Compliance success relies on more than regulations, training and assessments. When and how you act as well as your leadership style create an impact just as much as any penalties.
Our 101 steps to compliance success...
It's a lot to read in one go, so we've split it into bite-sized chunks.
- Building your team
- Compliance leadership
- Compliance mentoring
- Compliance planning
- Continuous improvement
- Handling non-compliance
- Harnessing technology
- Improving employee awareness
- Investigating breaches
- Leveraging training
A. Building your team
Tip #1: Who will handle the media?
Appoint qualified media specialists or provide media training to any CEOs who will handle the fallout of compliance breaches. If the message is dismissive, the damage and reputational fallout can be immense. Don't follow in the footsteps of Tony Hayward at BP after the Deepwater Horizon oil spill.
Tip #2: Bring in specialists
Compliance doesn't exist in a vacuum. With increasing risks coming at the company from different places, Compliance also depends on the skills and technical expertise of others - IT specialists, media specialists, safety, legal experts, and more. You can't do it all on your own. Find internal and external personnel to bolster your team. Make a note of 'names' that appear in the press when other firms hit the headlines. You never know when you might need them.
Tip #3: Beware unquestioning obedience
Blind obedience, especially towards authority figures, is not always a good thing, as Milgram's experiment demonstrates. Whether it's a manager telling a report to accept a bribe "just this once" or a colleague saying "we always do it like this". It's better to empower people to challenge and think independently.
Tip #4: Build a solid team around you
Know what specialists are available internally to support you in your compliance role. Whether it's the MLRO, DPO, HR, Legal or Internal Audit functions. Who is on your side? Draw on their individual and collective expertise to create a joined-up strategy across your company.
Tip #5: Appoint dedicated risk owners
It's too late to learn about your compliance gaps after there has been a breach. Far better to be proactive. Try to make sure that all areas have some form of oversight, and are regularly audited. Appoint a dedicated risk owner for the compliance areas that matter most.
B. Compliance leadership
Tip #6: Nudge your way to success
Nudge theory encourages people to make the best decisions and do the right thing using positive reinforcement and gentle influence. Examples of 'nudges' include putting 'donate to charity' options on an ATM and things like presumed consent organ donation. Look at your top compliance risk and think about how you might 'nudge' your team back towards compliance.
Tip #7: Know the rules yourself
Before you even start trying to ensure others are compliant, you need to know all of the rules you have to follow. Many are specific to particular industries, geographies and roles. If you haven't got a compliance manager, you can ask your HR or legal professionals for advice.
Tip #8: Be open to questions
Don't run your compliance programme with slideshows or your Zoom/Teams meetings with participants on mute. Effective compliance requires collaboration - some 'give and take'. Make sure you provide an easily accessible point of contact for questions. Remember to be non-judgemental too - all questions are valid.
Tip #9: Use carrots as well as sticks
Rather than solely focusing on compliance and training failures, remember to also champion successes. Often those going the extra mile may feel unappreciated, so if someone prevents major breaches, let people know with praise and recognition. Another option is adding an element of competition into training including token rewards - like our T-shirts!
Tip #10: Keep up to date with current reality
Compliance can fail if there's a mismatch between the reality of the job (ie the need to be profitable) versus high ideals and expectations. All too often, compliance is perceived as the thing that stands between the company and profitability. Take bribery. Principled ethical behaviour is a world away from the everyday reality faced by Sales or Procurement - compliance doesn't understand or care about the actual challenges they may face. By working together, you can both find an amicable solution.
Tip #11: Get with the team
Compliance with laws and regulations requires you to hold the line but this can make you seem aloof or distant from the team. This can create an 'Us and Them' culture. To overcome this, make a point of hanging back after meetings and spend time in shared areas (eg the restaurant, breakout areas, kitchen or watercooler) so everyone gets used to seeing you around and can stop by for an informal chat. You'll be surprised how much you can pick up from those casual encounters.
Tip #12: Avoid 'them & us' culture
Avoid having a two-tier 'them & us' system of compliance, where the rules come from compliance or senior management and everyone else jumps. It creates division and resentment. Instead, bring the two sides together. Compliance should not be seen as a bolt-on extra. Integrate it fully into the entire organisation and then work together to create innovative solutions.
Tip #13: Top-level commitment
Leaders play a vital role in initiating, developing and implementing procedures. Often, they help to role-model values and appropriate behaviour, such as the Code of Conduct. Leaders can also support you and raise awareness by encouraging dialogue and sharing policies throughout the organisation, provide high-profile and critical decision making, liaise with external bodies, and provide oversight of breaches. Crucially, they set the example for others to follow. Don't underestimate how important this is.
