Companies wanting to make compliance work now need to go beyond it.
Mounting pressures from various quarters are starting to make even the most resistant leader, manager and financier aware of the serious limitations of what we can call conventional compliance .
Until recently though, anyone with the temerity to suggest this could conveniently be ignored. Or quietly written off as out of touch.
How could normal compliance be so dodgy, when there is such huge investment in systems, software, people and above all the increasingly tenacious grip of the regulators?
Yet persistent challenges about the wisdom of pouring so much money into keeping companies on the straight and narrow through the formal compliance route, today look far less idiosyncratic than say a year ago.
Reviewing what’s happening in the UK and the continuing need for better governance, the latest Institute of Directors (IOD) research pulls no punches:
“…focusing solely on how companies report compliance with a framework while not looking at underlying behaviour will simply not do the job…identifying symptoms of governance failures and then drawing up check lists to eradicate them leaves us in the position of always fighting the last battle.”
Ken Olisa, Head of IOD project, June 2015
Control versus controlling
With its endless codes, ever more sophisticated software and an apparently endless cornucopia of new posts, conventional compliance seems doomed–for much the same reasons most current styles of management are becoming obsolete.
Both are rooted in an outdated urge to be controlling. Both rely on the perpetuation of ponderous hierarchies. Neither responds rapidly to a constantly changing environment. Both current management practices and formal compliance systems are looking like yesterday’s solutions.
All organisations need to control how they operate, which is not the same as attempting to control people–that is make them do as they’re told. While many thousands of jobs are invested in conventional compliance, something more is needed if organisations are to avoid reputation destroying behaviour, combined with ever more costly penalties.
Even those deeply embedded in the compliance profession confess its effectiveness is often compromised by a misguided a wish to control everything. This can surface as a tendency to be excessively focused on controlling, for example constantly saying “no” to what others want to do to make the place more effective:
Even the present regulators admit they cannot expect companies to be fully compliant on all fronts. What they want is at least evidence organisations are trying seriously to tackle bad in- house behaviour.
“Unethical behaviour went unchecked, proliferated and eventually became the norm.”
He went further. Not only did too many in the City feel neither responsible for the system he claimed, nor did they recognise “the full impact of their actions.”
Carney has now called time on “the age of irresponsibility”. The latest Treasury review, Fair and Effective Markets, issued simultaneously with his recent remarks, offers practical ways to improve behaviour and hold people to account.
These imply more fines and yet more elaborate compliance rules, or even more compliance staff, are not a viable way forward. The main change must be cultural—that is, “the way we do things round here.”
Extending the proposed Carney reforms to around 60,000 others will give an added impetus to business leaders to adopt cultural change, rather than buy yet more software, or hire still more foot soldiers as compliance fodder.
The authors of the new Treasury report say the “stick” of big fines should “decline in importance.” That’s less a case of going soft, more a recognition the real aim must be behavioural change —“not to send people to jail.”
Tougher to make money
According to one recently quoted financier: “nobody wants to be a manager in a bank any more”. The reason he claims, is “the increasing demands for them to become accountable for what they actually manage.”
To cope with this new demand he argues will require “a whole new layer of management” because financiers, are mainly about “making money, not managing people.”
He is not alone in claiming this false separation between making money and managing people—as if the two are somehow totally disconnected. Such an assumption reveals how the financial world has deluded itself and so far successfully escaped its true operating costs.
Again, there are clear parallels with what has happened elsewhere–in companies avoiding the true costs of pollution, or in the pricing of nuclear power, without including the final decommissioning costs, or in the need to make sufficiently deep investments in new technology.
Bankers, hedge fund managers and others are now in the cross hairs of regulators, legislators and society as a whole.
The legal overseers in particular are starting to impose hard to ignore costs—or “externalities” as economists grandly call them.
Making money turns out to be harder than originally thought. This new sense of realism is surfacing for example, in the present struggles of RBS to find viable new sources of profit, as it shrinks its operation to more manageable proportions.
