As the compliance profession continues to mature, a cross-functional, integrated approach emerges as the most productive and effective operating model. Compliance officers must continually seek to present themselves as partners to and promoters of the work of other functions – including legal, HR, sustainability, communications, and many more. Compliance programs should strive to be powerful sparring partners and sources of important subject matter expertise that are willing to work together to give the business the most value for its controls framework. The alternative – being seen as potential hindrances to progress or wallflowers that prefer to come only when they are called – must be avoided at all costs.
One of the most important partners for compliance in this capacity is the risk function. It’s extremely important to have a healthy cooperation across the functional line between risk and compliance and to establish a respectful and enthusiastic system of knowledge sharing and collaboration, both internally as well as in facing the business.
Below are some important considerations for compliance programs to incorporate in aligning with risk.
- As compliance matures as a function, pay attention to the different ways organizations position it. Sometimes it will be within the risk function and other times alongside it. Therefore different approaches will be most effective – sometimes a deferential yet expertise-focused pitch, while other times presenting as an enthusiastic countervailing party.
- Arguments against the inclusion of compliance in traditional risk management and governance frameworks often rely upon the opinion that people will do the minimum to tick the box and satisfy some external requirement or representation that must be made to management or the public. Once implemented, therefore, this type of compliance has no real-value add. It can be fully automated and is more likely to provide a false sense of satisfaction and achievement than it is to actually present valuable signalling or contribute to business value improvements. Fight against this old-fashioned, limiting view of compliance and focus on what compliance can bring to the other functions and the business by working together, not for or against each other.
- The type of compliance described above is compliance by force and can never be authentic or effective. However, a values-based approach to support organizational and employee ethics and integrity, paired with a practical, rules-based compliance risk controls framework is the opposite of “ticking the box.”
- The ideal mindset for compliance culture is not at odds with building an overall robust and realistic risk culture in an organization. Indeed, compliance should contribute significantly to that overall risk culture assessment. Compliance should not be seen as a precursor form of corporate governance that only matures once it is labelled as risk. The two functions are not mutually exclusive and should instead be seen as either ancilliary or, ideally, complementary.
- Take on difficult conversations with challengers! Treat opposing viewpoints with dignity and practice active listening, but show that you understand the arguments you may encounter and have respectful rebuttals or productive compromises in hand that you are prepared to put into action. Professional skepticism is healthy, and it’s a core competency for any compliance officer to understand how to deal with criticism or doubt that’s founded in it as well as how to present persuasive and impressive responses to it.
Performative, rules-limited style compliance cannot survive in this era of rapid digitalization and implementation of data-driven systems that focus on automating and enhancing standardized compliance advices through machine learning and robotics. Compliance must rely on strategic relationships with functional counterparties to both maintain its independence and promote its strategic collaborations to keep the relationship-focused, expertise-driven aspirations of the profession progressing.
Check back in the future for other posts on these cross-functional relationships that are important for compliance to consider.