Compliance is an integral part of any business, as it establishes standards and helps build a reputation for reliable service, while avoiding regulatory penalties and reducing liability.

Rather than merely distributing a set of rules for employees to follow, a company that works to build a corporate culture of compliance in which workers at every level of the organization understand the importance of following guidelines stands to benefit more from its policy-making.

"As organizations move from a mentality of erratic compliance validation to a culture of compliance, several benefits can be realized... such as better compliance planning, cost reductions from a decrease of introduced redundant solutions and overall hours dedicated to compliance. Finally, a culture of compliance will allow the organization to spend a larger amount of time and resources on business-critical functions," a compliance analysis from Bank of America asserts.

Developing a culture of compliance and introducing specialized compliance enforcement roles have been significant priorities among businesses for several years. A 2005 survey from Ernst & Young found that 82 percent of businesses have issued guiding principles for instilling a culture of compliance in their firms, while 75 percent have specified compliance accountabilities for their executives and 67 percent have created expectations for leadership behavior based on corporate values.

Establishing a culture of compliance first requires building a system of oversight, evaluation, reporting, training and identifying areas that require corrective action. According to a report from industrial compliance management firm IBS America, a successful compliance culture displays the following attributes:

• It is established and exemplified by senior management;
• The system is integrated in education and training activities;
• Compliance behavior is reinforced through incentive programs;
• Those who violate policies are held accountable;
• It is incorporated in the management and use of information systems; and
• It remains inseparable from company structure, processes and management style.

The report also says that a positive culture of compliance includes elements of enterprise risk management, identifying risks and establishing documented risk control points in each strategic area of the company. An important feature of controlling compliance risk involves collaboration with the specific people responsible for managing each compliance element.

According to Information Systems Security, cross-departmental compliance "requires commitment and cooperation among several areas of the organization including business owners, finance, IT, HR, senior management and the board. By combining regulatory compliance activities with business process improvement programs, organizations can maximize the return on their efforts."

Part of the challenge in implementing a robust compliance system may stem from staff reluctance to accept a more vigorous approach to enforcing regulations.

"A lot of managers have heard over and over again that productivity is paramount," Chris Bauer, a psychologist and ethics consultant, told Workforce Management (subscription required). "You can train them about wage and hour rules, but if they still think deep down that the bottom line supersedes everything else, your impact is going to be limited."

"If there's a lack of trust in the messenger, the implementation will suffer," Bauer added.

Hiring a corporate responsibility officer (CRO) to communicate and enforce compliance policies or expanding the duties of an existing CRO can help alleviate staff reluctance toward increased compliance measures.

According to CRO Magazine, a corporate responsibility officer must bring together various strategic functions within a company and "build consensus around a unifying theme, such as linking 'accountability' and 'responsibility' to business continuity and success. Once the overall goals are defined, the organization must develop a coherent strategy around these integrity goals."

In addition to cost savings and a stronger embrace of best practices, an integrated approach to compliance can also yield security benefits that reduce the risk of lost or stolen data.

"The value of user awareness and education in meeting regulatory compliance requirements is critical. After all, unless users are aware of corporate policies, they cannot be expected to follow them. Also, if users are not held accountable for their adherence to policies, they are unlikely to heed them. Any lack of adherence can, in turn, lead to a potentially costly data breach," Computer Technology Review explains.

With penalties for breaching external regulations and the need for maintaining internal policy standards to reduce company liability, compliance systems remain a necessity in the modern business landscape. But by establishing a culture of compliance, many of the difficulties involved in enforcing and monitoring policies can be reduced as employees become accustomed to holding themselves and their coworkers mutually accountable.

"You need to get frontline managers and workers to believe that we all have some power to change things, at whatever level we're at," according to Bauer. "That's how you accomplish change."

Earlier

Building (and Rebuilding) a Reputation

What's Your Corporate Culture?

Realistic Steps to Robust Compliance

Resources

A Culture of Compliance: Strategically Managing Compliance Efforts
by James Barrow
Bank of America, April 2008

Building a Culture of Compliance
by Charles H. Le Grand
IBS America, 2005

Creating a Culture of Compliance
by Suzanne Dickson
Information Systems Security

Establishing a Culture of Compliance
by Patrick J. Kiger
Workforce Management, Sept. 8, 2008

Culture of Compliance
by David Gelber
CRO Magazine, 2006

Corporate Regulatory Compliance Practices
Ernst & Young, November 2005

Building a Culture of Compliance
by Suzanne Dickson
Computer Technology Review, Nov. 26, 2007