Tip #14: Lead from the front
A pertinent message from the CEO upfront can make all the difference and demonstrate a real commitment to compliance initiatives. Whether it's a pre-recorded message, a preface in the company's annual report or a personal greeting by email or voicemail to new joiners. Show the team that management cares about this stuff. Remember, if it matters to you, it will matter to them.
Tip #15: Beware compliance on a shoestring
Don't try to do compliance on a shoestring or suffer in silence. If you need extra resources, speak out. Whether it's more hired help, more budget or anything else, make your case clearly to the board. This should be backed up with robust evidence and data explaining exactly what you need and what results you expect. The better the business case, the more chance there will be of having your request granted.
Tip #16: Use gentle persuasion
Aesop's Fable of the North Wind and the Sun tells of a challenge between the Wind and the Sun to be the first to make a traveller remove his coat. The moral of the story is that mild persuasion almost always works better than brute force. Be more Sun.
Tip #17: Make your role clear
How do you see the role of Compliance? Are you more law enforcement or trusted partner? Enabler or enforcer? How does that fit with how others see you? Be clear about what message you want to give to others. And check that this aligns with the view of senior managers.
Tip #18: Be a successful agent of change
Compliance is a force for good with the ability to transform the business and ensure its long-term future. Use your powers of persuasion and influence to drive forward change and create a more positive culture across the whole company. This is paramount after a major compliance breach, such as the emissions scandal at Volkswagen or the Wells Fargo scandal.
C. Compliance mentoring
Tip #19: Be careful in choosing compliance mentors
Whilst it may seem like a great idea to allow existing employees to get new hires up to speed on compliance in your company, it can backfire. Even experienced employees can have misconceptions and can end up reinforcing non-compliant behaviour with their own take on the rules and processes. So, choose your compliance mentors carefully, and be sure to train and assess them before deployment.
Tip #20: Know who is doing what
In heavily regulated sectors like financial services, there are lists of certified persons, meaning that employers know exactly who is doing what. In other industries, or even in certain job functions, it can be hard to keep track. With areas like GDPR compliance, be clear what levels of access people have to data to mitigate risk and tailor training. Or, in the case of bribery or modern slavery, who is buying goods and services. Clear role assignment makes it easier to track exposure.
Tip #21: Delegate work, but not your responsibilities
If you employ consultants on a contract basis or via some freelance website, remember that if they are on your payroll, they should be on your watch. You can delegate work, but you can't delegate your regulatory or legal responsibilities. You remain responsible for any personal data that you provide. And if the consultant or freelancer makes inappropriate payments, gifts or hospitality, or facilitates tax evasion while acting on your behalf, the law will hold you and your firm responsible.
Tip #22: Use good role models
Bandura's Social Learning Theory claims that people learn by observation and imitation. This is great news if all your team is onboard and habitually compliant, but a complete disaster if they're not. Surround your team, especially new hires, with exceptional and positive role models. Don't let bad habits go unchallenged or soon there will be anarchy.
Tip #23: Appoint compliance champions
Compliance is too big a task to be left to a single department or team. Champions or ethics ambassadors can help you share compliance messages and also provide an informal contact point for those who need advice. When combined with informal learning, this can be a powerful way of keeping compliance at the top of everyone's mind. What's more, by empowering champions to take ownership, there will be more people ready to protect the company's reputation.
Tip #24: Train managers to spot red flags
Sudden unexplained wealth. Living beyond means. Reluctance to take holidays or time off. An insistence that they, and they alone, deal with a particular supplier. All of these and more are warning signs of potential fraud or misconduct. Train managers to recognise these signs and insist that they have appropriate oversight of teams, especially those without direct supervision.
D. Compliance planning
Tip #25: Create a compliance roadmap
From a compliance perspective, where are you going and how will you get there? Have a dedicated compliance plan or roadmap for new recruits, with a separate one for more experienced workers. Consider what both groups need to know and can expect from you. Is it the same thing or something different?
Tip #26: Update policies & procedures
Policies and procedures set the foundations and parameters for compliance. Think about when you last revisited and updated your company policies and procedures. Do they still apply or accurately reflect work? Maybe your policies are too 'dry'. Unless you bring them to life, they may ultimately become redundant and meaningless. Check they are useable, relevant and reflect current practice, with clear links to business activities and risk areas.
