A pragmatic approach to employee compliance: shifting from reactive to proactive

Covid-19 has permanently changed the way that compliance functions operate with organisations; hybrid working policies are becoming more prevalent, the volume of regulatory change is increasing, and the demand from boards to drive measurable cultures of unified compliance programs is mounting.

Compliance officers are now expected to take a more pragmatic view in their approach to how they monitor and assess regulatory and reputational risks, whilst also carefully balancing primary board requirements without hampering key commercial goals.

New questions are being raised in response to how compliance is enforced in a post-Covid environment too: can compliance be made more ‘attractive’ and engaging for employees? Does the current model of oversight satisfy the increasing regulatory and employee-based risks posed by Covid-19 and hybrid working? How does the function become less siloed and integrate itself as part of C-suite change programs alongside HR, Learning & Development and Operations? Ultimately, can compliance affect genuine change – especially when budgets have been cut or are not expected to significantly increase as a direct result of the pandemic?

One compliance coordinator summed the pandemic budget cuts up fittingly. When asked by a recent Thomson Reuters survey what the greatest compliance challenge they expected to face in 2021 was, they stated: “Rolling out a champagne and caviar…compliance program on a bread and water budget.”[1]

The Thomson Reuters Cost of Compliance 2021 report, which surveyed 720 financial compliance professionals worldwide, also found that 36% of respondents expected budgets to remain the same, with 42% predicting a slight increase. Yet, ironically, most boards also noted they expected to see increased regulatory scrutiny in 2021.[2]

So, if compliance is required to support wider cultural and operational changes without the necessary financial investment to overcome the barrier of change, where do they pragmatically start?

Proactive compliance teams are recognising the opportunities for change though a focus on developing employee capability, with a clear understanding of how the day-to-day application of compliance is helping to strengthen the three lines of defence model.

Historically, in its most generalised definition, the compliance function has long been viewed as a ‘policing’ role; a function to develop adequate controls to provide assurances from which the business could proceed with their activities. Now, on route to a post-pandemic world, compliance is evolving; becoming more holistic and asking progressive questions that challenge the status quo of their organisations.

In a recent February poll conducted by Artificial Intelligence provider – Elephants Don’t Forget – 250 financial Risk and Compliance professionals were surveyed on their approach to employee Training and Competence (T&C) assurance activities within their firms.[3]

Surprisingly, 66% of respondents stated that they were ‘not confident at all’, ‘slightly confident’ or only ‘somewhat confident’ that their Senior Managers could demonstrate a consistent approach and application to employee T&C, ranking ‘attaining’, ‘maintaining,’ and ‘evidencing’ employee competency as the top three primary concerns in 2021.

Adrian Harvey, CEO of Elephants Don’t Forget, assessed the findings:

“The sentiment from the poll illustrates the need for C-suite departments to align on developing proactive approaches to improving awareness and in-role application of employee compliance.

If you look at leading brands throughout the world in most industries, they all share one commonality when it comes to compliance as a function to drive effective cultural change: alignment of business strategy is inherently linked to their employees’ individual capability and continual development of in-role knowledge of critical subject matter.

Most proactive departments are now also seeing the benefits of adopting real-time assurance activities that proactively show (and automatically) repair employee-based knowledge risks related to compliance.

The challenges associated with compliance have long been centred around heightening awareness and increasing employee engagement with subject material that employees often codify as boring.

It has also been historically and fundamentally difficult to attribute improved business performance to most ‘default’ compliance assurance activities. Now, with budgets being cut and, paradoxically, more being expected of the compliance function due to Covid-19, it is critical that they develop more of a prominent internal position to gain and maintain stakeholder buy-in.  And that means exploring new ways of bringing value to their organisations.

‘Default’ activities often mean that compliance teams are reporting on functions which have little impact on proactively assessing employee-based risk or in-role understanding of governance application in real-time, which may explain why attaining, maintaining, and evidencing competency is still an issue within many organisations. So, whilst the board may take some comfort in the fact the 99% of their employee base has completed some form of compliance training, what really matters is evidencing genuine competence and productivity as a result.

Most of the ‘default’ activities deployed can also be defined as reactive ‘after-the-fact’ assessments too: analysis of breaches, whistle-blower reports, audit inspections, compliance engagement surveys etc. Whilst these form part of the Quality Assurance program, the extent and effectiveness to which proactive compliance monitoring can be objectively assessed is dependent on the availability and maturity of evidence.

Quite simply: It is not robust enough to say what employees should be doing and feel confident in the fact that you have conducted some form of compliance training. You need the ability to follow up and assess if your employees have understood it, are retaining it, and can apply it.”

To conclude, aligning compliance with employee capability can be seen as a pragmatic way for compliance professionals to drive development and improvement in fundamental areas in 2021. It will support the desire to embed a culture of compliance in a meaningful and measurable way, whilst also enhancing the capability of employees and provide more robust risk-assurance metrics that allow for greater proactive intervention.

The view of compliance is becoming re-framed then, and if improving culture is the primary goal within most regulated firms in 2021, more pragmatic compliance professionals are now recognising the importance of focusing on the in-role capability of their people to achieve it.


[1] Thomson Reuters, ‘Cost of Compliance 2021, shaping the Future’, available here: https://www.thomsonreuters.com/en-us/posts/corporates/cost-of-compliance-2021/

[2] Thomson Reuters, ‘Cost of Compliance 2021, shaping the Future’, available here: https://www.thomsonreuters.com/en-us/posts/corporates/cost-of-compliance-2021/

[3] Elephants Don’t Forget, ‘Employees First, Customers Second: Turning your approach to Training and Competence upside down in 2021’, available here: https://vimeo.com/516687347

Author: Editorial Team

Share This Post On