Practical insights for compliance and ethics professionals and commentary on the intersection of compliance and culture.

Compliance as both function and discipline

Compliance makes concrete and professionalizes the rules, regulations, and questions of ethics and integrity that are everywhere in life. It can be very absolute, used in creating a framework to ensure adherence to external legal and supervisory requirements as well as internal policies and procedures, to form a rules-based approach to risk management. It can also be more esoteric, probing the challenge between general norms and existing controls, and what may be morally acceptable or within individual expectations.

Considering the distinction between the function of compliance and the discipline of compliance is helpful to develop a more mature understanding of its applications in both modes. Compliance as a function creates frameworks, translates regulations and directives into internal policies and procedures, identifies program priorities, and plans management strategies. Compliance as a discipline takes all of these efforts to ensure awareness of, and steps to comply with, all relevant laws and regulations, and applies them directly to the business in order to target this work toward facilitating ethical decision-making, encouraging integrity, and positively impacting business strategy.

The function of compliance describes the general task of keeping up to date on rules and regulations and designing governance, risk, and compliance (GRC) management strategies and structures to present to senior management, executive boards, and outside stakeholders such as regulators and other supervisory bodies. This includes regulatory compliance, which ensures that organizations are abiding by both industry regulations and government legislation. This also includes designing governance and control structures intended to encourage employee and organizational integrity and create disincentives against and penalties for misconduct.

The discipline of compliance, on the other hand, describes the dynamic and business-linked support activities that the compliance professional undertakes within the broader context of the organization. Disciplinary compliance takes the above-described principles and frameworks and applies them in the business arena. This is where the rubber meets the road between the compliance officer and the business line he or she serves. In this setting, compliance is a relationship-based activity of providing advices, cooperating and aligning with other stakeholders and functional partners, suggesting defense strategies in light of real-time business risks and strategies, and maintaining an on-going bird’s eye view of the business landscape which can only be achieved by pro-active, personal engagement.

Building upon the above definitions and borrowing from the philosophy of ethics, the comparison could be made between the compliance function and normative ethics on one hand, and the compliance discipline and applied ethics on the other hand.

The compliance function links to normative ethics, in which moral behavior is compared to the norms of the social context in which the actions are taken, because of the emphasis in both on external or supervisory expectations and standards. Normative ethics is quite useful in identifying and categorizing compliance risks and suggesting possible mitigations and strategies for the ones that cannot be eliminated or are deemed acceptable to some extent. Within the function of compliance, the question of what individuals should or should not do, is answered by relevant laws, regulations, principles, rules, standards and codes of conduct, and other guidelines applicable to these individuals and the organizations in which they work.

The compliance discipline, in the meantime, can be connected neatly to applied ethics, which centers on the use of ethical theory in order to analyze and address actual moral issues that arise in work and life. Dilemma analysis and discussion, and compliance awareness dialogs, all borrow from the didactic constructs of applied ethics.   Building upon the structures and foundations that come from the compliance function and from the philosophy of normative ethics, the compliance discipline and applied ethics both are used to take these frameworks from strict requirements to living, practical considerations within the robust culture of compliance at the organization.

For more posts on types of compliance and ethics, check out some of these: Guiding principles for a compliance advisory practiceCompliance 101: A quick guide; The five branches of ethics as applied to compliance principles; How to make voluntary engagement with compliance values meaningful.  Posts each Monday, which are categorized in “Best Practices,” often address this sort of topic from both academic and practical perspectives.


Guiding principles for a compliance advisory practice

Guiding principles formalized in mission statements or charters have long been seen as essential to positioning businesses and individuals in them for success. Virtually every major organization has such a mission statement at the center of its business principles, which is used to succinctly define its internal strategy as well as it to represent the image it wishes to present to its stakeholders and the public. Famously, the business or personal mission statement is prominently featured in Habit 2 of Stephen R. Covey’s 7 Habits of Highly Effective people. This reasoning indicates that acting with a defined purpose and memorializing it by creating a formal mission statement for this credo gives power and motivation to decision-making. This concept can be powerfully applied to a compliance officer working within an advisory practice, a function which is greatly supported by having a basis in well-articulated guiding principles and values.

  • Express and adhere to a bright-lined scope within the advisory model. Defining and sticking to a scope is essential for success. The compliance officer’s role must be well-defined and meet shared objectives determined by business needs and risk awareness analysis. The compliance officer who fails to plan scope adequately, fails to plan in the grand scheme of efficient and strategic self-positioning.   An advisory model is not a finite scope of work, such as in the Legal function where an issue-limited “go or no-go” opinion is often expected. Nor is it an operational approach, such as in Human Resources, where queries on and exceptions to practices and procedures are handled case-by-case. Instead, the compliance advisory anticipates both solicited and unsolicited advices and focuses on building a practice with business management where both modes are equally appreciated and expected.
  • Promote a risk management profile consistent with the clearly-defined role of compliance. A successful compliance advisor must represent and broadcast a profile consistent with his or her position in an integrated system of compliance risk management. Ownership of risk must be thoughtfully distributed and articulated. In the popular three lines of defense model, for example, the business is responsible for management control in the first line. Independent assurance is owned by audit in the third line. Compliance sits in the second line responsible for risk and control oversight functions. Strict adherence to this model or any other defense structure is necessary to promote the establishment, implementation, and evaluation of effective controls.
  • Pro-actively align with colleagues in other functions to strengthen integrated efforts. Strategy for compliance advisors often focuses on gaining buy-in from business management.   Foundational to this, however, is successful cooperation with other functions that also face the business from on oversight perspective. Compliance advisors should value cooperation and coordinated efforts with close peers before communicating to others. This starts with fellow compliance colleagues but extends immediately to frequent partners such as Risk, Legal, Finance, and Human Resources. All of these functions succeed in their work because of reliable credibility within the organization. High cohesion among the partner functions is crucial to model collaboration and prevent the business from shopping across functions to find favorable outcomes.
  • Incorporate the spirit of customer excellence/continuous improvement practices. A compliance advisor should embrace a service-oriented and relationship-focused way of working. In a clear and evolving view of what is needed to support the compliance function and from whom, imbuing the role with a commitment to ongoing improvement of advice provided, with the cooperation and expertise that entails, will help to maintain relevance and flexibility. Feed-forward input from business partners and a focus on efficiency and evolution helps to make sure that compliance initiatives have the support they need to be implemented and compliance investments can be viewed as integral to business strategy.
  • Demonstrate added value to business partners. Successfully persuading management that compliance adherence can support commercial sustainability under the right circumstances, rather than undermine it, more than justifies the costs of implementing and maintaining effective compliance controls. In giving advices, compiling reporting, providing and analysing management information, and updating on the intersections of business objectives and regulatory developments, compliance advisors can earn trust by demonstrating integrity as a core practice. Once this becomes a genuine shared goal, compliance can not only add value to the business, but indeed be seen as an active participant in these interests.

The ideal compliance advisory profile is one of an individual who is trusted, professional, and collaborative.  This profile, in combination with strong guiding principles setting ground rules about scope, role, and sustainability via high standards and added value, is the basis for the compliance advisor’s way of working, promoting a progressive and professional profile that is visible to the business served and functional partners.