Rory has no time for rules, especially the pointless ones that add a lot of work for no apparent benefit. When he encounters such rules, his first thought is to find a work-around. Andy doesn't mind rules - he'll follow them when he sees them. The problem is that he sometimes doesn't see them. Not that anyone minds - he's so brilliant at what he does that people are willing to overlook the little foibles. Well, no one is perfect but ...
George comes pretty close. He's the kind of guy who reads the manuals that come with gadgets, always remembers to turn the lights off and lock the doors behind him. Occasionally, issues do crop up for him too - never anything significant.
We help companies of all sizes and all sectors of the economy with compliance training. It's important for us to understand the impact that this training has on employees. For this, it is useful to consider three compliance personas along the lines of individuals in the examples above:
- The wilfully or deliberately non-compliant - are unlikely to respond to compliance awareness and training. They need to face extra scrutiny and tough sanctions for any violations.
- The accidentally non-compliant - are prone to be caught unawares, influenced by others, unclear about the rules etc. Compliance training needs to be geared for the needs of this persona.
- The habitually compliant -don't require a lot of training. A quick refresher or a message from top management is all they need to keep their natural instincts sharp.
Managing compliance personas
We need to know who is where on our own compliance spectrum. But how easy is it to spot the different compliance personas in your company? And are these personas fixed or do they change? For example, do people consistently comply in some areas but not in others?
Furthermore, do the habitually compliant always comply no matter what? Or is their behaviour subject to change, for example if under peer pressure or coerced by a wilfully non-compliant colleague?
We need to identify the factors that determine whether someone is compliant, accidentally compliant, or wilfully non-compliant. And then ascertain what, if anything, we can do about it.
- Some kind of pressure - this could be monetary problems such as debt, or it could be pressure from a colleague or manager
- An opportunity - if there is a clear course of action that minimises the risk of the crime being discovered
- An ability to rationalise the crime - if the person can justify the crime in a way that is acceptable to their own moral compass
For those who are blasé or nonchalant about compliance, we should foster a sense of ownership, community or CSR. Make it easier for them to comply, reduce the likelihood of errors, and reduce opportunities for fraud.
For those who are wilfully non-compliant we need to be tougher. We need to reduce the opportunities to make errors, and focus more on detection and increasing sanctions. The idea is to take action to move them to a less risky persona.
For our 'right first timers', we can be more lenient. Empower them to go further and let them serve as a champion or role model for others. Give praise and recognition and protect them from people who seek to undermine compliance or put pressure on them to act differently.
Defining the appropriate sanctions
It's worth reviewing the sanctions imposed on people with different personas to decide if they are appropriate. For the deliberately con-compliant, a hefty fine may be just the ticket to prevent future acts of wilful non-compliance.
But is it fair to give the same punishment to someone who has always been ‘right first time’ or even someone who has committed fraud accidentally? While it may make them more careful in future, it may just cause resentment and even push them towards the deliberately non-compliant persona in an act of rebellion.
Creating a culture of compliance starts with understanding the people in your organisation, knowing how to identify the red flags, and having appropriate and effective training materials to engage each type of compliance persona.