It’s latest IT crisis for instance, still be resolved, shows how the need for technology investment is eating away at bank profits, with the failures becoming ever more costly. What’s true for RBS is proving the same for the rest of the banking world:
sources: see note 11
When the full costs are imposed such as taking into account the investment needed for modernising IT systems, making the past mega profits may prove to beyond reach.
The Libor and Forex scandals dramatically revealed the failure to make conventional compliance work. At UBS the misconduct occurred despite the bank receiving a stream of whistle-blower reports over two years. At RBS misconduct occurred despite client complaints over confidentiality issues.
The need for serious culture change—as opposed to more rules and enforcers, has become increasingly urgent as conventional compliance, no matter how rigorously applied, fails to deliver.
Despite a wave of new regulations around the world in the wake of the financial crisis that focused on culture, a 2014 Delloitte report found just six out ten boards had “open discussions” about their risk management.
“All those pious words about raising ethical standards and cleaning up culture were flannel”, is how one leading commentator put it in 2014. Even so, as Deloitte’s head of global risk rightly claimed, “the new focus on risk culture and ethics is more than just buzzwords”.
Many companies are now working hard to build stronger cultures and further develop their ethics and compliance programs. So far though, according to the IOD, the reputation of corporate Britain at least, remains“on its knees.”
The only viable way forward is to tackle real behaviour and not expect systems and check lists to do it on behalf of corporate leadership, as an earlier Economist Intelligence Report pointed out .
“There is little doubt that strengthening culture, including the promotion of ethical conduct and greater knowledge, is a priority of the top echelons of the financial services industry.”
Economist Intelligence Unit report in 2013.
Yet since the 2008 crisis, UK companies seem to have learned little, sticking to
“a prescriptive set of attributes aimed at creating the cardboard cut-out perfect company.”
IOD, June 2015.
Making Culture Change Stick
“Culture trumps compliance every time” is a notable catch phrase, or aphorism, whose time has surely come. Even so, culture change has never been quick nor easy. You can’t simply trade in your culture as if it’s a used car. The best leaders struggle to make it happen in a meaningful timescale.
Right now the danger is compliance professionals on behalf of their business leaders, will continue talking about building a “culture of compliance”, by which they mean an environment in which people do as they’re told.
Culture is essentially about actual human behaviour. That is, practices that happen as part of the every day way of working. So essentially the issue is “how do you get people to do what you want them to do?” And how do you get them to want to do what you want?”
These outcomes are more challenging than trying to build an environment in which people are expected to dutifully conform to rules. Most companies are committing a basic mistake by “doing” compliance, without ever becoming more compliant.
The sensible way forward is not more compliance. Instead, it’s an intense focus on what achieves behavioural change, and what generates a climate of integrity. Culture is merely a shorthand way of talking about such desired behaviours.
To have any chance of success, leaders need to actively promote an ethical culture:
2 D. Schaffer, et al, Six banks hit with fines of $4.34b over global forex rigging scandal, FT13th November 2014
3 J. Pender, No end in sight to a rotten culture, FT, 13th November 2014
4 C. Binham, Banks still struggling with finance ethics,, FT 14th May 2015
5 National Business Ethics Survey of US work force, 2013
6 J. Katzenbach et al, Culture Change that sticks, Harvard Business Review, July/August 2012
7 A.Leigh, Ethical Leadership, Building and sustaining and ethical business culture, Kogan Page, 2013
8 Steven Sampson, Culture and Compliance: an anthropologist’s view, Ethikos, March/ April 2015
9 D. Seidman, Why companies shouldn’t ‘DO’ compliance, Forbes, 5th April 2012
10 J.Treanor, UK corporate governance is ‘still on its knees’ since bank crisis, Guardian, 16 June 2015
11. Sources for IT infographic: various including: “E.Dunkley, Latest RBS glitch a ‘wake up call’ for lenders’ ageing technology systems, FT 8 June 2015
You may also like:
- Why going beyond compliance makes business sense
- Ethical engagement–beyond compliance
- A Cure for the compliance “Groundhog Day Syndrome”
- Wake me up when the training’s over!
Enjoyed this post? Why not subscribe–it’s entirely free–and you’ll be notified of all new ones.