It is fair to say that most of us are accustomed to relying on written laws. Use of “good practices” is also very known, but one cannot conclude that they are primarily depended upon in most cases. In day-to-day business, individuals and corporations prefer to rely on written rules. Not only is this a very practical and stable solution, but it also provides certainty in one’s behavior, which is ultimately part of a collective conscience. So with the wider introduction of the compliance function within organizations—the conscience of the organization itself—it has become very difficult for compliance professionals to provide the basis for certain rules that aren’t based on law, especially when elaborating and explaining their decision-making or opinion-drafting processes.
Why is this the case?
Most certainly, communication of compliance matters suffers because no other function within the organization gets so personal, with its constant rules of behavior, ethics and integrity standards, what to do and what not to do, how to behave, what to avoid, etc. Without the compliance function, people were familiar with these issues, but they were obviously not properly or systematically governed by organizations. Additionally, compliance enforces the behavior of all “in accordance to the laws” and to be “in compliance with the laws.” These obligations can be made very clearly, and so they are understandable; they are written by lawmakers themselves in a large number of cases. But to demand integrity in decision-making, avoid conflicts of interest, and rely on ethics principles in everyday job operations—that is difficult for all sides involved. In addition, it turns out that such rules are not so easy to find in written laws, bylaws, or regulations.
This can create a stigma for compliance professionals that their decisions are simply based on their own (personal or emotional) judgment, with no strict rules to rely on; that they have a “mysterious way” of figuring out resolutions in individual compliance-related matters; and that their assessments are very interpretative.
Let’s break that stigma.
Many organizations across continental Europe, led by Basel compliance standards, have introduced various risk-based approaches when assessing compliance issues, as no compliance professional can rely on their own judgment when there are rules to follow, many of which have matrices and mathematics as supportive evidence.
This is no problem when it comes to regulatory compliance issues, because laws define behavior and respective fines in case of noncompliance. But how can compliance be gained in cases such as conflicts of interest or integrity-related situations? One solution is a comprehensive compliance risk-based approach.