Tip #27: Create clear reporting channels
Colleagues should be in no doubt where they need to go or what to do if they have concerns or witness wrongdoing at work. Reporting should be easy. They shouldn't have to wade through policies to track down the name of the right person. Valuable seconds can be lost and you run the risk of them changing their mind. Keep it simple and use easy emails - e.g. email@example.com or firstname.lastname@example.org. This ensures that tip-offs and messages still get through even if people leave.
Tip #28: Take a principles & risk-based approach
There are only so many rules that people can follow. Sooner or later your team will encounter something that just isn't covered by the rules. So it's vital that you move towards a principles-based and risk-based compliance system, instead of a rules-based one. Encourage your staff to do the right thing and to prioritise issues that carry greater risks.
Tip #29: Watch out for unintended consequences
Well-meaning compliance rules can sometimes have unintended consequences. Not convinced? Check out the Cobra Effect podcast where a bounty paid for every dead cobra in India backfired spectacularly and, instead of reducing the numbers, just resulted in more snakes being bred for money. What rules have you imposed that have led to undesirable or risky workarounds?
Tip #30: Road test your policies
Pilot and road test your policies before rollout to ensure they actually work as you are intending. Colleagues may do things very differently from what was intended, which can sometimes lead to a very different outcome. It's worth involving the team when creating policies as they have unique insight into what happens day to day.
Tip #31: Strengthen internal systems & controls
Alarm bells should be sounding well before the ship hits the iceberg. Whether you rely on manual or automated systems and controls, it's crucial that they are 'always on' and work well to safeguard your company. Conduct rigorous spot checks to test controls and make adjustments as required.
Tip #32: Take your time
Implementing compliance takes time. Investigations take time. Restoring corporate culture after a breach takes time. The question is, will you be given the time that you so desperately need? When the Board asks "How long?", build in a contingency. Then, do what you say you'll do, when you say you'll do it.
Tip #33: Manage expectations
The CEO, the Board, Internal Audit and other stakeholders may look to you for quick answers when things go wrong. You'll need to manage their (often unrealistic) expectations delicately. However tempting it may be to provide a shining light at the end of the gloomy tunnel, rein it back. Be realistic about what can be achieved and when. Tell it like it is. If you don't, you risk a loss of trust.
E. Continuous improvement
Tip #34: Evaluate compliance interventions
Always evaluate compliance interventions to ascertain their adequacy and effectiveness. Use the US Department of Justice's guidance to steer your review, to figure out what works well and what should be improved. Focus less on look and feel ('eye candy'), and more on changing behaviour and getting results. What does 'good' look like to you? If the best measure you have is that 90% of employees got through the training, no offence but you have some serious work to do.
Tip #35: Recognise the true cost of compliance training
Compliance training is costly, but it's not just the vendor cost of creating courses. There's a hefty time investment required of all participants who will need time away from the 'day job' to complete it. So it's even more important that you know that it works, that you evaluate results and the Return On Investment (ROI).
Tip #36: Use return on investment (ROI)
Gather quantitative data (timings, numbers, number of incidents or complaints pre- and post-training) as well as qualitative data (compliance surveys, feedback questionnaires, focus groups, etc) to evaluate compliance training, measure progress and gauge success. Transformation is possible but, "If you always do what you've always done, you'll always get what you've always got".
Tip #37: Move over ROI, hello ROX
Compliance is costly so you need to know that it works, right? More and more companies are evaluating training using metrics that also incorporate learner experience or Return On Experience (ROX). It's not just about money. They want to create a positive experience - a Netflix-like experience with a 'feelgood' effect - that can be shared with other people too. Grab your popcorn…
Tip #38: Get proactive, not reactive
Done badly, compliance can feel too reactive - more firefighting than fire prevention. You may be on the backfoot struggling to respond to different compliance risks, perhaps in different parts of the company. Get back in control. Try to pre-empt where the next threat will be and flood the problem with resources and manpower to avert disaster. A proactive approach can help restore calm.
Tip #39: Benchmark your progress
How do you compare to other firms in your sector? What are the current trends or regulatory demands facing the sector right now? How prepared are you for what's over the horizon? If the answer is 'Not at all', check out publications by regulators, consultancy firms, industry bodies and law firms to better prepare yourself and the company for incoming threats. Learn from what others are doing, the mistakes they make, and start identifying best practice.
