Learn Amp Blog

Why compliance increases risk

Written by Duncan Cheatle - Founder and CEO, Learn Amp | Jun 15, 2021 9:15:00 AM

In theory, building a more compliant business should reduce your exposure to risk. Unfortunately, if not managed carefully, creating more stringent compliance policies can create a false sense of security and reduce your employees’ sense of personal responsibility, thus actually increasing your potential risk exposure.

 

Compliance complications

Clearly, corporate compliance is important. Without compliance, we would have many more Enrons, more Barings Banks, more Lehman Brothers. Compliance ensures that companies put policies in place to protect their customers, stakeholders, employees and societies from being put at risk, defrauded, or exploited.

However, while compliance policies are good, too much of a focus on compliance can be a problem. The Financial Times worries that, in the fall-out of the Enron scandal, companies run the risk of building a “compliance culture, not an ethical culture.[i]” By introducing compliance as a check-box exercise rather than a moral issue, companies may reduce their employees’ sense of individual accountability and ownership. Ethics become something that other people have to worry about, a tedious bureaucratic necessity, not a cultural norm.

Too much of an emphasis on compliance can also create a false sense of security. Ensuring compliance is not the same as managing risk. Compliance simply means adherence to established regulations and guidelines – risk is a far broader term, comprising all factors that can jeopardise the stability or viability of the business.

If employees grow too used to following a set of compliance guidelines, they may come to assume that if their action meets compliance criteria, there is no risk at all associated with it. Compliance policies are helpful, but they shouldn’t substitute a comprehensive risk management strategy.

Instead of simply piling on the compliance policies, here’s how to manage risk more effectively:

 

Build a risk-aware and ethical culture

  • Rather than encouraging employees to focus on compliance, foster a culture in which ethical behaviour is a must and risk awareness is rewarded. 
  • Stress the importance of compliance and risk awareness within the bigger picture. Ensure that employees consider the impact of their decisions and actions on the long-term stability and prosperity of the business. 
  • Model ethical behaviour from the top down. Global consultancy firm McKinsey is famous for its strong track record of compliance. Former leader Marvin Bower believed it was the job of a leader to set common values to help the organisation grow. His emphasis on ethical behaviour was drilled into the culture at every level; even the most prized employees were subject to a strict moral code and summarily fired if they violated the company’s values[ii].
  • Similarly, look carefully at the behaviour you’re recognising and rewarding. If employees see that risky practices are rewarded - such as the star salesperson who sails close to the wind to close the deal - they are more likely to follow suit. Instead, include risk awareness as a success criterium in your performance reviews, and show public approval for thoughtful and risk-sensitive decision-making.

  • Create your company compliance policies in collaboration with your employees, rather than setting them from the top down. You’ll be more likely to create guidelines that employees will find useful in real-world situations.

  • Provide decision frameworks, not just guidelines or checklists. Decision frameworks help employees understand how they should approach decision-making in an ethical and risk sensitive way, and so will be more useful when unexpected situations arise or a snap decision is required.

 

Rethink how you handle compliance training

  • Stop calling it “compliance training”. The name suggests that compliance is an end in itself, rather than the means by which the business protects itself from risk. Better names might be “Understanding business risk” or “Protecting confidential data.”
  • Risk management training may be mandatory, but it doesn’t have to be tedious. To make it more enjoyable and relevant to employees, use a next gen learning platform which offers a consumer-grade learning experience, an engaging interface, and more inspiring content. 
  • Save time by switching to a digital platform - companies handling compliance digitally spend 10 fewer hours per on compliance tasks than those still working manually.

  • Make it impossible for employees to forget mandatory compliance training or refresher courses by automating the process. Assign learning tasks to users, then set them to reoccur automatically at specific intervals to make sure your employees stay up to date on compliance best practices. 
  • Digital reporting functions will help you spot any individuals or teams consistently missing their compliance training, so you can step in to address the problem.

 

To find out how Learn Amp could help your business save time and improve how you handle mandatory compliance training, click here to schedule a demo.

 

 

References:

 

[i] https://www.ft.com/content/9c8374e0-3131-11db-b953-0000779e2340

[ii] ibid