Attaining 100% compliance is an enormous task and responsibility for any company. Non-compliance can manifest itself in unintentional or deliberate acts - with the latter being far more alarming.
The reality, is that it is impossible for you to eliminate non-compliance altogether, especially if an employee decides to commit acts deliberately. However, there are certain red flags that could signal non-compliant behaviour. If we know what those red flags for non-compliance are, we can be alert to prevent it from happening.
Here, we attempt to identify these red flags, look at why people might commit violations, and address the ways we can manage this people dimension of compliance.
Reasons for deliberate non-compliance
It’s not always easy to understand what motivates people to deliberately breach compliance. However, some examples include:
- Lack of pay rise, bonus, or promotion - individual feels aggrieved and wants to punish the company
- Pressure to meet targets - causes a person to fiddle the numbers or ‘bend’ the rules
- Greed - and a perception that they can get away with it
- Serious monetary concerns
- Acceptance of small theft as ‘no big deal’
Reasons for unintentional non-compliance
Some examples of why a person might commit a violation unintentionally include:
- Blissful ignorance of the rules
- Errors caused by lack of training
- Failure to report breaches due to lack of time or lethargy
- Failure to take action (“Compliance is a job for compliance”)
- Poor training
- An ambiguous or ineffective tone from the top leading to mixed messages
- Errors caused by overwork / understaffing
- Errors caused by a momentary lapse of care and diligence.
It could be that an employee isn’t aware they have committed a violation. They may have been targeted by external parties looking for ways to breach your compliance walls. Or, they may find themselves in an impossible position where they can’t get themselves out of trouble - like in the well-documented Barings Bank case.
Personal red flags for non-compliant individuals
There are some personal red flags that may indicate a higher risk of non-compliance. The presence of two or more of these red flags in the same person could indicate an even higher risk.
- Living beyond their means - their clothes, car, house, holidays are all financially out of reasonable reach compared with their salary
- Indebtedness - always asking for overtime, or looking for a second job
- Alcoholism - known or suspected to have become drink dependent, and their work has become careless
- Gambling - known or suspected to be gambling (in person or online), boasts of winning to colleagues, and shows intermittent signed of living beyond their means and indebtedness
- Never away - doesn’t take more than two or three consecutive days off, or continue to work remotely when on leave
- Weekend or evening word - always willing to stay late or work at weekends when no incentive to do so
- Overly protective of clients - never wants anyone else to speak or deal with certain clients, never allows anyone access to certain client files, becomes uncharacteristically angry if someone attempts to do so
- Lack training - never takes their compliance training or attend workshops (even when mandatory) and/or regularly fails training assessments
- A disgruntled employee - one overlooked for promotion (often consistently), no regular pay increases of bonuses.
Of course, just because someone appears to be flaunting their money a bit more, or appears to have a problem with alcohol, doesn't mean they must be up to something non-compliant. The majority of the time it will have nothing to do with compliance. However, it's important to be aware that these could be red flags for non-compliance.
Compliance vulnerabilities in job roles
In addition to the personal factors, there are certain roles more vulnerable to non-compliant acts. Job role vulnerabilities can heighten the risk of non-compliance by providing opportunities to employees who are motivated to carry out such acts deliberately, or those who may commit them unintentionally due to lack of care or understanding.
Some examples are:
- Account/Relationship Managers - may execute a client’s instructions without taking notice of the risk that they are laundering money
- Sales/Marketing/Procurement - could give or receive bribes in order to win business, secure or provide contracts
- Customer management staff - vulnerable staff could be bribed by a criminal to provide details of the firm’s customers
- Counter staff - could (deliberately or unintentionally) allow fraudulent withdrawals or transactions, deposits that are money laundering, or facilitate identity fraud and account take over, etc.
Managing the people side of compliance
Attaining 100% compliance is an enormous task for your company. It's impossible for you to eliminate non-compliance altogether, especially if an employee decides to commit such acts deliberately. But there are steps you can take to get close to your 100% goal, including:
- Do not ignore personal red flags
- Increase your scrutiny where an employee with personal red flags is working in a vulnerable job role
- Maintain adequate staffing levels
- Beware of departmental cliques where team member are overly close
- Communicate a clear and strong message of compliance that is endorsed by senior management and the Board
- Proactively identify, investigate and analyse the most minor acts of non-compliance, for example, an employee who repeatedly fails to complete compliance training.
Mitigating the risk of unintentional non-compliance by training staff and making sure they are aware of their responsibilities, is one step towards compliance that a firm can achieve.