Is your approach to compliance fit for the present and for what the future holds?
There is a very common human response when someone hears the word “compliance”, as if it was embedded in our genes: most people go, “oh compliance”, and they frown or twist their mouths. Let’s be frank, there is some negativeness around the matter because we link it to filling papers, paying taxes, tedious processes when asking for a loan, etc. But it could certainly be different.
In this article we focus on why the compliance function needs to transform and how innovative organisations are navigating this process by tapping into five principles. We understand that compliance has different edges. It has to do with the organisation’s standards and requirements to operate, but it is also linked to the processes put in place when customers interact with the organisation.
This article is based on a podcast between Kristin Rivera, PwC’s Head of Global Forensics and Andrew McPherson, PwC’s Global Risk and Regulatory Leader. In addition, Nicole Schadeck, Regulatory Compliance Director at PwC Luxembourg, gave us a hand.
Compliance needs more than a face lift
There has never been a greater need for organisations to deliver compliance in a fresh way, one that genuinely supports their mission and values.
It’s a stabilising exercise, a balancing act: supporting customers’ needs and goals and, at the same time, managing organisational risks to achieve the strategy.
Compliance is worrisome. One example is enough to prove it: In the last years, PwC’s CEO Survey has shown that CEOs feel anxious about or feel threatened by (over) regulation.
When facing compliance, businesses suffer some diseases. There is the “compliance heart attack”, where a customer or an organisation has a massive compliance issue that surprises them. In such events, the aftermath might cost the CEO, the board and executive members their job, shareholders can lose capitalisation, and employees and clients get anxious. These sorts of issues are organisation-changing and life-changing for many individuals.
But there is another disease that’s chronic and more insidious, the “compliance heart disease”. It occurs when compliance and all the processes around it are actually choking the arteries and veins of the organisation. It is highly costly—compliance processes are very expensive— detrimental for customer experience and it impacts the organisation’s culture and the staff experience as well.
One straightforward question we commonly ask is, do many organisations see real value in their compliance teams? Because, despite CEOs being worried about compliance, teams are often in the shadowy part of the building, the basement or in an office further than HQ.
Compliance is really important and very valuable to organisations but so far, it hasn’t been able to fight the ugly duckling reputation it has developed over time.
“In today’s world, where transparency operates pretty quickly, without trust you are dust,” says Andrew (smartly) during the podcast conversation. “The number one way to lose trust is to fail to live up to what’s expected, to commitments you’ve made and so forth.”
According to Kristin’s own experience, the case of technology companies in the Silicon Valley is revealing. They fear “heart disease” more than the “heart attack”. Because innovation and coming up with new ideas is what makes their living, slowing things down due to compliance issues is simply frightening.
A different approach to compliance
Like when avoiding health issues, in business, a preventive approach to compliance is worth a pound of cure.
PwC’s previous studies on risk and compliance have dug into where organisations spend money on compliance. The answer to this question, however, hasn’t been clear enough and information about it has been limited, comments Andrew. So further PwC research helped to define key areas of compliance spend and results showed that differences from one industry to another are little.
The number one area of compliance is almost always relating to specific product and service standards that apply to the organisation. So, if you’re an airline, it’s engineering and safety; if you’re a hospital or you operate in the health industry, it’s compliance and clinical matters. The other recurrent compliance areas are workforce, labour obligations, data protection and cybersecurity, environment and sustainability. All of them are big spending areas.
However, as Andrew explains in the podcast, there aren’t many CEOs that have a holistic view of compliance costs. Certainly, compliance is well spread throughout the organisation as it should be: there are different areas of compliance in different departments, and they’re all important in different ways, but few organisations reflect on how this lack of comprehensive view affects teams, customers and each individual’s experience.
Also, it isn’t that common to hear about the transformation of the compliance function or compliance more holistically. Finance, technology, sales, people functions, all of them are transforming or have been transformed, and some of them multiple times. It is rare to hear about organisations transforming the way they comply with their expectations.
