Do You Have Double Compliance Standards?

Posted on by Catherine Roberts

Clipart people with question marks above their heads.Have you ever had that sinking feeling the day before an audit from a client? The wave of panic as you run around at the eleventh hour trying to collate and create evidence to prove you have a diverse and robust compliance program!. To demonstrate that your staff training regime is second to none or your business continuity plan was fully tested just last week!

That sinking feeling comes from not being ready for the audit! I don’t just mean ‘not ready’, but also ‘not prepared’! Is this a harsh representation of forthcoming audits?

Not really! Not when you consider the implications and consequences of forging ahead without the proper adherence to or regard for compliance standards. Those that have been laid out across the globe by regulators, legislation and governing bodies. For example, the FCA, HMRC, ICO, PCI, HIPAA, FISMA, CCA, FDCPA – the list goes on! Compliance has become a word so over-used that it is in danger of becoming a nuisance. As more and more compliance breaches occur in the UK across different areas, maybe it’s time to look at ‘compliance’ differently. Afterall, a term that becomes over-used, can and will eventually end up being ignored as it’s saturation levels peak.

Risk takingLooking At Compliance A Different Way

There are millions of organisations who consider compliance to be a part of their organisation and industry. However, ‘compliance’ in itself is a very vague term and has different meanings for everyone. For the purpose of this article, I am using compliance as a term, not just a word. This comes with the assumption that it covers any area of business that has to follow standards, rules, laws or regulations. For example, data protection compliance under the GDPR or regulated compliance under the FCA.

The question at the start of this topic wass “Do You Have Double Compliance Standards?” So, what do I mean by that? If people working in a business that has to be compliant with some law or regulations, they will at one time or another have seen that compliance as a negative. Comments such as “compliance costs so much money” or “compliance is such a time wasting exercise” are common place. Businesses and their employees often wonder why audits want to see so much evidence or why the regulators so strict.

Change Your Viewpoint

 The truth is that you should feel cheated if every single client, regulator or auditor through your door does not pore over your paperwork, systems and processes with a fine tooth comb. You should want them to look for gaps in your compliance or point our areas that need improvement. No, I’m not crazy! This is the way compliance needs to be viewed because this is what makes it work. The compliance industry needs to insist upon and and start to cultivate this type of culture. If must assess our peers against the same standards and expectations we have for ourselves. Otherwise, the sanctity of security and fair treatment will go down hill very rapidly.

Every Cause Has An Equal Effect

THIS SECTION IS THE SINGLE MOST IMPORTANT THING THAT YOU WILL READ TODAY

Let’s consider that a client or regulator comes in to your business to do a compliance audit. There are several gaps and some areas of non-compliance. However, they are in a good mood and decide to ‘let you off the hook’. They treat your audit as though it were just a ‘tick box exercise’ and may be you are even a little relieved! You get the client, certificate or green tick you were looking for.

Would you still be as ‘relieved’ if you knew that the auditors next client is with your GP? Maybe some of the medical records are not as secure as they should be. However, ‘he’s in a good mood’, so no gaps are flagged! Consider that your records are among the thousands hacked the week after due to those non-compliant areas. Maybe the regulator also audits the compliance at your bank! Compliance doesn’t seem like such a small matter when it’s your own data on the line!

Not everybody works in an industry dictated by compliance. However, I guarantee you that everybody is a customer of such an industry. Every person has private and sensitive information is out there – in the hands of the very people who should be making sure compliance is their top priority. Compliance can seem negative when thought about in terms of money or resources. Furthermore, the time and effort taken to train staff and implement controls and systems. But if the robust and structured compliance applies to one business or sector, it must apply to all.

Consider that if you look for the quickest or cheapest way through compliance, there is also somewhere holding information about you doing exactly the same!   

anti money laundering policy templatesWhat Compliance Should Be

The truth is that compliance is not just ‘another’ business function or activity. Likewise, it is not a box that just need ticking before you can move on. It cannot and should not be anything less your most important business activity. There is NO organisation, big or small, who can guarantee that they are 100% compliant in all areas. Businesses have people at their core and by the very definition of being human, people make human errors.

However, what you can do is to ensure you are giving compliance 100% of your time, attention and effort. Working towards being compliant in every area means having adequate systems, controls and training. Additionally, internal audits, policies and procedures and risk assessments make up part of the compliance framework. The old negative stigma has been surrounding compliance for several year. It is time to change that, and the change starts with you!

Who Can Affect Change?

It doesn’t matter if you are at the top or the bottom of the organisation. What matters is that you think about compliance in the same way think about your own information. From spending more than 25 years working in regulatory compliance, I can give you a promise. If you start putting compliance at the top of the agenda, everything else will follow. Your commitment to compliance will produce better products and services. Furthermore, your reputation will grow and with it your sales and revenue.

This is what great organisations are built on! Not how much money they brought in last month or how many sales you made yesterday. Instead, being able to have compliance audits at the drop of a hat and not even break a sweat. It’s nothing to worry about when you know you are doing everything possible to ensure compliance. You should be challenging those clients or 3rd party organisations (such as suppliers or agents) who do not want to see your compliance evidence, who do not look deeper than the surface during audits, so that raising the standards or compliance starts with you and filters throughout every industry dominated by it.

DEMAND COMPLIANCE NOT JUST OF OTHERS, BUT OF YOURSELF!

FCA Templates
FCA Templates

44 Products

Anti Money Laundering
Anti Money Laundering

19 Products

GDPR & Data Protection
GDPR & Data Protection

27 Products

Complaint Handling
Complaint Handling

3 Products

HR & Employment
HR & Employment

13 Products

Catherine Roberts

Catherine Roberts is the founder and Director at Know Your Compliance Limited. She has worked in regulatory compliance and policy development for over 20 years, with first-hand experience in the financial services and consumer credit markets. Catherine is passionate about making compliance easier for businesses, developing templates and tools to simplify the process. When not tied to her computer writing policies, she enjoys reading, writing and graphic design.