The regulatory environment is constantly evolving, and firms may have to manage numerous reporting obligations across several jurisdictions. This means that firms must now stay ahead of the competition by taking a proactive approach to compliance and a holistic view of operational resilience. Building a culture of compliance relies heavily on the tone from the top, and change must be supported by senior management and implemented throughout all departments.
Why is a Culture of Compliance Important?
As regulators increasingly focus on the accuracy and integrity of data, the responsibility of compliance can no longer be centralised in one siloed risk management function. Instead, firms must build a culture where each department has individual tasks but a shared responsibility for compliance. Prevention is now more important than remediation when it comes to errors, and regulators will be keenly observing how firms adapt to these changes. To avoid penalties and maintain good relationships with regulators, firms should implement proactive measures to identify and resolve errors. The largest percentage of financial penalties for non-compliance are for reporting errors. This highlights the importance of building systems and processes that avoid these errors as much as possible. Firms that adopt a firm-wide culture of compliance will be able to avoid the potential reputational and financial damage that can come from poor reporting standards.
How can the Boardroom Impact Front Line Compliance?
The tone from the top is critically important for fostering a culture of compliance, and the boardroom can have a significant positive impact on the front line. Senior management and the board of directors should demonstrate a commitment to transparency and accountability that includes internal audit functions and robust risk management frameworks. The UK’s Senior Managers and Certification Regime (SM&CR) outlines key responsibilities for senior management and emphasises the importance of assigning direct accountability. The role of Non-Executive Directors is also encouraged and can enhance the culture of compliance by taking “reasonable steps” to demonstrate active oversight of compliance matters. NEDs should be used strategically to challenge unhealthy practices and ensure due diligence at the board level. Increased transparency and a culture of accountability will spread throughout all levels of the organisation and demonstrate a joint commitment to compliance across all workstreams.
Key Steps for Firms to Build a Culture of Compliance
Building an effective culture of compliance involves the following key steps:
- Link culture to compliance: Firms that align their corporate culture to proactive compliance will demonstrate integrity and transparency, as well as embedded accountability for meeting reporting obligations.
- Training: Training should be considered as an ongoing process and include more qualitative measures instead of being a one-off, role-specific training event for new starters or promoted posts.
- Compliance should become an integral part of the learning process, and staff should understand their roles and responsibilities in relation to risk management and operational resilience.
- Accountability: Clear lines of accountability should be established and integrated into the firm’s systems and processes. Compliance requirements should be linked to individual performance reviews, and senior management should demonstrate that regulatory responsibilities are a core part of every role.
- Tone from the top: Senior management and the board of directors must communicate the importance of compliance and demonstrate their commitment to a culture of compliance through their actions, decision-making and prioritisation of resources.
- Comprehensive mapping of responsibilities: Firms should map all current and future responsibilities for compliance and risk management, assigning clear oversight for each one to a specific individual.
- RegTech for intelligent automation: Effective implementation of RegTech can automate compliance tasks such as data validation and transaction reporting. Firms can also utilise advanced analytics and AI to predict potential reporting errors and adjust accordingly prior to submission.
- Robust but agile reporting frameworks: Reporting frameworks must be robust enough to ensure data accuracy, but agile enough to manage reporting across different global regimes. This is particularly important for managing multi-jurisdictional interpretation variances amid evolving regulatory requirements.
The overall message for firms is that responsibility for compliance no longer sits within a siloed risk management function but is instead the responsibility of the entire organisation. Firms that lead with a strong tone from the top and demonstrate that they have embedded compliance into all operations will be best placed to stay ahead of evolving regulatory requirements. Taking a proactive approach to aligning strategic objectives with compliance obligations will help firms to mitigate and manage regulatory risk while ensuring long-term operational resilience. A strong tone from the top builds a resilient compliance culture.
Contact Novatus Global to embed a culture of compliance across your organisation and strengthen operational resilience.