During the COVID-19 pandemic, the US Department of Justice – the regulatory body that defines compliance matters across all industries in the country – came out with really insightful new guidance. “For instance, they recommended companies to thoroughly think about why their compliance programmes are designed the way they are,” shares Kristin.
To her, most companies in regulated or non-regulated industries struggle to answer that question because they’ve grown organically and there was a compliance need and it got fixed, but the function hasn’t been transformed purposely.
How to pack compliance up in a way that makes sense to your clients?
If we think about transforming compliance, there are five attributes or principles to make it highly effective and future-proof.
- Your approach to compliance is aligned with your market strategy, pricing strategy, purposes, values, not just with laws and regulations. We call it “strategic alignment”. That makes compliance purposeful to your organisation. Let’s think of an airline, for instance, whose prices may be higher than average but whose reputation on high safety standards, customer experience and low accident records justifies that. Because compliance and strategy are aligned, people are willing to pay and the business can thrive.
- You’re designing the compliance process with the customer in mind. You want your compliance processes to support what’s valued by the customer rather than getting away from it. That can be a true differentiator: using compliance to create a unique experience because the customer, although it goes commonly unsaid, also buys trust in the brands, in products and in organisations.Andrew explains this principle with a life experience: “I used two financial advisors to make my investments. One of them sent me a pile of paper that I had to print after signing […] I feel it was irresponsible […], I don’t print much these days. The other gets me this really good digital means [..] and, you know, it delivers me high returns. So, who should I invest more with? […] Building an elegant internal compliance process that feels smooth and seamless is gold. The same goes for customer-related compliance.
- You are using technology and data analysis to power your compliance function: GRC (Government, Risk and Compliance) systems, automation, artificial intelligence, language recognition. With them, organisations are reducing both the cost of compliance processes and the likelihood of expensive compliance failures. Here is an example: it’s brilliant how preventive health is putting high reliability into compliance.
- You build compliance processes following human-centered design principles, a creative approach to problem solving that starts with the customers you’re serving or designing for. Tax authorities, for instance, are quite good at applying them to make people pay taxes on time. With them, organisations can reduce the risk of inadvertent non-compliance and align staff with organisational goals. Overall, compliance functions in every organisation aren’t using that skill, our research has found. Human-centered design makes compliance easier, it motivates and encourages people to make particular choices. Designing your processes for both staff and customers using human-centered design can be really powerful.
- You make your compliance function predictive and preventive. The fifth principle, in fact, is the outcome of applying all the above principles: organisations will take a far more predictive, preventive, proactive mindset to compliance; they are looking ahead.They are using data to sense and to detect early changes in compliance patterns and put them in a space where they aren’t just looking back to the revision era but looking forward at the widescreen of compliance. As a result, they are able to get ahead of issues and respond to them really quickly. We think that outcome is really important.
With so many companies transforming and rationalising their compliance function, some for the first time, these principles are very timely.
Compliance and ROI
What about ROI? What to say to a chief compliance executive that would like to transform their organisation but struggles to get buy-in?
To Andrew, it’s really important that compliance officers talk about the outcomes and not the process, the customers and not the walls, how to save money and not how they need more money.
You have to look at what the return is that you can get from a particular action, and a great way to look at that is to actually look at your costs; how much cost we got. And then you have to think of those actions using the five principles […], that’s where I would start, and what you could do to get a return to customers, to the organisation’s culture, to the staff and, most importantly, growth. To me, in a trust-driven world, compliance sells. We just have to change the language, and in doing so, we change the mindset, and to do that, we need to bring some new skills around compliance to the table.
What we think
Compliance is neither a tick the box exercise nor a heart disease. Nowadays with the increasing level of complexity you just have to KEEP IT SIMPLE and streamline your compliance management system (CMS) in a smart and efficient way. An efficient CMS could be a tandem of compliance digitalisation and the existing policies and procedures and frees the compliance team to concentrate on more strategic initiatives.