A perennial challenge with boring-but-necessary activities is that they are hard to keep doing.
Housework, exercise, tax returns – all are pretty much compulsory, but few people naturally enjoy them – and many will find almost any excuse to minimise the time spent.
Unfortunately for Risk & Compliance officers, core compliance tasks like “know your client” and anti-money laundering checks are in the category of important but dull.
Firms of all sorts and sizes struggle to ensure that regulations are met and risks are minimised and managed.
Legal Compliance is Hard Work
One approach is to threaten draconian punishment for non-compliance, but this rarely works. Some sort of incentive is required, but the fear of punishment is hard to instill and maintain – and rarely effective in the long term.
People find ingenious ways to avoid punishment without necessarily meeting requirements, and the Compliance function becomes an unwelcome bully.
Many firms try to ease the burden by automating as much of the work as possible – using tools from vendors like IntApp – which has several advantages, not least reducing the time required to fulfil compliance needs.
There are advantages also in having structured processes which can be quality-checked, and measures that provide management information.
Compliance is Expensive
However, despite these obvious positives, there are disadvantages – the most obvious of which is the significant cost to set up and run such a system.
Budgets and business cases are often written without an understanding of the complexity of maintaining and – more importantly when regulations or priorities change – the cost of continued changes and additional development. A spaghetti of processes and interfaces quickly grows, becoming simultaneously business critical and yet difficult to understand or change.
The other, more subtle disadvantage is that such systems can automate simple processes to reduce the compliance ‘burden’, but they also allow more sophisticated processes – which increase it again.
Also, whilst people will initially celebrate the reduction in time required, the novelty soon wears off and the new, more efficient process becomes the new burden threshold to be resented.
This pincer movement – an increase in sophistication with a corresponding reduction in tolerance – means that automation tools will only be a partial solution.
What more can be done?
Let’s look back at what one benefit automation brings us: better information. The key to improving compliance lies with what we do with this data generated by our processes.
Think back to our ultimate goal: we want to improve compliance and reduce risk, and to do this, we need our people to provide certain information.
Use these simple approaches for better compliance.
- Only ask for what you absolutely need
- Make it clear why you need it – Show it being used
- Demonstrate that the group complies
- Make it a game
Only ask for compliance information you need
This is one of the hardest tasks, as it requires self-control by the various compliance departments. Legal Risk, Finance, Governance and IT all need to compromise to reduce the questions to the bare minimum required.
The temptation is to put everyone’s questions in. Reverse that.
- “Can we do without it”
- “Does it apply to 90% of users”
- “Can we ask it later”
If it is a rare case, or applies only to a subset of users, then do it separately via an automated email or follow-up process. Keep the main flow short and sweet – 90% of people should be able to finish in minutes, avoiding the time-traps of obscure, unusual marginal cases.
The automated process should be lean and fast. Follow up manually if needed.
People won’t contribute if they don’t think it matters
Demonstrate compliance in action.
Compliance should not be a back-office data collection task, nor a police force investigating misdemeanours.
Systems can be used to helpfully create corresponding matter-related materials. For example:
- Use the answers from compliance questions to automatically generate the correct correspondence for Know Your Client activities.
- Make sure as much information as possible is displayed and reported on. Show – for example – the number of non-domiciled individuals who are clients, or the total number of identity checks completed each month.
- Show levels of compliance: report on the accuracy of information, and who (or which teams) provide the most accurate information. Note that ‘accurate’ can mean ‘is not changed later’ – a data measure that can be quantified.
- Show the time taken, or the length of time between matter-opening and identity check completion, can be measured and reported on. Shorter times are better – it indicates lower risks, and less time in limbo waiting to be sure that the work can be undertaken.
Don’t let the information disappear into a black hole.
Demonstrate in-group behaviour
Humans are influenced by others, so show that others are taking compliance seriously. No-one wants to be the odd-one-out.
The idea is to show that everyone completes these activities. Compare teams; set up a competitive attitude. Use data to show that everyone else is doing it.
Make it a Game!
Once you have the data, and you are reporting levels of compliance – broken down by team – you have the basis for competition.
Use the measures and shout about the best performers. Start a league table of teams or offices. Put forward compliance captains within each team, and give them an identity. Make it a real ‘fantasy compliance league’ – all of this is now possible because of the automation and data collection tools you have available.
Compliance can be fun
OK, perhaps filling in questions and searching out information is never going to be ‘fun’. Adding in elements of competition, and proving that it is a valuable activity will give it meaning.
If the context is provided – why is it necessary – and measures that define ‘good’ compliance (in terms of data quality and completeness, or time to complete), then a little reporting on measures can lead to a sense of fun.