The pressure for organisations of all sizes to comply with regulatory governance and compliance has grown and grown over the past 10 to 15 years. Compliance has always been important of course, and businesses have invested in compliance software and their own internal compliance teams to ensure that they remain compliant.
But since the financial crisis of 2008, there has been greater pressure for businesses to demonstrate that they are governed correctly and are conducting business in a way that is seen as correct and fair. More regulation has been introduced to make this happen, in Financial Services (FS) initially but then also in a range of other sectors.
This has resulted in compliance being perceived as more important than ever. Non-compliance could mean that an organisation must suspend trading, it could result in a massive fine or could cause enormous reputational damage, damage that many businesses could find hard to recover from.
Organisations in 2019 treat compliance much more seriously than they once did and are subsequently willing to invest in the right GRC tools and GRC software. But businesses can still fall foul of regulatory requirements. What are five of the most common reasons for non-compliance?
Lack of leadership
for an organisation to remain compliant, whether on industry-specific regulation or for wider regulation such as GDPR, then it is essential for the CEO and other board members to make it clear that compliance is a priority for their organisation.
Part of this is a resourcing issue, making sure that compliance teams are equipped with the right GRC software to do the job effectively and are partnered with the right GRC vendorsto ensure that they get the on-going support and guidance that’s required.
But it also means demonstrating to internal external stakeholders that the organisation is taking compliance with the seriousness that it warrants. If the board sound vague and uncommitted about compliance then that attitude will filter down to other employees. It will also create a perception with investors, shareholders, partners, customers and more, that compliance is not viewed as a priority.
Compliance is not aligned with organisational goals
whatever an organisation is trying to achieve with its compliance and broader GRC programme, then it stands to reason that it should be closely aligned with what it is aiming for as a business. Compliance is there to support business goals and can play a prominent role in how an organisation tells its story to the wider world.
Compliance relies to an extent on a company’s culture to support and foster the right attitudes – certainly without that, effective compliance can feel much harder. So organisations should incentive employees to live the values the company is aligned with, helping to connect the compliance function with the broader business.
There is no accountability in the business
any function or department in any business needs an owner, someone who will drive that programme forwards, take responsibility for its success and be held accountable should things not work out as intended. That is especially true for compliance and GRC functions.
The price of non-compliance has become much greater than ever before and although success depends on many factors – a smart compliance team, the right GRC tools, compliance prioritised by the organisation – it is important for someone to be accountable. Managers at every level of the compliance function must be accountable for their area or team, otherwise it sends a message that compliance is not considered to be that serious.
Compliance is seen merely as a box-ticking exercise
the nature of compliance has changed over the past few decades. It was once viewed a necessary but tedious task, something to get done but not to lose much sleep about as the consequences of non-compliance amounted to little more than a slap on the wrist.
Viewed in this way in 2019 can lead to problems with achieving compliance, but it needn’t do. Compliance has changed and can be much more than a defensive or reactive measure, showing genuine competitive difference for a company. GDPR is a good example – rather than doing just the bare minimum to be compliant, an organisation could go the extra mile and really emphasis the measures it has put in place. This would help position it as a company that truly cares about its customers and the data it holds on them.
When compliance is approached from an old-fashioned perspective
such a view of compliance might mean that analogue GRC tools are used to manage compliance requirements – Microsoft Excelis great for some tasks but not managing international compliance programmes. That view also refers to the outdated concept of compliance requirements having fixed beginning and end points.
Compliance is an on-going process and needs to be managed as such.That’s why Oxial’s sGRC solutions are proving so effective. It’s the right GRC software to match modern compliance requirements. It is digital and on-going, cost-effective andinnovative, ensuring that nothing gets missed and organisationsalways remain compliant.
For further information on how we help organisations all over the world remain compliant, look at some of our examples and case studies here.