An irreverent Wall Street Blog
Compliance Is A Sentence, Not A Word
August 26, 2016
Compliance Is a Sentence, Not a
Word
For many the word "compliance" represents the practice of
following rules. These rules are generated externally and come as edicts from a
monolithic regulatory body. As a result, the relationship between the regulator
and the complying organization is seen as adversarial; someone is telling you
what to do.What happens when we change our
perspective on this relationship? The digitized world of the 21st
century has given rise to more threats. View the overseeing regulatory body as
an ally. The nature of the relationship will change. It is no longer one of an
onerous master, but rather one of a trusted advisor.Compliance becomes a proactive
approach to risk when we embrace this paradigm shift. However, the fact
remains: compliance is expensive. The required resources needed are ample when
committing to a holistic approach to risk management. This truth is evident in
a 2015 Reuters survey.
600 compliance practitioners provided responses illustrating mounting costs and
fatigue. The data reveals that "69 percent of respondents expect the cost
of senior compliance professionals to increase in 2015." These costs are not
just financial but operational as well. Compliance requires time. Again, the
study confirms, "Regulatory matters are consuming disproportionate amounts
of board time, from correcting non-compliance and preventing further sanctions
to implementing structural changes to meet new rules." Risk management has
become its own business.While the goal of mitigating
risk is paramount to the success of a business, we need ways to make it
affordable. There are four principles to achieving this
affordability.Consider Compliance a
Front-Loaded Cost Commit to compliance now and
reap the benefits later. This is the essence of a front-loaded cost. When these
costs are met upfront, they diminish the far greater future costs emanating
from failures later. The statistics reported in The True Cost of
Compliance, a report published by Ponemon
Institute revealing a sobering truth; the cost on non-compliance
eclipses that of compliance. The findings show, "[W]hile the average cost of
compliance for the organizations in our study is $3.5 million, the cost of
non-compliance is much greater. The average cost of non-compliance related
problems is nearly $9.4 million." These results come from their review of 46
multinational organizations.Manage this with proper
budgeting. When compliance is considered at the beginning of the process, there
will be less resistance to shouldering the costs. Confronting the true cost
will likely necessitate finding ways to cut costs in other areas. This is prioritizing.
Make compliance one of your first budgeted figures. Arrive at the necessary
bottom line figure by executing cuts elsewhere. Leaving this critical component
of business to the end of the process will only result in dangerous
constraints.Leverage Security Capabilities
to Manage Compliance CostsConscientious behavior carries
no cost. This is the concept of employing best practices in security to arrive
at a lower compliance cost. This doesn't necessarily mean spending more.
Instead, this means behaving differently and approaching daily procedures with
greater conscientiousness. Improve security within your corporation and the
cost of a disaster falls.Consider putting pen to paper
and building a checklist. Standard operating procedures work when followed with
routine. Why keep these steps tangible in written form? It prevents the
inevitable drift from consistency. This alone is a risk. Author and surgeon Atul
Gawande encapsulated this idea perfectly in his 2009 publication: The
Checklist Manifesto. He writes "[W]e are not built for discipline.
We are built for novelty and excitement, not for careful attention to detail.
Discipline is something we have to work at." Remain cognizant of this truth.
Build a system of workflow that is designed to achieve consistency in best
practices.Abiding by a reasonable list of
security protocols doesn't increase costs. This is also reflected in the
Ponemon Institute findings. They explain, "We determined that the SES [Security Effectiveness Score] is unrelated to compliance costs." Decide what constitutes
as best practice in mitigating risk. Put these practices in writing. Require
employees to make a regular record of their adherence to these
processes.Create a Culture Around Internal
AuditsBecome your own police. Ensure
risk management by regularly conducting internal compliance audits. We practice
fire drills. We drive cars with airbags. We can apply these same principals to
risk in the workplace. Conducting internal audits is the broader application of
the above concept of following standard operating procedures for the security
of the organization.This drill serves another
critical purpose; weak points will become clear. Internal audits elucidate the
unseen fissures in a company. No external consultant will understand the
nuances of the organization more than those enmeshed in the daily workflow.
Outsourcing has become a favorite business term. However, in compliance
outsourcing is not always the best answer. Empower your team with internal
audits. This will have the added benefit of direct engagement learning.
Employees will gain a better understanding of the importance of compliance by
engaging in these audits.The practice may not eliminate
unforeseen problems but it will lessen the impact. Additionally, it will better
prepare employees to tackle the challenges of an event when they
arise.Don't Wait For The Axe To Come
DownLet the goal of a successful
business drive your commitment to compliance. Don't wait for outside regulators
to dictate how you conduct corporate affairs. If all companies could be trusted
to employ best practices there would be no need for external overseers. Adopt
the mindset of the proactive. Manage risk in all the areas you believe to be
most pertinent before someone else requires you to do so. A reactive approach
only creates unforeseen costs after the budgeting process.In aggregate, these four
concepts could be summarized as "forward thinking." The success of
the business today is the result of all we did yesterday. A business doesn't
succeed by the virtues of the moment but rather by the overarching ethos
driving the future. Mandated compliance rules are designed for the masses and
may not address the most salient aspects of your particular business. Many of
these concepts can be enacted immediately with little or no cost. The greatest
tool in realizing these four recommendations is
communication.ABOUT THE AUTHORElisabeth
MillerMilava
ConsultingTelephone: (844)
464-5282Email: elisabeth@milavaconsulting.comElisabeth is a Managing Partner
at Milava where she designs operations, technology, and marketing strategies to
help financial firms run more efficiently. Milava is a consulting and
outsourced services firm that specializes in providing practical strategies to
help financial advisors run more effective businesses. With intelligent tools,
Milava helps advisors grow successful firms in less time and with less effort.
Elisabeth's expertise includes brand development, marketing execution,
infrastructure design, process improvement, and technology integrations for
financial advisory firms.Elisabeth has provided marketing
guidance for the development of a range of financial services firms, including
large broker-dealers and independent RIAs. Her daily practice of speaking to a
number of investment advisors gives her a unique perspective to help clients
implement tactics that the best performing firms are utilizing. She closely
aligns herself as a partner to each of Milava's clients to better understand
their businesses and deliver custom fit solutions. Before joining Milava, Elisabeth
focused on marketing strategy at Dimensional. During her time at the firm,
Elisabeth lead initiatives across financial services reporting, performance
analytics, and marketing. Elisabeth received a BBA in Finance from Texas
A&M University and holds the CIPM designation from the CFA Institute.
NOTE: The views expressed in this Guest Blog are those of the author and do not necessarily reflect those of BrokeAndBroker.com Blog.