Tip #40: Scan for incoming threats regularly
Regularly scan news articles, press releases and trade magazines for compliance news. Why? Because it's good to know what threats are lurking on the horizon as this can help you assess your own preparedness. Consider what lessons your organisation might learn from cases in the headlines or the findings of regulators. Plug any gaps before it's too late. Take extra care with innovation too. While innovation is a good thing, it can leave you exposed in unforeseen ways.
Tip #41: Seek continuous improvements
Compliance is dynamic with ever-changing risks and threats emerging all the time. It relies on small incremental changes, made little and often, rather than a gigantic leap. Regularly review the risk landscape, learn from others, benchmark your progress and make continuous improvements to shrink those compliance gaps.
Tip #42: Embrace 360 degree compliance
Compliance needs to touch every area of your business. It should be embedded in every process, every task and every decision. This ensures it becomes an everyday habit, that it is central to all the decisions you make and it is integrated into everything you do. Accept no less.
F. Handling non-compliance
Tip #43: Breaches can happen anywhere
Compliance problems don't go away when people work from home. Compliance breaches can occur beyond your home or office! When you are travelling between locations, there can be increased risks to data security and health and safety. And some breaches, such as harassment, can occur in online settings.
Tip #44: Assess the compliance personas of your team
People respond to rules and compliance in different ways. Think about the compliance personas of each person in your team. Who is habitually compliant, wilfully or accidentally non-compliant? All may need a slightly different response to get them to follow procedures or 'nudge' them back to compliance.
Tip #45: Handling the rebels (the wilfully non-compliant)
Think about the rebels, the sceptics and cynics who are wilfully non-compliant and who'd do anything to stay outside the rules. You know who they are. How significant a risk do they pose to your company? What's that - you have no time? Seriously, when one mistake could crash and burn the company's reputation? Plan specific top-up interventions to bring them back to compliance. Consider a face-to-face session, a mentor, etc to manage the risk. What will assuage your fears and restore a good night's sleep?
Tip #46: Don't fall into a whack-a-mole routine
Non-compliance begets more non-compliance. So it's important not to ignore minor policy incursions. Breaches don't occur in isolation. If one department is out of control, you can bet that it won't be the only one. Pretty soon you'll be playing the compliance equivalent of Whack-A-Mole where non-compliance in one area leads to other breaches popping up elsewhere too. Take a tough stand and hold the line.
Tip #47: Watch out for rebels without a cause
Despite your best efforts, all it takes is one rogue employee or “bad apple" to undermine everything. Someone with a wilful disregard for the rules - whether they choose to act for personal enrichment, the thrill, attention-seeking or kudos. They can expose you and the company to unprecedented compliance risks. Know your team, watch out for potential indicators of risky behaviour and be proactive.
Tip #48: Make people accountable
When people aren't held accountable for their shortcomings and mistakes, others experience a strong sense of injustice. These feelings of unfairness can sour teams, lead to more dishonesty and even sabotage the company. It's important to make people accountable for designated risks, functions and teams. Give them clear measurable goals and targets, as 'What gets measured gets done'. Accept no excuses - hold them to account if things go wrong.
Tip #49: Apply the broken window theory
Watch out for individuals who choose to do 'just enough' to be legal and take the rap when things go wrong. They see fines as an inevitable consequence of business but show brazen disregard of the rules, earnestly promising to do better next time after yet another scandal, but never quite getting there. Do not tolerate broken windows or graffiti in the neighbourhood if you want to clamp down on more serious crime.
Tip #50: Manage conflicts of interest
You can learn a lot from the company people keep. There can potentially be an increased exposure to compliance risks because of people's personal connections. More so, if the employee is in a procurement or recruitment role, or has access to confidential inside information. Make sure all your conflicts of interest disclosures are kept up to date and fully documented to provide an audit trail.
G. Harnessing technology
Tip #51: Use systems to avoid compliance gaps
In larger organisations, compliance activities may fall between the cracks of the HR and legal teams. And in larger organisations, everyone might find grumbling about others' expenses a source of entertainment, while equality and diversity take a back seat. By using RegTech systems you can implement a fair system that reduces compliance gaps but provides vital coverage of key areas.
Tip #52: Set limits & holds
If there's a designated threshold or limit on Gifts and Hospitality, be specific and tell people what it is. Provide reminders of the rules on wallet cards, posters and the intranet so people are familiar with them. RegTech systems can help you implement limits and thresholds above which individuals are alerted to seek guidance/permissions. If these are available on mobile phones, nobody can say that they didn't have them handy when a client called!
