Giovanni Gallo (ggallo@complianceline.com) is Co-CEO and Chief Development Officer at ComplianceLine in Charlotte, North Carolina, USA.
Mention the word “compliance,” and most business execs would likely say it means risk mitigation. That’s certainly part of it, but there’s more to compliance than preventing negative incidents and cleaning up after them. Compliance professionals are responsible for ensuring everything goes right, day in and day out. If problems occur, they carry the weight of potentially staggering losses due to bad actors, data breaches, legal or regulatory infractions, and more. It’s a huge, daunting, and often thankless task.
The full scope of these responsibilities isn’t always clearly defined, and they’re constantly moving targets as new regulations are passed, people find new ways to game the system, and public attitudes evolve. The issues are far more complex than in the past, yet compliance budgets typically account for a small percentage of a company’s budget. This all requires compliance teams to do more with less.
Compliance isn’t an issue that pertains only to large corporations, though obviously the stakes climb as organizations grow bigger, and there’s exponentially more money at risk. But the relative impact of a problem can be more severe for a small company than for a huge organization with deep pockets. If the owner of a startup with three employees messes up, there might not be enormous sums of money at stake, but it could take the whole company down or irreparably damage the culture. By contrast, a negative incident involving the CEO of a multinational bank might cost hundreds of millions of dollars, but the company will likely be strong enough to weather the storm.
The three levels of compliance effectiveness
The first level …
… is a basic requirement for any business: adhering to government or industry regulations or fiduciary obligations. If you don’t comply, you will certainly face penalties and fines. This is the bare minimum for compliance efforts. There’s no question: You have to do it, and the negative impact of not doing it is easy to scope.
The second level …
… includes things you probably should do to avoid problems stemming from a bad event such as a lawsuit or data breach. While they may not carry mandatory fines, these are likely bad outcomes you can reasonably estimate. Think of compliance as full-coverage insurance: If we spend $80K to avoid a specific problem, we can save $120K in fines. It’s essentially a strict return on investment (ROI) mindset.
The third level …
… positions compliance as a key driver for a healthy culture. While some of this may be harder to put a clear number on, the far-reaching impacts echo the cutting-edge, comprehensive scope of top-level leaders. In this approach, compliance isn’t just about averting disaster or reacting to negative headlines; it’s about creating a shared set of values, building trust, and spreading goodwill. By making your employees feel valued and safe at work, they’re happier, more engaged, and more productive. Just as a low crime rate attracts and allows businesses to thrive in a city, strong compliance attracts and allows employees to thrive at a company. They’re proud to work for your company.
This focus on culture and value alignment is the new frontier of compliance. It benefits everyone served by the company’s leadership, not just those who would be derailed by a risk incident. Besides preventing disaster, culture and value help the employee base at large. It’s not limited in scope to the bad actors and the people who would clean up the mess. It’s compliance that serves the whole company and the whole mission.
