How to Create a Culture of Compliance
Compliance is quickly becoming a topic of great importance in the fintech industry and financial institutions as it becomes clear how dire the consequences of non-compliance can be. Since the financial crisis alone, banks have paid over $204 bn in fines. As such, the frequent model of focusing on innovation and simply moving past failures as quickly as possible is now widely known to be unsustainable.
In the fintech world, risk management is often treated as a counter-productive, slowing the pace of innovation. Compliance in fintech is a relatively new idea for many, and there are a host of issues that can make it more confusing.
There are plenty of regulators with authority over businesses, which means a glut of rules, different expectations, and compliance oversight processes threaten to slow and confuse the process even more. As much, fintech and financial institutions are often not fully aware of which regulations apply to them or how they are implemented or enforced.
It’s easy for a business to become entrenched in the details of compliance, failing to move beyond risk assessments and getting bogged down in individual complaints as opposed to addressing the systemic issues causing them. There are 6 important steps to ensure that fintech and financial institutions don’t become paralyzed by regulatory overload.
Start at the top
For compliance culture to take root in a business, it has to grow from the top down. Senior management staff, chief executives, and board members must communicate and reinforce these values persistently. Those at the top must also take final responsibility for the implementation and enforcement of compliance, overseeing it, providing direct supervision for day-to-day management and addressing the risks personally, rather than leaving it to compliance teams alone.
Build awareness and education
A process of gaining a full understanding of which regulations apply to your business and what regulatory bodies fully expect in regard to them is essential. Keeping the management team up-to-date on evolving regulations, new developments, upcoming deadlines, and resources that explain complex rules is essential. This is done through regular training and education at all levels. From here, you can identify the gaps in your processes and procedures and implement regulatory expectations into the rules and policies of the business.
It’s also essential that compliance is not communicated as a hindrance or a necessary evil, but rather that they can offer an advantage, building in systems of trust that makes all the team’s operations more appealing to the organizations they work with. Compliance must be systemized as part of standard business processes, ensuring that employees understand and put into practice the policies and procedures expected of them on a daily basis. Senior staff must lead by example, too, showing and communicating how they implement compliance into their own role.
Reward is a language that’s understood across the board and one of the most effective ways of ingraining priorities into the corporate culture. Developing incentives for implementing compliance and publicly praising good practice not only showcases the company’s commitment to ethical and moral conduct but also ensures the team is fully engaged. It aligns their interests with the interests of the business when they believe compliance is tied to personal gain.
Create effective reporting processes
When issues of regulatory compliance are raised, there must be an effective system of complaint management put in place. Every employee should understand or easily be able to access a system where individual complaints can be logged and addressed. However, an effective reporting process goes beyond the individual complaint. Root cause analysis should be part of that process, with a team able to dedicate the time and resources to discover the most common causes of complaints. From there, you can carry out corrective actions that can mitigate future complaints.
Keep it honest and transparent
Promoting open and honest communication about not just regulatory expectation and new compliance processes, but failures and mistakes are essential. Without taking responsibility for those failures or addressing potential problems, a compliance culture will not stick simply because it does not look like a genuine effort. For instance, if an employee is terminated for misconduct in relation to compliance policies, it should be made clear why this has happened. However, this approach of transparency must also be balanced with legal and reputational reasons that not every detail should be openly divulged.
If you want to create a compliance culture in your business, starting to begin by the top is crucial, by thoroughly understanding which regulations apply to you and by filling the gaps in your policies and procedures. From there, consistent communication, training, reporting, and honest assessment of mistakes and challenges can help ingrain it across the team.
Ahmet Vefik Dinçer, CEO