Tip #53: Leverage RegTech
Compliance can sometimes feel like you're forever keeping plates spinning. One slip and everything could come crashing down around you. Why not let RegTech ease the compliance burden? Whether it's transaction monitoring, AML risk screening, reporting or risk management, there's a solution for everyone. The stakes are high but, by doing compliance smarter, you will find it easier to cope with the challenges ahead.
Tip #54: Use technology to make it easy to comply
Honestly, how good are your policies and procedures? If they don't make sense or take too long to work through, well… you're stuffed. Compliance needs to be easy and accessible. Do your employees have a link to the Gifts and Hospitality Register when claiming an expense? Do they have all the information they need to help them make the right decision and ensure compliance (instead of non-compliance) is the easiest outcome? There is a better way.
Tip #55: Use any crisis to improve systems and controls
Compliance breaches don't necessarily spell the end for the company. Many firms come back stronger following misconduct or regulatory violations. Everyone suddenly 'gets' it. Regulators have even been known to praise organisations for their efforts in turning things around after a violation. So, look at it as an opportunity to fix gaps in your controls and to learn lessons. Use the crisis to implement more robust systems and controls, and to raise greater awareness of the importance of compliance to the firm's long-term success.
H. Improving employee awareness
Tip #56: Explain the why
People will buy into compliance better if you explain why it matters. Sometimes it may not be self-evident. For instance, money laundering may facilitate other criminal activities, such as drug dealing, whereas sanctions can pressurise a regime to cease human rights abuses. Motivate them by taking the time to explain.
Tip #57: Detail the consequences
Make sure that everyone knows what could happen to them personally, others and your business if they fail to follow the rules. In the case of health and safety, a breach could seriously injure them or their colleagues, put visitors at risk and almost certainly result in a fine for the company. Non-compliance carries serious risks. It's only after staring into the abyss that people may step back.
Tip #58: Keep people up to date
If new rules are introduced, help people learn them in an engaging way. That could be a refresher course, quiz or even an interactive game.
Tip #59: Communicate clearly
Make sure that the rules are clear and unambiguous. Remember, most of the time ignorance will not fly as a defence. Communicate in the way that will be most effective and your team feels most comfortable with, not in the way that suits the CEO, looks pretty or costs least.
Tip #60: Reinforce your message regularly
Memory deteriorates over time. Information is lost or becomes harder to recall, according to Ebbinghaus' forgetting curve. People gradually forget things that don't crop up every day. This is why you need to provide ongoing reminders via awareness posters (like they have on building sites), desk aids (make sure they are one page!), quizzes or refresher courses.
Tip #61: Motivation matters
Let's face it, compliance isn't the top of most people's priorities. Not even close. For most, it's something that gets in the way of turning a profit or stifles innovation. It means more hoops to jump through and makes life difficult. Your success as a compliance manager, therefore, lies in your ability to communicate, persuade and carry people with you. What can you do? How will you address negative perceptions? Think about how you will win them around. Tell them what's in it for them.
Tip #62: Keep it simple, stupid (KISS)
Short, clear messages get the compliance message over better than tons of pages of policies. Information overload only leads to confusion and inertia. Chunk information together, use mnemonics and attractive infographics with minimal text to get those core messages across. What key compliance slogans or messages might you use in your next compliance session?
Tip #63: Out of sight but not out of mind
Remote working has changed the compliance landscape. Arm's length supervision deprives colleagues of casual, informal chats at the water cooler and over coffee. That makes it harder to raise concerns casually or to ask for help. Keep in regular contact with colleagues and replicate in-person encounters virtually. Arrange a coffee break chat at the end or start of a Zoom call to catch up and maintain adequate oversight.
Tip #64: Three. Little. Words.
Take back control. Hands, face, space. Black Lives Matter. 2020 was the year of Three Little Words. Catchy? Certainly. Memorable? You bet. Actionable? Sure. Why not try it for yourself? What compliance messages can you get across in Three Little Words? Gift Limit £50. Detect, Respect, Protect. Values, Code, Act. Tweet us your suggestions. #Skillcast3littlewords
Tip #65: Find a better word for compliance
If 'compliance' is perceived negatively or has negative associations in your workplace, don't use the word. Find something different. Talk about ethics, values, behaviours, conduct, integrity… or something else. If it makes people listen, that's a result.
