The compliance risk of compliant behavior


by Joshua Axelrod

Compliant behavior can increase the risk of non-compliance, particularly in large companies, where information silos are prevalent, low employee turnover is the norm, and interdisciplinary thinking and action have not been fully integrated into the company culture.

The situation is a common one.  Employees work and develop experience in 1 or 2 functional areas and 1 or 2 departments of 1 company for many years.  They develop skill sets allowing them to specialize in, e.g., finance, marketing, or sales, etc.  Workers become very good at their particular specialties.  This division of labor allows the company to gain the greatest return on the time and money spent training employees and decreases the compliance risk which accompanies functional performance of tasks.  A culture is created incentivizing specialized competence and compliance.

But division of labor is inherently divisive and inconsistent with interdepartmental teamwork.  Often missing is a singular, integrated, holistic, company-wide approach to value-added performance that all workers can understand and implement, collectively and individually.  Also missing is a challenge to the status quo, i.e., an assessment, analysis, and remediation of the risk associated with the increasing disconnect between a constantly changing world and an increasingly insular workforce.

This status quo also conflicts with the currently prevalent, corporate cost-cutting, efficiency-based mantra of “do more with less.”  How do you create jacks of all trades from masters of one, particularly with downsized, but unreplenished, functional workforces?  The valued skill set now includes competence in holistic, cross-functional, facilitative management.   Company procedures need to be enhanced and, unless new employees are hired, legacy employees need to be retrained.  In turn, the likelihood of employees becoming overwhelmed increases.  Morale declines as employees lament that new responsibilities “are not our jobs.”  Employees continue to disavow problems if their particular functions are performed appropriately and do not take personal accountability for the downstream effects of their potentially compliant work.

In short, interdepartmental communication and teamwork decrease, creating substantial compliance risk.

With ineffective communication as the cause of so much compliance risk, addressing this issue appropriately is a potential game-changer.  So how do companies facilitate and incentivize communication among their departments and employees to achieve their new objectives and minimize and remedy the compliance risk of compliant behavior?

Companies need to customize their goals to their particular needs, of course, but generally speaking they need to ensure that all employees are working toward a singular goal.  Decision making by employees should prioritize success of the organization above all else, with that success necessarily involving an integrated consideration of business, legal, compliance, and reputational interests of the company.  To that end, companies need to carefully develop and implement a strategy that focuses resources and energy on the best interests of the company, not the individual, department, or function.

From a compliance standpoint, this strategy development involves a focus primarily on issues involving and activities capturing the greatest compliance risk.  This is the best use of time and increases the likelihood of your message being heard and heeded, your being considered credible, and others following your lead to incorporate business and compliance into a single mind-set for all of the decisions they make. Employees want to know that what you have to say is important and focuses them on their goal.

Additionally, communicate clearly with each of the groups performing particular functions to ensure that they are part owners of the larger process and problems identified within it.  Employees should make decisions knowing that they will be held accountable for them.  They should also anticipate how their particular work can be misconstrued, however innocently, by others at the company.  Information systems experts, attorneys, researchers, and accountants, for example, all process information differently but are all part of the process of providing one final product or service to customers.  Make sure that employees know that the Compliance Department is available to provide guidance while they remedy the risk but that it does so primarily in an auxiliary role.

Also ensure that workers know that there will be regular and ongoing monitoring and auditing of their process, and so the extent to which they successfully minimize compliance risk will be measured.  Subsequent monitoring and auditing activities can measure improvement in addressing the compliance risk through comparison with the results of the initial monitoring and auditing exercise.  Reward employees who look beyond their particular functional responsibilities and work to ensure an overall process that is effective and minimizes the risk of inadvertent noncompliance.