If you want to minimise compliance risk, educating and empowering your staff is your first line of defence.
When employees understand their roles and responsibilities and conduct themselves appropriately, they're more productive and effective. And they can identify and neutralise potential problems before they escalate.
The challenge is that, unlike leaders and compliance teams, frontline staff don't live and breathe compliance. In fact, most of them may feel your policies and procedures are complicated, confusing, or inaccessible.
So what can you do to make compliance easier and more engaging for them?
It goes without saying. But for employees to stay compliant, they need to be able to find the right policy at the right time. And if your policies and procedures are buried in spreadsheets and siloed documents, that's going to be an uphill struggle.
A piecemeal approach to policy management discourages compliance. Who's going to spend hours trying to find the relevant policy, when they're up to their neck in other work?
But even when locating the right policy isn't too time-consuming, there's no guarantee it's the latest version. And if it's outdated or obsolete, it will cause confusion and, possibly, non-compliance, instead of resolving the issue.
Of course, Covid-19 has made a difficult situation worse. With most people working from home, staff can no longer ask a colleague or visit another department to track down what they need. Nor can the compliance team call everyone to a meeting room to update them about the latest changes to a policy.
For these reasons, having a single, centralised policy portal has never been more crucial.
Being able to access all your latest approved policies and procedures from one location saves time and eliminates versioning difficulties.
More importantly, it's quicker and easier to draft, approve, and disseminate updates, and for staff to check what's expected of them, whether they're working from the office or at their kitchen table.
Streaming giant Netflix's expense policy is famously short and sweet: "Act in Netflix's best interest."
In regulated environments, five-word policies are unlikely to gain approval from many quarters. But that doesn't mean policies and procedures should be needlessly long and complicated.
Studies have found that even subject-matter experts prefer simple language and bite-sized information. This makes it easier for them to scan documents and home in on what they need.
With this in mind, it's good practice to use simple, concise language as much as possible and to tailor the tone and style to your intended audience. When you speak your reader's language, they'll be much more likely to get invested in and respond positively to what you're trying to get across.
Compliance entails more than following procedures and ticking boxes. Increasingly, it's about culture.
Regulators across the world are placing ever more emphasis on the need to prove the effectiveness of compliance programmes. US Department of Justice guidance, for instance, says that the question of whether a compliance programme works in practice is "fundamental." Similarly, the UK's Serious Fraud Office has said that:
"A key feature of any compliance programme is that it needs to be effective and not simply a 'paper exercise'. A compliance programme must work for each specific organisation, and organisations need to determine what is appropriate for the field in which it operates. It is critical that the compliance programme is proportionate, risk-based and regularly reviewed."
Needless to say, as important as it is to have proper oversight and control, compliance must also be cultivated from the top down to truly become embedded into an organisation.
Leadership style has a huge influence on employees' attitudes and behaviour. And the way leaders conduct themselves on a day-to-day basis inevitably shapes how the rest of the staff view compliance.
If leadership by example sets the tone, it's only one piece of the puzzle. Just as important, employees should feel that they work in an environment where they can ask questions and speak up when needed.
This could be as simple as being able to get support if they find a policy — or a particular aspect of it — difficult to understand.
But staff should also feel comfortable sounding the alarm. And this includes being able to say that they themselves don't think they're compliant, for example because the tools they have at their disposal don't make this possible.
An OECD report on compliance challenges explains the importance of dialogue in strengthening compliance in these terms:
"When punishment rather than dialogue is in the foreground of regulatory encounters, it is basic to human psychology that people will find this humiliating, will resent and resist in ways that include abandoning self-regulation."
By contrast, if staff feel they have a voice, this generates goodwill and strengthens compliance.
A strong compliance programme is critical to long-term success. But for it to be truly effective, there must be a commitment on both sides.
Staff need to embrace a culture of compliance and commit to be good employees. The flipside is that this can't happen unless leaders also commit to creating the right environment.
Ultimately, there's a balance to be struck between the carrot and the stick.
Rules are there to be observed and there should be consequences if they're broken. But the best way to ensure they're observed is not through prescription. It's by making things easy, intuitive, and user friendly.
If staff find information quickly, understand it easily, and feel supported, it'll be only natural for them to strive to meet your expectations.
Want to make compliance simpler, more accessible, and more engaging for your employees?
Here's ClauseMatch's policy portal can help