A new approach to compliance: What is compliance culture?
Compliance is crucial for businesses to ensure safety, integrity, and ethical behaviour at all levels of an organisation. However, for many business functions the mere mention of ‘compliance’ can evoke the wrong kind of emotion. To overcome this compliance fatigue, organisations should move away from traditional tick box approaches to compliance in favour of a more holistic cultural approach. This blog will answer the question ‘what is compliance culture?’ and start to touch on how organisations can build strong compliance cultures.
What is compliance?
Compliance is often used as a catch-all term, but there are different forms of compliance that must be met for a business to function effectively. Regulatory compliance refers to adhering to external government laws, whereas corporate compliance often relates to government regulations, but is more concerned with internal policies and rules. At its most basic, compliance is concerned with human behaviour and the act of changing one’s behaviour in accordance with the request of another.
Not only are there demonstrable advantages to be gained from avoiding the cost of non-compliance, but there are even more benefits to be had in being proactive with your approach to compliance and going above the minimum requirements.
The cost of non-compliance
Regardless of industry, the cost of non-compliance is significant and can often be the largest cost (either directly or indirectly) to an organisation. Here we have examined some industry-specific costs of non-compliance, and the perception of an organisation’s ability to be compliant.
- Delays in regulatory approval, resulting in delayed time to market and impacting revenue growth
- Risks to product safety
- Reduced likelihood of uptake
- Risks to patient safety: compromised moral obligation, damage to public image and reputation, and financial penalties
- Costly fine settlements and imprisonment
- Loss of productivity
- Revenue loss
- Business disruption
- Lost market share and reputational damage
- Increased lost time incidents
- Complete inventory write-downs for non-compliant products
- Costly expense of redefining supply chains to become compliant
Traditional approaches to compliance are no longer enough to drive compliant behaviour
Given the increase in regulation seen across industries over the last 30 years, it is hardly surprising that many organisations have felt the only way they could keep up is by focusing on risk mitigation and monitoring. This mentality is seen repeatedly throughout organisations at different levels and in different forms but is always detrimental to creating long-term value.
In the corporate compliance context, this tick box approach to compliance may manifest in the form of an employee associating compliance with negative linguistic responses such as: “Where are the loopholes?”, or “I need to rush through this to focus on my real job”, or worse, “How can I get away with this and not get caught?”.
In terms of regulatory compliance, a tick box approach is commonly used by organisations when preparing to pass a compliance audit. But once the audit has been passed, things immediately return to the old ways. Some organisations have tried to overcome this by increasing audit frequency, or by giving less warning about when an audit might take place. This can be effective to an extent, but it does not truly address the issue of mindset.
The challenges to compliance are all ultimately driven by human behaviour- it can be too easy for people to get caught in cycles of habitual and destructive behaviour. In order to reduce the risk of misconduct and foster genuine employee compliance, robust governance and a positive corporate reputation, organisations must adopt a more human-centred approach by creating and sustaining strong cultures of compliance.
Compliance culture definition
A culture of compliance starts with an organisation that is true to its mission and core values, where senior managers lead the way by expressing their commitment to compliance policies and encourage open communication and honest feedback.
At its core, compliance culture is a process that is guided and supported by many people to create an environment in which everyone can say and do the right thing. Compliance should therefore be an intrinsic part of all businesses processes, rather than an attempt to circle back and tick it off at the end.
Although it sounds simple enough, creating this compliant culture can be difficult. This is evidenced by the many well-publicised instances of corporate wrongdoing; Boohoo, Nike and Volkswagen are just a few household names that have been entangled in scandal in recent years. Addressing this challenge requires re-adjusting many of the learned behaviours that are deeply entrenched in organisational psychology, such as habit formation, motivated blindness, and compliance fatigue.
How to create a strong compliance culture
Achieving a successful compliance culture relies on understanding the mindsets and behavioural norms that determine how an organisation identifies and manages risk. Understanding human behaviour and its impact on compliance is an integral part of creating this culture. Often, penalties alone are not enough to deter wrongdoing.
To truly change organisational approaches to compliance, we need to consider the social and psychological influences behind behaviour, such as behavioural biases, groupthink, and social norms.