Updated: Nov 19
Over the years I learned that many organizations increasingly find they are not able to keep up with all their compliance obligations. On paper they are fine, but in practice is another story altogether.
The cause can be attributed partly to the expansion of regulatory requirements. To stay between-the-lines many choose to double down on audits and inspections. However, this often proves to be too slow and too late to drive needed improvements, let alone keep up with the speed of risk.
The traditional approach to compliance characterized by reactive, siloed, and reductive practices is unable to deliver what organizations need to meet all their obligations associated with safety, security, sustainability, environmental, quality, regulatory, fraud, and other compliance objectives.
Working hard at following rules and procedures is not working or enough to realize the benefits of their efforts. Organizations are still unable to answer questions such as:
Are they any safer?
Is their quality better?
Does their security provide adequate protection?
Is fraud reduced?
These have more to with outcomes of compliance rather than adherence to prescriptive rules.
In many ways, organizations are caught in a trap of working hard and hoping for the best not knowing if their efforts will be effective in any unit of measure.
As a result, these organizations are vulnerable and perhaps only one mishap, one non-conformance, one violation, one breach, or one explosion away from mission failure.
An Old Sign On The Door
How can organizations escape this trap when the sign on the compliance door reads:
“We are in compliance with all applicable rules, laws and regulations as far we know. Will be back after our next incident."
When there is nothing to improve, there is no need of escape.
However, there are important reasons to escape this trap.
Over the last decade regulators have started to modernize their programs to become more risk-based; moving away from rules towards performance and outcome-based designs. The intended impact is to enhance public safety beyond what prescription alone could provide. This means that regulators are now more focused on risk mitigation rather than adherence to rules.
Also, in recent years the number and nature of obligations has increased coming from industry, stakeholders, and the investment community connected with ESG, climate change, carbon neutrality, environmental sustainability, cyber security, and many other objectives.
We have reached a tipping point where there are just as many non-regulatory as regulatory requirements that need to be managed.
Compliance needs a new sign.
A Better Sign And A New Hope For Compliance
Operationalizing obligations requires more than training, following procedures, completing checklists and conducting audits. Organizations must learn how to advance towards targets, handle risk, and continual improve their performance.
This requires that organizations adopt an operational approach: one that is proactive, integrative, and holistic. A program that reduces waste, handles risk, and delivers compliance outcomes rather than only audit reports. Compliance must become an operational function not just an administrative expense.
Organizations that have implemented an operational program for their compliance, have a new sign on their door:
“We are experiencing the benefits of our compliance and improving our effectiveness with confidence every day. Meet you up ahead, already there."
That's a better sign and a better way to do compliance.