How to embed compliance into your firm's DNA

Amanda Brief
Marketing Director, Clausematch
July 15, 2021

What is compliance?

For many firms, it's a set of rules to be observed, or a set of risks to be managed. But recent regulatory developments have made it clear that this increasingly business-critical function has much more wide-ranging implications. 

With a growing emphasis on accountability and systems of record, firms can no longer get by with a prescriptive approach. Moving forward, compliance must become an integral part of your firm's culture at every level. 

So what do you need to do to get there?

How do you make a culture of compliance part and parcel of your firm's DNA?

An earthquake in corporate governance

While there's been a flurry of regulatory activity over the past few years, particularly in the wake of the Covid-19 pandemic, regulators' biggest area of focus has been accountability. 

Rules like the UK's Senior Managers and Certification Regime — this has come into force in full on March 31, 2021 — require all staff involved in regulated activities to get certified every year. And senior managers risk personal fines and jail time in cases of wrongdoing. 

More significantly, US and UK regulators now expect compliance programs to be more than 'simply a paper exercise'. Firms must prove their programs are actually effective. 

Needless to say, these are radical changes with far-reaching consequences. 

As our CEO Evgeny Likhoded noted when we hosted a webinar on the future of compliance and policy management, '...compliance needs to be more dynamic...'

Firms can't afford to keep reacting to issues as they arise. They must be proactive and forward-looking. 

And compliance '...can no longer be about having yearly training which people go through and forget immediately the next day." Instead, firms must '...change the behavior of people by nudging or asking them questions around compliance on a regular basis...'.

A golden source of truth is a must

If firms are to be more proactive — and senior managers and frontline staff are to be more switched on — they must rethink how they manage compliance. 

Senior managers need to be able to exercise proper oversight, track policy readership, and regularly test frontline staff's knowledge and understanding. And there must be an audit trail that proves all of this is taking place. 

By the same token, frontline staff can only comply if they're familiar with the policies that are relevant to them and are able to double-check without spending too much effort when they're in doubt. 

The upshot is that there must be greater visibility, greater transparency, and better communication. And this is why a golden source of truth — a complete, accurate, easily accessible repository of policies and procedures — is crucial. 

Managing all your policies and procedures from one place has three benefits. 

Firstly, it makes it easier to track policies, identify which ones need refreshing or replacement, manage updates, and disseminate up-to-date official versions. And it's also easier to weed out duplicates or policies that directly contradict each other.  

Secondly, it makes compliance more straightforward and user-friendly for staff, because it allows them to access what they need quickly and easily and leaves no doubt that the information is accurate and up to date. 

Thirdly, it'll help future-proof your firm. 

As GRC expert Michael Rasmussen notes: '...it’s becoming clear that throwing policies haphazardly on file sharing software doesn’t give you that audit trail and system of record that regulators need.

'Many firms are finding out that they need a singular portal and view… in order to make sure all corporate policies and procedures are organized and consistent.'

More to the point, while we're a long way away from the regulatory environment becoming completely digital, digitalization is happening. 

The US Financial Industry Regulatory Authority, the Australian Securities and Investment Commission, and the UK's Financial Conduct Authority have all been experimenting with using code and artificial intelligence to solve regulatory problems. 

Having a smart, connected, and centralized policy management system in place today means it will be easier for your firm to adapt when machine-readable regulation becomes more commonplace. 

Fostering accountability

Greater visibility, more transparency, and better communication are half the battle. But for compliance to really become embedded into your firm's DNA, it must stop being the compliance team's responsibility and become everyone's responsibility. 

This starts from the top down.

Leaders should conduct themselves appropriately not just because they could get fined or end up in jail, but because their behavior sets the tone. If their behavior is consistently ethical, staff further down the chain will follow suit. And if they see compliance as a hindrance, their negative attitude will spread. 

But high standards of behavior are important across teams too. As the FCA's Director of Supervision — Retail and Authorization Jonathan Davidson put it in a 2016 speech:

'...we know employees are more likely to be influenced by the top trader in their division than they are the board. If they see that colleague as successful despite, or even because of, poor conduct... it makes any positive message from the top around good conduct hard to believe.'

With this in mind, it's critical to have incentives in place that reward good conduct. And this should encompass both intangibles like unspoken behavioral cues and tangibles like remuneration structure or targets. 

As Davidson notes: 'If employees feel under pressure to deliver against tough targets, there’s a risk conduct could slip...'

Encouraging open dialogue

Of course, setting expectations and rewarding good behavior doesn't eliminate the risk of non-compliance. So, the third pillar of a culture of compliance is honesty and openness. 

If a staff member is struggling to get to grips with the finer points of a policy or a specific rule of conduct, they should be able to get support. 

More importantly, staff members should feel comfortable enough to question behavior they think isn't compliant — even if that behavior is their own. 

This type of dialogue reinforces good habits and strengthens compliance. And it creates an environment where issues — whether behavioral, poor processes, or inadequate tools — can be resolved before they spiral out of control. 

Compliance can no longer be afterthought

Back in 2014, the FCA's director of supervision Clive Adamson made the following observation:

'The compliance industry was built around the idea that everything will be OK if firms comply with a set of rules... the challenge is how to move that industry to a different place, which is about looking at outcomes...'

It's safe to say that this shift is finally happening. 

In 2021 and beyond, a tick-box approach won't cut it. Compliance must be part of every staff member's day-to-day activities. 

Senior management needs to lead by example, there has to be better, more open lines of communication in place, and good behavior must be incentivized and rewarded.

But, most importantly, there's no longer any place for poor policy management. 

A smart, connected, centralized repository for all your policy documents will increase transparency, help your organization be more responsive to change, and, ultimately, help you tackle the seismic changes that are on the horizon. 

Want to learn more about how compliance is evolving and tech's role in helping you embed it into your firm's culture at every level?

Read our FREE eBook, Smart, Connected Documents are the Future of Compliance, to learn more.