Can a compliance team change a culture?

Written by Jonathan Dempsey, MBA on Tuesday June 1, 2021

It may seem peculiar to pose this article’s question. After all, compliance teams were developed to ensure that adequate controls were not only in place but remained there; to provide assurances and a stable foundation from which the business could proceed – in other words, to maintain the status quo. These are not the obvious characteristics of those seeking change! Guardians of policy and process, yes – less so people and culture. But let’s think historically to find answers for the future.

Industrialisation led to large organisations being built around departments – production, HR, finance etc. Information flowed from the board down through hierarchical structures in a ‘command and control’ fashion with the feedback loop of reporting back up to the executive. Departments tended to operate in functional silos and risk was perceived as a cost to be avoided. So, the perceived value of ‘compliance’ with laws and other standards was the ‘licence to operate’ and little more. For a compliance team renowned for inspections, audits and gatekeeping policy requirements, where would their impetus to change the culture derive from, even if they could?

There was a time before social media and the mobile phone (believe it or not) when industry and commerce was stable. Unions negotiated with employers over employee welfare and the main threat to productivity was the potential for strike action. Life was relatively predictable. Organisational culture tended to become increasingly embedded unless there were mergers and acquisitions. It was possible to develop all-encompassing management systems which governed how businesses operated, the control of which was manageable – with filing cabinets full of documents. Few people outside of an IT department needed to engage with technology.

The growth of culture

Extensive literature has been produced on the subject of culture at an organisation level in an effort to understand it – its components, how it is formed, how one compares with another, etc. It takes time for culture to form: through folklore, word of mouth, the stories people tell, the signs and symbols, the nature of work undertaken, the demographics of employees and more. It’s shaped by the real values of the business which are lived, tolerated and rewarded rather than the values espoused on posters in head office.

In recent years, greater emphasis has been placed on how to influence or even change culture within businesses. For example, a compliance culture exists so that everyone follows the rules on financial regulations and reporting, or environmental law on handling waste management. In the health and safety arena, a safety culture is required to help reduce accidents or a speak-up culture for human performance to build trust and engagement. In catering and hospitality, a food safety culture must be cultivated to ensure customers do not suffer from food poisoning or in relation to food allergens. Finally, a safeguarding culture is necessary to prevent abuse, for example, to children in sports associations, schools and other institutions.

Whilst the growth of these protective cultures is admirable, they are likely to be based upon professional and technical criteria or as result of a serious, catastrophic event. Seeking to align the whole culture with the strategic aims of the organisation is less prominent. The logical consequence is a ‘queue’ at the door of the boardroom and competition for ‘airtime.’

Previously, we explored how the world is quickly changing and digitising, and why there is a real struggle for compliance in keeping up with this frenetic pace. If a compliance team could change a culture, what would it take to make this a reality? How would the team, itself, need to think, act and communicate differently to change the culture in the organisation as a whole? What is the motivation, the timeframe, the resource commitment? What would they change the culture to? If they could, why aren’t they doing so already? Who are their stakeholders and how would they be managed? And who is the ultimate sponsor?

These questions are estuaries to the bigger question of whether a business can stay the same while the world is changing around it and continue to be successful. The evolving retail landscape of recent years demonstrates the perils of remaining static in a dynamic operating environment – book shops, video rental stores and high street department stores losing ground to e-commerce and social media. So, change is fundamentally required, specifically in the ability to manage and thrive in areas of flux.

What compliance can do

Compliance teams may recognise opportunities for change. To do so, they need to adapt readily in both purpose and approach. Perception is reality. Both the disciplines and functional departments of compliance have often been described as policing activity, acting as enforcers and constraining business – both within the business and amongst the general public. A reframing of this concept is required and the reality needs to be the visible transition from defensive ‘end-of-product testing’ of inspections and audits to collaborating proactively as part of integrated risk management. Rather than separate entities within the business, compliance needs to be seen as a key enabler, understanding the aspirations of cross-functional teams, and simplifying concepts and principles to help them through tailored communication with internal audiences.

Compliance teams need to think and act more holistically, strategically and embrace innovation – to ‘design in’ rather than ‘bolt on.’ It’s vital they play their part in unlocking synergy and adopt a mindset that values reflection. Notwithstanding there will always be laws, policies and process requirements, governance needs to be more agile, adaptable and resilient to form the basis for transformation of the business (culture). The focus needs to shift to people, innovation and technology – even within high-risk and heavily regulated sectors. This will facilitate fresh thinking and greater diversity, and will make compliance more attractive to wider demographics, not least #GenZ. As part of a c-suite sponsored change programme, involving HR, communications, operations, IT and other stakeholders, compliance can help to equip the business to learn for the future.

A football analogy may be useful here. Compliance teams used to help a business avoid conceding goals (settling for 0-0). We now require a more agile team formation which can anticipate threats much more intuitively and help the business to play a more attractive style of football with more goal scoring (1-0 wins). Such a style will help confidence grow within the business, enhancing reputation and promoting the brand (i.e. achieving business goals!)

In the second blog of this series, we explored the reasons why people join the compliance profession. When we consider these from the perspective of organisational culture, it becomes apparent that compliance teams are now primed to become more instrumental in influencing the change of culture.