Compliance makes concrete and professionalizes the rules, regulations, and questions of ethics and integrity that are everywhere in life. It can be very absolute, used in creating a framework to ensure adherence to external legal and supervisory requirements as well as internal policies and procedures, to form a rules-based approach to risk management. It can also be more esoteric, probing the challenge between general norms and existing controls, and what may be morally acceptable or within individual expectations.
Considering the distinction between the function of compliance and the discipline of compliance is helpful to develop a more mature understanding of its applications in both modes. Compliance as a function creates frameworks, translates regulations and directives into internal policies and procedures, identifies program priorities, and plans management strategies. Compliance as a discipline takes all of these efforts to ensure awareness of, and steps to comply with, all relevant laws and regulations, and applies them directly to the business in order to target this work toward facilitating ethical decision-making, encouraging integrity, and positively impacting business strategy.
The function of compliance describes the general task of keeping up to date on rules and regulations and designing governance, risk, and compliance (GRC) management strategies and structures to present to senior management, executive boards, and outside stakeholders such as regulators and other supervisory bodies. This includes regulatory compliance, which ensures that organizations are abiding by both industry regulations and government legislation. This also includes designing governance and control structures intended to encourage employee and organizational integrity and create disincentives against and penalties for misconduct.
The discipline of compliance, on the other hand, describes the dynamic and business-linked support activities that the compliance professional undertakes within the broader context of the organization. Disciplinary compliance takes the above-described principles and frameworks and applies them in the business arena. This is where the rubber meets the road between the compliance officer and the business line he or she serves. In this setting, compliance is a relationship-based activity of providing advices, cooperating and aligning with other stakeholders and functional partners, suggesting defense strategies in light of real-time business risks and strategies, and maintaining an on-going bird’s eye view of the business landscape which can only be achieved by pro-active, personal engagement.
Building upon the above definitions and borrowing from the philosophy of ethics, the comparison could be made between the compliance function and normative ethics on one hand, and the compliance discipline and applied ethics on the other hand.
The compliance function links to normative ethics, in which moral behavior is compared to the norms of the social context in which the actions are taken, because of the emphasis in both on external or supervisory expectations and standards. Normative ethics is quite useful in identifying and categorizing compliance risks and suggesting possible mitigations and strategies for the ones that cannot be eliminated or are deemed acceptable to some extent. Within the function of compliance, the question of what individuals should or should not do, is answered by relevant laws, regulations, principles, rules, standards and codes of conduct, and other guidelines applicable to these individuals and the organizations in which they work.
The compliance discipline, in the meantime, can be connected neatly to applied ethics, which centers on the use of ethical theory in order to analyze and address actual moral issues that arise in work and life. Dilemma analysis and discussion, and compliance awareness dialogs, all borrow from the didactic constructs of applied ethics. Building upon the structures and foundations that come from the compliance function and from the philosophy of normative ethics, the compliance discipline and applied ethics both are used to take these frameworks from strict requirements to living, practical considerations within the robust culture of compliance at the organization.
For more posts on types of compliance and ethics, check out some of these: Guiding principles for a compliance advisory practice; Compliance 101: A quick guide; The five branches of ethics as applied to compliance principles; How to make voluntary engagement with compliance values meaningful. Posts each Monday, which are categorized in “Best Practices,” often address this sort of topic from both academic and practical perspectives.