I. Investigating breaches
Tip #66: Treat all breaches equally
What happens when things go wrong and there's a breach? Ensure that anyone who breaks the rules is treated in the same way. There should be no exceptions or allowances made for senior managers, star performers, favourites, and no "just Dan being Dan" excuses. Either the rules matter or they don't. Anything else just undermines the compliance message and normalises misconduct. Rule-bending, lenience and concessions beget more non-compliance.
Tip #67: Use the 4Ts model to manage risks
The 4Ts of dealing with risks are Transfer, Tolerate, Treat and Terminate. Look at the compliance risks you face and highlight the best strategies for managing each one. For example, might you transfer the risk to someone else in your team - eg a supervisor or line manager, in the case of a non-compliant rebel, to ensure closer oversight? Introduce extra measures (treat) to reduce the likelihood of it occurring or minimise its impact? Or accept the risk (tolerate) and take no further action? Terminating (e.g. by withdrawing from a high-risk market) is also an option.
Tip #68: Use the cognitive interview
When interviewing witnesses to misconduct, tread carefully. As Loftus and Palmer famously demonstrated, eyewitness testimony is not as reliable as you might think. It's prone to distortion, especially when leading questions are used. Use the cognitive interview instead to improve recall with a range of retrieval techniques.
Tip #69: Use the Ishikawa (fishbone) model to analyse misconduct
When things go wrong (as they invariably do), whether you're battling misconduct or responding to some other compliance breach, it's important to get to the root cause of the problem. Indeed, it's the only way to prevent further breaches. The Ishikawa or fishbone diagram is a good way of analysing cause-and-effect relationships and can identify common causes which may lie behind multiple breaches.
Tip #70: Avoid the blame game after a breach
Tempers can become frayed following a compliance breach. But it's vital you remain professional and show respect at all times. It may be all too easy to blame people personally when things go wrong. But the failure may in fact be the fault of the company (eg an unclear policy). Avoid bias and blaming others too fast, as this may lead to a loss of trust, causing lasting long-term damage to working relationships.
Tip #71: Use retrieval techniques to aid recall
In a compliance investigation, it's crucial to get to the facts. But eyewitness recall isn't always reliable. Learn from the cops by applying cognitive interview techniques to improve retrieval: (i) Reinstate the environment and personal context - eg asking the witness to recall the day in question, via the senses (eg the weather, emotions, activities, etc) in the lead up to a breach or incident, (ii) Analyse the breach from different perspectives - eg the perpetrator, a manager, the client or colleague, (iii) Switch the remembering sequence to take account of the primary and recency effect - eg by asking the witness to recall the incident from the end to the beginning, and vice versa.
Tip #72: Conduct investigations fairly
Think about how you treat people, especially in an internal investigation. Yes, it's tricky but you need to leave your emotions outside the room. Focus on the facts, remain calm and above all, be fair. Stereotypes and bias are not only wrong but can also be illegal - crucially, they can also stop you from seeing the truth. And remember, a blame culture can actually inhibit disclosure.
Tip #73: Don't take sides in investigations
In an internal investigation, always avoid taking sides - whether it's between two colleagues, a manager and a subordinate, or two or more departments. The role of Compliance is to be neutral and independent. Rise above the fray. Revelations of misconduct or wrongdoing will only be made in future if there is psychological safety.
J. Leveraging training
Tip #74: Tailor your training to the role
In other words, identify who needs to comply with what. Overburdening your staff with unnecessary information and training is not only costly but ineffective. By tailoring your training to each person or personalising it for specific roles, not only will you reduce the time involved, but also improve your ability to see who will benefit from extra guidance or observation.
Tip #75: Use training to motivate and inspire
Think about how you train your team on company policies. Do you throw all the policies at them hoping some of it will stick? It shouldn't be an information dump. Compliance doesn't work like that. Rather, your aim is to enlighten, motivate and inspire them to more ethical behaviour. How will you delight and empower your team today?
Tip #76: Practice makes perfect
When faced with a challenging situation, people can panic or 'lose their head'. They don't deliberately intend to get it wrong but a tense situation can push them into making a bad decision. That's risky. To counter this, the right choice needs to be instinctive, natural and polished. That's what happens in a fire evacuation. Practice drills help to produce an automated, conditioned response. Practice makes perfect. Use roleplays to allow your team to practise good and bad responses to a proffered bribe, harassment or other high-stakes situations in a safe environment.
