Cansu Eray (erayc@tcd.ie) is a Compliance Officer certified by ALCO (Association of Compliance Officers in Luxembourg) from Dublin, Ireland.
Compliance can become a strategic advantage if it can be turned into a culture within an organization. Even though the appearance of compliance is an easy way to provide short-term gains, establishing a compliance culture drives sustainable benefits that offer stronger assurance.
There are ample determinants of a good compliance culture, but four main components can be considered the foundation for establishing further applications par excellence: understanding the regulator’s expectations, building the three C’s, providing a personalized compliance experience, and effective risk assessment. As a complementary practice, looking for benchmarking opportunities can be a checkpoint for improving culture. Thus, recognizing a good compliance culture can be considered the recommended fifth component.
Understanding the regulator’s expectations
A good culture of compliance is able to see what is behind recent regulations, because designated employees follow the life cycle of regulations through interactive communication with regulators. Updating information by continuously screening regulation development provides up-to-date knowledge and a network in the legal sector. As long as the intention and reasoning of a regulation is known, the evaluation process leads to an effective application, thanks to an understanding of the expectations.
Building the three C’s
Compliance is built on three essential and continuous elements.[1]
Communication
A culture of compliance must be built through an interactive process, not added on via top-down rules. This is possible through clearly communicated policies and procedures that can be understood by everyone from regulators to employees to customers. Communication is the main vehicle to demonstrate compliance, because it ensures the organization pays attention to requirements and provides assurance to its stakeholders, including business partners, customers, and regulators.
Confirmation
Confirmation, on the other hand, includes monitoring, recording, and reporting any abnormality in the compliance process (e.g., exceeded thresholds on transactions, risks and vulnerabilities on control points). According to the results of a confirmation, the compliance process can be improved. Thus, the culture of compliance develops over time by analyzing the results of compliance processes.
Correction
As a result of communication and confirmation, correction comes to the scene. Here, weaknesses that were identified during confirmation are corrected. This helps develop the compliance culture by designing stronger control points via learn-by-doing practices.