COMPLIANCE

HITRUST

Home COMPLIANCE

Compliance

Compliance is important for at least eight reasons.

1) Compliance is part of your organization’s duties to its community and stakeholders. The first reason is most basic. If you run a business (whether for-profit or nonprofit), you benefit from your community’s basic services. In return, you owe duty to comply with the law. Furthermore, if you use the resources of others (investors, creditors, donors), you need to be able to assure them that you are regulating the conduct of your employees and that you are complying with applicable rules and regulations.

Given how obvious this first point is, it’s surprising that smaller organizations sometimes have given little thought to the compliance function. In particular, nonprofits often act with nonchalance about regulating employee conduct and scrupulously adhering to regulations and laws. The unstated assumption seems to be that because the nonprofit is “doing good,” it can be lax about the way in which it does good. That assumption is profoundly risky.

2) Without a compliance function, you cannot reliably build or maintain trust with others. Trust is fostered through three elements: (1) repeated interactions with another person; (2) honest communication with that person; and (3) following through on commitments. Organizations cannot ensure that they are meeting element (2) or (3) unless they have adopted rules about proper communications and proper follow through. The head of the organization can’t be confident that others are being honest in their interactions unless the organization has adopted rules about honesty and trained people about the importance of honesty and candor. The leader cannot be confident that people are following through on commitments unless there are rules and norms that have been adopted and emphasized throughout the organization.

3) If you have no compliance function, you invite reputational damage. I like to note Warren Buffett’s adage that it takes 20 years to build a reputation and about five minutes to lose one. Research shows that people want to interact with organizations that have a reputation for honest dealings. It’s therefore no surprise that leaders consistently rank reputational risk as their number one worry. If you are not trusted in the marketplace, customers are unlikely to work with you. On the other hand, if you are trusted, customers will give you the benefit of the doubt. Without a strong compliance function, however, an organization is like the blindfolded man: any step may lead to disaster.

 

4) Compliance helps define an organization’s “why.” In his book Start With Why, Simon Sinek explains that one can describe an organization in three categories: what it does, how it does it, and why it does it. Sinek maintains that the best companies focus on the “why.” “When most organizations or people think, act or communicate they do so from the outside in, from WHAT to WHY. And for good reason – they go from the clearest thing to the fuzziest thing. We say WHAT we do, we sometimes say HOW we do it, but we rarely say WHY we do what we do. But not the inspired companies. Not the inspired leaders. Every single one of them, regardless of their size or their industry, thinks, acts and communicates from the inside out.” Simon Sinek, Start With Why (2009), at 39.
The “why” of an organization drives and motivates its efforts. One crucial aspect of that “why” is the set of values and ethical principles that guide the organization’s behavior. A compliance function leads an organization to determine those values and ethics. It requires the organization to describe those values and ethics sufficiently that team members understand them and will refer to them. It requires an organization to train team members on values and ethics, and requires the organization to hold team members accountable for them. In other words, compliance helps to define the why.

 

5) Compliance helps define and regulate an organization’s “how.” Continuing reference to Sinek’s work, compliance also helps an organization define and monitor its “how.” Compliance focuses on what behaviors will and won’t be permitted in execution of the “why.” As I have mentionedelsewhere, too many people consider compliance as an exercise in saying no: those in charge of the rules enforce those rules to prohibit behavior.

That misconceive’s the central contribution of compliance. When compliance is done well, it increases efficiency and effectiveness because employees have been trained to know, intuitively, how do their jobs and how to reason through ambiguous situations. Thus, compliance is not designed to generate “no.” It aims for intuitive “yeses.”

 

6) Compliance can serve as a driver of change and innovation. Some people also view compliance as inherently conservative. They think the purpose of compliance is to rein in conduct. Again, that’s not true. Compliance instead can serve as a powerful tool of long-term change. If every day behavior stems from training and codes of conduct, and codes of conduct stem from values, articulation and modification of values over time can profoundly influence organizational behavior. In the words of system theorists, values can be a leverage point, and compliance ultimately focuses on the driving values of an organization.

 

7) Compliance enhances consistency. Without a compliance function, decisions are ad hoc and made in a vacuum. Articulated values, ethics policies, and codes of conduct provide reference points for making decisions a matter of routine. As Peter Drucker explained, “All events but the truly unique require a generic solution. They require a rule, a policy, a principle. Once the right principle has been developed all manifestations of the same generic situation can be handled pragmatically; that is, by adaptation of the rule to the concrete circumstances of the case.” Peter Drucker, the Effective Executive (2006), at 125.

 

8) Compliance can reduce unforced errors. I end with an important risk management concept. Unforced errors are the most common risks to organizational performance, and compliance helps prevent unforced errors.
Too many people think about risks in terms of outside forces that can affect an organization. They worry about crooks and scam artists, customer demands, funder and stakeholder demands, natural disasters, and broad economic trends and forces. Yet most threats and opportunities are generated internally. This is why Drucker emphasized that more than 90 percent of effort in even the best run organizations is waste or, worse, activity that actually harms the organization. This is also one of the core insights of the “lean management” or Toyota Production System revolution over the last couple of decades. Lean management seeks to make waste visible so that the organization can improve over time. Compliance can help here, too.

 

Organizational waste includes disputes and human misunderstandings. A healthy compliance function can help make that waste visible, by tracking core metrics that may show areas of underperformance and friction. It can prevent disputes and misunderstandings.