Tip #77: Embrace discovery learning
From perception to memory, language acquisition to fine motor skills. There's a steep learning curve in the early years, but we all get through it remarkably well. Yet, there's no formal learning. Children learn through play and discovery, according to psychologist Jean Piaget. A combination of exploration, practice and experimentation. How might you encourage informal learning and when it is most appropriate (eg sharing best practice and corporate wisdom)? Put learners in control and you'll see an uptick in ownership and motivation.
Tip #78: Use 'just in time' compliance
Provide compliance messages 'just in time'. Just when people need them. For example, provide a reminder of bribery risks before a supplier meeting. Or how about a timely cribsheet on the cross-border rules whenever they book a business trip? Short reminders of the rules delivered at the point of need keep messages 'top of mind' and can really boost compliance. Those messages are much more meaningful when they are delivered at the right time.
Tip #79: Build training for the audience
Whom are your compliance messages aimed at? Who's the target audience? What role do they perform? How old or tech-savvy are they? Brands have long targeted consumers based on market segmentation - targeting consumers based on their demographics, priorities, interests, location, and more. The compliance messages required for a new recruit may be different to those for an experienced worker. Segment the audience to ensure your message resonates and is credible.
Tip #80: Localise your training
Compliance messages can be nuanced - with subtle but important variations between different jurisdictions operating to sometimes very different laws. Tailor and personalise the training for your employees so they know what applies to their job role and location. Translate the content into local languages - you simply can't afford for compliance to get lost in translation.
Tip #81: Be authentic & credible
Compliance training works best if it is authentic and credible. If it speaks to the learner personally and directly, instead of being a bland generalisation. Translate the content, make it about them, add context about their job, about their jurisdiction and their laws. Include real-world examples that are relevant to them and resonate. What common myths or misconceptions can you bust?
Tip #82: Try the storytelling approach
Storytelling is a powerful way of bringing content to life. Stories command our attention and are immersive. People internalise the lessons and identify with the characters - often filling in the gaps with their own imagination making them more real and even more powerful. These stories work best if they relate to learners, their company, their job or their sector. And of course, they also help you share vital company knowledge before people leave the business forever.
Tip #83: Drip feed, don't dump
Avoid content dumps. Information can be overwhelming and impossible to process when everything is delivered in one go. Yes, we know you have a lot to include. And yes, there are a lot of policies. But it's far better to drip feed the content, with spaced repetition. This improves recall and retention ensuring learners only focus on what's really important. Cut the clutter. Less really is more.
Tip #84: Personalise the training to the role
Compliance can look very different even to people working in the same company. For example, in pharmaceuticals, those working in manufacturing will need clear messages on safety and quality, whereas in sales it is bribery and corruption, gift-giving and competition awareness that will be paramount. Map compliance risks across the company so you have it all covered and give the right information to the right people.
Tip #85: Be persuasive selling the message of compliance
Success in compliance hinges as much on your people skills, specifically your abilities as a salesperson, as it does on your technical know-how. Look at how you currently sell compliance messages to your team. Are you winning them over? Do you pique interest, generate intrigue and excitement in your compliance initiatives and schmooze to win people around? Perhaps your ability to sell the idea is what's holding you back. Step up your efforts to get their buy-in and take them with you. Aggression doesn't help to solve issues.
Tip #86: Open questions = open mind
When interviewing witnesses or whistle-blowers, keep an open mind. Making assumptions or reaching conclusions too soon can make you blinkered and stop you from seeing the true scale of a problem. Use plenty of open questions, "What is the problem?", "Is there anything else I need to know?", as well as utterances "Uh-huh…", "I see…" and "Go on…" so the story unfolds naturally and you don't interrupt the flow.
Tip #87: Grow your professional network
Let's face it, compliance sometimes feels like a thankless task. The independence that is so necessary to do the job can sometimes make it feel like you're on your own. It doesn't have to be this way. Reach out to your peers and contemporaries working in compliance around the world. Seek out trade bodies, virtual events and hang-outs to share ideas, best practice and grow as a professional.
Tip #88: Be someone that your colleagues can always trust
Trust is at the centre of any strong ethics and compliance programme. Without it, colleagues and leaders alike will struggle to share difficult information or confide in you about concerns or wrongdoing in their business area. Use Charles Green's Trust Equation to build trust within teams, improve relationships and encourage them to open up if they witness misconduct.
Tip #89: Don't get cynical
In any company, there will always be those who undervalue compliance, who are cynical or sceptical of the benefits. You know it, right? Seek out your enemies and win them around. As the saying goes, keep your friends close and your enemies closer.
