“If change isn’t tough, you haven’t really changed anything.”
I know how tough it is to initiate change – especially in a global organisation. Unfortunately, the challenge becomes even greater when the changes you’re implementing relate to compliance.
Below I highlight some of the biggest barriers to change before drawing on my personal experiences to explain how to implement an effective compliance change programme.
Before you can successfully change how compliance is done, you first need to identify and dispel any barriers.
Initiating change can feel like moving a mountain and for compliance in particular, there can be several barriers in the way. Some of these might be interlinked and may have gone unchecked for years.
Barriers to change in compliance
- Companies become set in their ways of doing things, which drives complacency and stubbornness to changing policies and procedures.
- Many companies will have local branches with autonomy for regulatory compliance. This approach heightens the risk of inconsistent policies, multiple ways of working and gaps in adherence to global compliance standards. The organisation’s risk framework and the corporate strategy therefore becomes redundant.
- In the pursuit of retaining capital, companies may have a blasé approach to compliance. The risk that companies run by thinking that regulatory action is something that happens to others but not to them is a risk that shouldn’t be underestimated.
- Fierce budget competition can mean that while you might assume most senior managers would actively seek to address the risks associated with lapses in compliance, the reality is other business challenges can be prioritised above compliance. This in turn can prove challenging when seeking the budget needed to embed compliance programmes.
- A 2020 survey by PwC for example found that less than 30% of 5,000+ respondents strongly agree that they’ve been able to implement or upgrade their anti-fraud technology – with issues of cost, limited resources and lack of systems cited as obstacles.
- The misconception that compliance costs too much money. More on this ill-informed belief below…
“Why should we bother to change?”
It’s common to hear compliance professionals questioning why it would be worth investing time and money into implementing organisational change to improve seemingly unbroken systems, policies and procedures.
While the answer may seem obvious, it is all too often overlooked…
The cost of regulatory fines, reputational damage and the consequential embedding of new systems significantly outweighs the cost of simply implementing a secure compliance program in the first place.
If resistance exists, it is really important to address it to not only initiate change but ensure change is successfully embedded and embraced by the entire organisation.
Increasing senior management responsibilities
Another increasingly significant reason to bother to change is the increasing focus on senior management responsibilities as regulators expect senior managers to take responsibility for compliance from the top. Litigation and fines imposed on individuals within organisations are now a very real possibility where regulations have been breached.
Europe’s 6MLD, which comes into effect for regulated entities from 3 June 2021, is an example of how criminal liability is extending and increased imprisonment penalties are soon to be introduced in a bid to deter individuals from involvement in criminal offences.
Leading effective compliance change:
8 essential requirements
Being aware of potential barriers can help prepare you to overcome them and on that note, in order to lead an effective compliance change programme, there are 8 essential requirements to focus on:
1. Ensure effective change communications
I cannot overestimate how important communications are when embedding new policies and procedures. A company-wide communications strategy should be the cornerstone of your change processes. It should provide clear and concise communications, detail changes to policy and procedures, and highlight the importance of why those changes are occurring.
2. Engage stakeholders
You will need to identify stakeholders who will take on the responsibility of driving the change within their area or jurisdiction. Global business change will only be successful if there are supporters at a local level. This is usually the role of middle management. The core responsibilities of this role are to distribute communications accordingly and identify the roles that will be affected by the change in policy.
Stakeholders are also useful for engaging with the workforce, providing feedback on existing procedures and fielding questions the workforce may have. Having a workforce that feels they are involved with the process and listened to, is key to success.
3. Identify unidentified risk
There has to be an emphasis on the value of compliance that goes beyond the risk of regulatory fines. Without a comprehensive global compliance program, you won’t be able to quantify what risks the company is carrying. Unidentified risk should be the focus when getting buy-in from your stakeholders.
4. Avoid complex process design
You’ll need a pragmatic approach to simplify and streamline ways of working.
When writing new standards and making changes to existing processes it is important to ensure the processes are designed to be effective without being overly complicated. If processes are unnecessarily complex or have seemingly arbitrary elements, staff will seek ways in which to make shortcuts.
5. Train staff appropriately
The workforce should receive appropriate training to be able to understand new processes and why they are obligated to follow them. A training schedule should be periodically reviewed to ensure the workforce refresh training in accordance with changes to regulations.
It’s also important to document the training staff receive for audit purposes. Regulators will expect you to demonstrate the workforce has been trained sufficiently to manage non-compliance risks.
6. Use metrics to measure failures and success
What gets measured gets done. You need to have a strategic approach to global and local measures that aligns to the corporate strategy. Compliance measures need to be equivalent to other corporate measures with defined consequences for failure.
7. Secure senior management sponsorship
A business change program will only be effective with support from senior management. The project will need to be sponsored by a senior manager, a CFO for example. This will support middle management when seeking buy-in from stakeholders. The higher the sponsorship comes from the top, the less resistance you’ll find from the bottom.
The nominated senior manager will need to be consistent in driving the right message throughout the company. They will need to review the progress and provide support to overcome obstacles if required.
8. Monitor long-term performance
The last thing to ensure is that the change has been fully and permanently embedded. To do this you will need to run a series of checks after implementation. This is the only way you can be sure that slippage to old ways is not happening.
Transform your compliance with technology