Corporate buzzwords are famously annoying. While they’re often intended to convey a positive or progressive intent, this business jargon can often becoming meaningless on its own, standing mostly for whatever management trend has caught senior leadership’s attention for that moment. “Outside the box”; “That’s in my wheelhouse”; “Have a dialog around”; “Agile”; “Lean and Mean”; “Operationalize” “Gap analysis” – anyone who works in an office has heard and, probably eventually been aggravated by, these words and phrases.
From a compliance perspective, there is one corporate buzzword which is enjoying current prominence that is more harmful than others: “future-proof.” This term describes the aspiration of businesses to stay focused on improving today’s practices in order to be ready for tomorrow’s risks. It aspires toward a proactive, strategic model of compliance risk management. Thinking differently about compliance risks in trying to prevent or mitigate future problems instead of just responding to past ones is a more rigorous, assertive approach.
However, the concept of future-proofing is intrinsically flawed and worse yet, dangerous to rely upon. The idea that absolute certainty can be brought to compliance risk management is a moral hazard in the discipline. Responding to and anticipating risks can be dynamic and forward-looking. A crucial part of the practice of compliance is bridging the gap between what individuals and organizations must do or not do, and what they may, but claiming to predict future results sets an unrealistic business expectation. A robust compliance program is not an insurance policy, nor does a heightened awareness of compliance risk allow an organization to read the tea leaves and assure management and stakeholders that only calm seas lay ahead due to preparing a controls framework.
Rather than suggesting perfect immunity against changes in regulations and law and emerging risks, compliance officers should set realistic expectations with the businesses they serve. No one can tell the future, though of course for the right price any person will offer a guess. The allure of the unknown should not distract from concrete compliance demands.
The future will show what it holds in due time, and before that happens the best approach is to meet the current standards and exceed them in specific areas where the organization has shown vulnerability or seeks more risk and exposure. Complete compliance with current regulations and laws and a governance structure which supports and promotes all of an organization’s policies, procedures, and most importantly philosophies are non-negotiables. Companies cannot fail to get this part right before concerning themselves with what may be out of view over the horizon.
Let’s also not focus on the future at the expense of the past – real lessons should be learned from mistakes and experiences. Instead of just forgiving and forgetting, use what happened yesterday to derive a more informed assessment of the as-is situation and design a compliance program that capably responds to this instead of being overly formal and stale. Making a commitment to the practice of compliance as an ongoing function means that as the business evolves so does compliance, along with it instead of blindly ahead of it.
Certainty cannot be promised – indeed, this reality is one of the reasons why a responsive, strategic compliance advisory program is essential to any organization’s risk management efforts. Avoid making undeliverable assertions about future perfection and instead, focus on learning humbly from yesterday’s mistakes, out-performing the present’s expectations, and remaining open for the insights and challenges which are yet to come. Instead of future-proofing – focus on future-sustaining.