on ‘Right Culture’