How to implement a culture of compliance

Ideas 2Regulatory compliance is the raison-d’etre of your team. Ensuring that your firm avoids breaches and the penalties that accompany them is essential if you are to protect your reputation, brand and integrity.

While short-term and superficial exercises can have a temporary impact, if you really want to improve compliance, you need a more entrenched approach.

It’s essential to build a culture where compliance is an inbuilt part of your corporate DNA, rather than something bolted on as an afterthought or tick-box exercise.

Here we look at how to define a compliant culture, and identify the steps you need to put in place to implement one.

What is a compliant culture?

A compliant culture can be defined as an environment that enables and encourages compliant behaviour. And its importance shouldn’t be underestimated. An article by the International Compliance Association claims that ‘Compliance culture, especially in financial services, is a really important element that can impact on the wider cultural challenges that a firm could face’.

An essential building block, then, in creating a firm that meets its regulatory obligations, does the best by its customers, and stands a good chance of avoiding breaching the rules.

The costs of non-compliance

The financial penalties for regulatory breaches are all too clear; a Guardian article earlier this year reported that the regulator’s fines ‘ballooned’ to £320m in the last six months of reported figures.

The benefits of a good governance ethos are therefore evident.

But how can you achieve this?

Six steps towards a culture of compliance

Achieving this inbuilt ethical approach requires:

1. Awareness of what’s needed

Understanding what’s required of you is the first step. You cannot comply with regulations and expectations if you don’t fully understand them. Regulatory practitioners need to know deadlines, requirements and anything new coming down the regulatory pipeline.  

The FCA’s speeches and publications are a good source of insight into its priorities. Read our blog on the Authority’s views about what makes good conduct regulation, find out more about its priorities in its 2019 business plan and understand what we can learn from its complaints data. All of these will give you a good idea of its areas of focus. 

Suitability, for instance, is currently a priority for the FCA; in a previous blog, we suggested that ensuring suitability is dependent on having the right culture in place.

2. Top-level backing

An ethical ethos needs to come from the very top of your organisation. Increased accountability, particularly at the most senior levels, is an ongoing concern for the FCA; new rules like the SMCR, which comes into force for all FCA solo-regulated firms at the end of this year have put the onus on firms and individuals when it comes to governance.

Filtering this high-level commitment to the rest of the firm is also essential, with clear communications on what is expected. Transparency and clear messages around conduct are vital – whereas a lack of transparency is identified as one of the red flags that indicate a poor corporate culture

3. Education

Ongoing regulatory training ensures that everyone is fully up to speed with the latest requirements. Make sure your team is aware of their ever-growing responsibilities. Our whitepaper on The changing role of the Compliance Officer has more on this. 

And of course, compliance isn’t only down to the Compliance team. Our blog on why compliance should be everyone’s responsibility has more on the role your Marketing, Sales and other business teams play in ensuring a compliant ethos.

4. Harnessing effective technology

Earlier this month, the FCA admitted that it needs to adapt to keep pace with technological change. For firms, harnessing technology can be a huge help in building an ethos of good governance.

We looked in more detail recently at how technology can help Compliance teams, whether it’s technology to support training and education or automation that can help to mandate compliant approaches, there are ways to use technology for improved governance. Explore the ways you can use the tools available to help you reduce regulatory breaches.

5. Focusing incentives on the right behaviours

Make sure your approaches to pay and reward reflect the actions you want to see. This is something the FCA has returned to time and again in its speeches, like this one. And in a blog a couple of years ago, we looked at whether a reported decline in the trend for high bonuses was linked to the desire not to reward potentially unethical practices. 

Ensure your pay and incentives support the type of compliant culture you are looking to build.

6. Incident reporting and case management

Having clear processes for reporting any transgressions or errors is essential, as is a strong process for record-keeping. Honesty and transparency are key: being aware of breaches is the first step in addressing any shortfalls and mitigating risk.

Any systems you use should give you the MI you need to continuously improve. Identifying the causes of any regulatory slip-ups is vital to making sure they’re not repeated.

Follow these six steps, and you will be well on your way to creating a culture of compliance.

You can read more about the practical steps you need to take to achieve this in our whitepaper on How to embed a compliance culture into your business, which you can download for free here.

Nothing in this document should be treated as an authoritative statement of the law. Action should not be taken as a result of this document alone. We make no warranty and accept no responsibility for consequences arising from relying on this document.

New Call-to-action