Regulatory compliance consulting series: Skills for compliance

John Davison: Welcome to our regulatory compliance consulting video series. We will be publishing a series of short videos, highlighting our view of key hot topics that we think will resonate with compliance and risk functions. I am here with Christian Blackwell, to talk about the first of these, the key skills compliance functions should have, but may not.

Christian Blackwell: So, the first one that we would like to consider is kind of the rule of unintended consequences, so to speak. And what do I mean by that? I mean, you know, compliance functions often dealing with business process change, technical change, or remediation of a specific theme.  And that remediation is often targeted at something very specific. What they don’t necessarily consider is the broader, unintended consequence of the change that’s going on, that’s something that’s very important, and they should do that to ensure that they are not missing a trick, as it were.

John Davison: And that segways nicely into one of mine, which is our second one, which is the impact of human behaviour on the ability to stay compliant. And this is often something compliance functions can miss. Everybody in an organisation is motivated by different things, but generally, all individuals are motivated by the fact they want to do what they think is right, and what their management want them to do. And I think it's very important for compliance functions, sometimes, not to worry purely about process and legal requirements, but to actually think about how a business empowers its staff to behave, how they incentivise them, not just financially, but how they incentivise them with other rewards, how they message to staff, and then, therefore, how they set a standard as management that they want their staff to follow. And I think if Compliance could understand that, and understand how an organisational strategy is driving changes to that behaviour, whether to target a product, or whether to target revenue growth, or revenue cutting, in a certain area, that will really help compliance functions identify some of the key risk exposures, and prioritise their work accordingly, which I think links on to another one we were talking about, Christian.

Christian Blackwell: Yes, John, the ability to apply the rules and requirements to real life scenarios. So, compliance functions are often developing policies, giving guidance, but they can sometimes get very focused internally on the requirements of that, rather than thinking, okay, well, these need to be applied to a real life scenario, and the front line in business, and where they can use real life examples to get that point across, that will help in the end user of that being able to embed it into their day to day working.

John Davison: And again, you know, I was talking about behaviour earlier, which comes on to my fourth one, which is the ability of compliance functions to actually be risk managers, and apply risk based judgment. So, we talked about that from a behavioural context, but actually, you know, as business changes, as people change, then the inherent risk of any organisation will often alter, not because of a regulatory change, or because of something that is prescribed, but just the way in which a business grows, whether that’s organically, or through acquisition. And I think where compliance functions need to really demonstrate their skills, and maybe enhance their skills, is to find their balance and attention between underlying regulatory obligations and the need to stay on top of the risk profile of their organisation, as they are actually looking to target their future work.

Christian Blackwell: So, our final point is really the different roles that a compliance function performs. They need to be very clear about the different roles. So, sometimes they're performing an assurance role, sometimes an advisory role, and sometimes an enablement role, and that requires very focused activity, and they shouldn't confuse the three different roles, they should be very much targeted, and when they are assuring, they are assuring, when they are advising, they're advising, and not mixing the two up.

John Davison: And, of course, to make sure they've got the skills to cover each of those with the right people, which is important.