Tip #90: Develop your personal brand
Hold a brainstorming session with your colleagues. How does the rest of the company see you? Are you a police officer, company auditor, imposter, blocker, confidante or a trusted partner? Try the same game across the company. There can be cynicism or scepticism towards Compliance, who are generally seen as 'square' or 'uptight'. So, reinvent yourself - go for a rebrand or makeover. Improve your image and challenge perceptions.
Tip #91: Be creative & innovative
If it's not working, try something different. Don't try to fix the 'same old' problems with the 'same old' solutions. New risks and challenges may be better managed by doing things differently. Keep informed and look for creative and innovative solutions instead. Find out what others are doing in your sector and where you can do better.
Tip #92: Be someone who makes a difference
Compliance is unlike any other job. You can be enforcer, enabler, defender and saviour - all in the same week. There's considerable potential to inspire, lead, motivate and make a real difference personally and to your company's success. Look at the bigger picture. Figure out where you are going and create a plan to get you there.
Tip #93: Be brave in breaking bad news
Let's face it, as a compliance officer, sometimes you'll be the bearer of bad news and have to tell people what they don't want to hear. That requires exceptional people skills, tact and diplomacy. At times like this, a direct approach will often be best. Make the language too gentle or coaxing, and there's a danger that underlying messages will be lost or lose impact. Focus on the facts and show empathy, but keep your emotions in check.
Tip #94: Prioritise your own personal development
Training is at the heart of every effective ethics and compliance programme. But when did you last participate in training? Grow your professional network, find a mentor and prioritise your own personal development. Reach out to recognised compliance thought leaders on social media and at industry events. Training matters to you too.
Tip #95: Stay open-minded & keep learning!
It's easy to feel that you've learned all you need to know. As we all get more experienced, things become familiar, predictable and you start to feel there is nothing new out there. But it's worth keeping up with the newest developments. There are two simple ways to keep up with those on the cutting edge of any profession, those winning awards, and those who are social media influencers. It's got to be a more productive use for Twitter?
Tip #96: Help people feel safe about reporting breaches
Nobody feels comfortable snitching on their colleagues. However, whistleblowing can literally be a life-saver, for instance when someone reports safety breaches or malpractice. That's why you need a secure, anonymous and ideally independent way for people to speak out or blow the whistle.
Tip #97: Overcome the bystander effect
How do people respond if they witness wrongdoing? Do they ignore it or look the other way (like passive bystanders), or speak out and get involved? How bystanders respond may depend on the number of witnesses, as well as the level of authority. The more witnesses there are, the louder the silence. And who is brave enough to challenge the actions or orders of an errant manager? To overcome the bystander effect, ensure everyone is clear of the rules and empower them to speak out.
Tip #98: Protect victims & whistleblowers
Are your colleagues free to be themselves and to speak their mind, without fear of retaliation or blame? Are voices of dissent encouraged or stifled? Do colleagues feel comfortable admitting mistakes or keep quiet for fear of being blamed or branded 'disruptive' or 'trouble'? To create a climate of psychological safety, work on trust and respect, and actively prevent victimisation.
Tip #99: Know when to call in law enforcement
Be clear about your powers and the limits of your authority. If a criminal offence has been committed, then the matter has gone well beyond the remit of compliance. It's time to get law enforcement involved. Don't brazen it out or put your head in the sand. Look at the evidence and objectively decide whether you have reached the point of no return.
Tip #100: Publicise your whistleblowing helpline
Let people know how to raise concerns. Publicise your Whistleblowing helpline as much as you can. Put the contact info in places where people would expect to see it (in policies and on posters) and also in places where they don't (e.g. a restroom, a wallet card, ID badge or lanyard). Create pins or badges so there's a visible reminder showing people how important it is.
Tip #101: Review your speak-up culture
Use metrics to establish how effective whistleblowing channels are. Are they well-used or not at all? Remember that no reports does not mean no problems. Quite the opposite. Look at what happens when reports are received. Are people trusted? Are their reports followed up? Or, are they blamed, ignored or silenced as at Danske? People may not come forward if they have a lot to lose.
Looking for more compliance insights?
If you'd like to stay up to date with best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news subscribe to Skillcast Compliance Bulletin.
You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.
Last but not least, we have 60+ free compliance training aids, including assessments, best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!
If you've any questions or concerns about compliance or e-learning, please get in touch.
We are happy to help!