How to make your compliance programme the best it could be

beyond compliance
ECI report on beyond compliance

According to a new, and well researched report from ECI, there are five core purposes behind any really effective  compliance program, regardless of the industry sector. These purposes are “beyond compliance”, that is they are not confined to a mere “tick box” approach.

  • Ensure the organisation sustains its integrity and reputation as a responsible business
  • Reduce the risk of wrong doing by those employed by or aligned with the organization
  • Increase the likelihood that when wrong doing occurs it will be made known to the management of the organisation
  • Increase the likelihood the organization will responsibly handle suspected and substantiated wrong doing
  • Mitigate penalties imposed by regulatory and governmental authorities for violations that might occur

These arise from the report’s comprehensive review at what’s needed. It’s based on existing practices, expert opinions and even feedback from members of the public.

No more tick boxes       

Beyond compliance, not going through the motions
Beyond compliance –not just going through the motions

So many compliance programs simply achieve the minimum standards, creating in effect a tick box mentality. From the leaders’ point of view, it’s enough for the system to just go through the motions, so long as it merely helps the company avoid falling foul of various regulations.

Such a minimalist approach though leaves an organisation exposed to all kinds of risks. For instance it does almost nothing to generate a culture in which compliance is taken really seriously at all levels. What ‘s needed is a change of gear in many companies.

When the compliance program meets the above five criteria it can offer considerable benefits to leaders of organisations. For example, as the report explains, misconduct may be reduced by as much as 66 percent in organizations with effective programs.  Similarly, reporting of wrongdoing to management increases by 88 percent when the compliance programme is truly effective and not just meeting minimum standards.

The  challenge  for  most   organizations  is  therefore to find the  right balance  between two separate aims.

First, the compliance system  must inspire people to speak up  about challenges to the organisation’s culture and reputation.

Secondly, it should help support a culture with a high degree of commitment to compliance which includes prevention,  detection  and  response  to  misconduct. 

Relatively few organisations seem willing to reach “beyond compliance” with their in-house compliance programs. Yet there are exemplars, companies which have show what excellence means and how to meet the above five purposes of their programs.

Drivers of beyond compliance

But why should a company “go beyond compliance.” One important reason is increasing complexity is posing formidable problems that the minimum standards approach does not attempt to tackle. Companies need to look  beyond the minimum standards and explore what this means in practice.

For example, forces at work creating the drive to go beyond the basics include an increasingly  intense regulatory  environment; increasing  global  standards; rapidly  expanding  public  scrutiny  and reputation risk; and the fast rising  costs of  misconduct.

In such an environment companies need to get to grips with the principles and  key  practices common  to  high quality  ethics  and  compliance  programs. This also means identifying practical ideas for action they can adopt.

An ideal beyond compliance program

How would you recognise an excellent compliance programme if it existed? Again the report suggests  detailed pointers to re-define the compliance effort. Any excellent program should

  • Promote all  relevant  legal  and  regulatory  expectations.
    This means integrating ethics and compliance thinking and practice into the daily operations of  the  organization; this includes making ethics and compliance central to the organisation’s business strategy.
  • Go beyond a mere “check  the  box”  approach.
    Instead risks are actively identified, owned, managed and mitigated;
    It should prioritize creating a culture where  concerns  can  be raised and where  retaliation is both prohibited and prevented
  • Require prompt action in response to misconduct 
    Underpinning this is a commitment by the company’s leaders to build and sustain a culture of integrity and accountability when wrong doing occurs.
  • Continuous improvement
    The compliance programme has a strategy to continually  document, measure,  evaluate and  improve the system

Converting these clear principles into practical actions on the ground can be challenging for even the best companies.

The report therefore offers extensive worked examples of how these aims can be brought to life along with more detailed aims supported  by leading practices. For example, to support the basic first principle that ethics and compliance should be seen as central to a company’s business strategy here is one of the several supporting objectives worked through with leading practices:

Beyond compliance practices

Conclusion about beyond compliance

It’s  not always entirely clear in this report the difference between its early stated five core principles and the later re-presented principles of high quality programs along with worked examples. This it to quibble though, since the two are mainly compatible with some slight differences.

This report provides a welcome and intelligible description of what it means to go “beyond compliance.”  And why it’s desirable to do so.

Beyond compliance report








You may also find these posts of relevance: 

Beyond compliance

Codes of behaviour

Time to change gear—from compliance to culture

Can compliance trigger a corporate transformation?

Why going beyond compliance makes business sense

 Ethical engagement-beyond compliance

Comments are closed.