Selling The Risk And Compliance Message



Many organisations have begun to realise the true value of the risk and compliance function. It has steadily been able to shake off the tag as the business ‘policemen’ and has now become the key port of call in managing business risks. Yet occasionally, there is a reminder that as a profession, risk and compliance still has a way to go in convincing some people of the best way to utilise the function. Compliance is not about making businesses harder, but making it easier for the rest of the business to get on with the job. So how do you sell the compliance message?

Get champions from the top of the organisation

The most important people to convince of the true value of risk and compliance function are the board and executives. If the board understands the value, it will flow to the lower levels of the organisation. Convincing the board of the value is getting easier, thanks to directives from regulators and governance standards that are pushing directors to build a culture of compliance. However, directors still face competing pressures, and the risk and compliance function cannot afford to assume the board understands what you do and what you can do for the organisation. Continuous education about the role of risk and compliance is needed. The most effective strategy is providing them with regular, clear and concise information on the progress of the compliance function and update the board on industry trends.

When preparing reports it pays to think from their perspective: are they clear about what the risk and compliance objectives for the organisation are? Do they know why these objectives were set? It pays to repeat key messages that demonstrate your value to business and to them continuing to be in business.

Middle managers can be just as important in reaching front line staff. You need to engage middle managers to own and sell the message – tone from the middle. Compliance managers should give heads of business units material that they can easily convey to their staff in a language they understand.

Have metrics on value – compliance KPIs

With overall economic conditions being fairly tight, it is important for risk and compliance staff to be equipped with data to support the value of their programs. Every other area of the business justifies itself with statistics and targets – they make their positive impact tangible – if you allow risk and compliance to be too intangible it makes it easy for all your work to be missed or misunderstood. Compliance KPIs can include:

  • Turnaround times of promotional material sign-offs
  • Level of satisfaction with compliance services as measured by surveys
  • The number of penalties from industry regulators attributed to compliance failures
  • The quality and frequency of engagement with regulators
  • Audit satisfaction on compliance programs
  • Reduction in employee errors in a specific area
  • Increase in customer satisfaction

Understand the business

The role of risk and compliance is to support the business. It should help the business make better decisions to ensure the business grows sustainably. One of the biggest dangers to a compliance team is being seen as anti-business or anti-sales. If the compliance team does not understand the business, the business loses trust in compliance; it therefore becomes difficult to get the business engaged with the compliance program. Risk and compliance staff must understand how they can add value to the business. It is not enough for the compliance to simply ensure regulatory compliance. They must add real value by advising on how to do things more efficiently and with less risk.

The cost of non-compliance

The legal risk to directors and executives of non-compliance certainly sharpens their attention to the compliance program. One area of growing concern is of personal liability for executives and boards – and increasingly, this includes risk and compliance staff. When weighing up the cost of non-compliance, executives must consider the personal implications as well. The regulatory cost of non-compliance goes beyond financial penalties. Increased regulatory scrutiny, complexity, regulatory change and customer distrust are a direct result of compliance failures. It is important that risk and compliance staff communicate these costs of non-compliance to the business.

Develop your message

A compliance team must be in regular communication with the business about its priorities, concerns and training agenda. Risk and compliance should be front-of-mind of those in the business. That means being a visible presence, thinking creatively and not just sending email reminders. It is also incumbent on the risk and compliance team to make compliance training relevant and engaging for the business. Compliance training is a good opportunity to demonstrate how compliance is integrated into the business and how compliance is relevant to front-line staff.

Employee compliance training solutions by the GRC Institute

As a registered training organisation (RTO), the GRC Institute offers two nationally accredited courses which can be delivered in-house, as part of your organisational training framework. The courses can be tailored to meet the specific needs of your organisation, within the parameters of the national qualification framework, ensuring optimal value for your business and employees.

When you invest in compliance training for employees you are directly investing in the security and stability of your business. Lapses in legality or ethicality are threats that can shake a business from its core. Establishing a company culture where there is a greater understanding in compliance from the top down can make your business more adapt at defending against those threats.

If you would like to know more about compliance training for your staff, please contact us on on +61 (02) 9290 1788.