A culture of compliance is the foundation of an organization’s compliance program. It is often a measure of how well employees feel empowered to identify, mitigate, and escalate risk within their institution. An institution’s compliance culture is set by its board and executive leadership team. Their messaging should be continuously reinforced in the institution’s risk appetite statement, policies, training, and enterprise-wide communications. A strong compliance culture should be evident at all levels of the financial institution and across all three lines of defense: the lines of business, the compliance department, and the audit function.
The most important asset to an institution’s compliance program is truly each and every employee. A culture of compliance should empower employees—not just in the second line of defense but in all areas of the institution—to think about the risks being presented through their customers, transactions, and products and services, and the part they play in mitigating those and other risks.
Senior executive and leaders are responsible for establishing the tone from the top—setting clear expectations for the importance of compliance throughout the organization and modeling behaviors for their employees. An institution’s leadership must support each of the seven elements of a culture of compliance to ensure that employees have what is needed to effectively manage their compliance risk.
Seven Elements of a Culture of Compliance
|
Training and communication play a critical role in establishing a culture of compliance because they often are the primary means by which these critical messages are delivered to all employees. A comprehensive compliance training program not only ensures that employees are aware of their responsibilities, but also provides them with detailed information on how they should identify, mitigate, escalate, and report risk. Comprehensive and well-thought-out training should assist in creating awareness and in developing and refining the skills needed to ensure compliance.
An effective compliance training program can help to ensure that an institution is regularly addressing new issues and emerging risks. It also helps to ensure that employees have the right knowledge and skills necessary to perform their roles, and that they understand the risks within the institution and their business area as well as the consequences of noncompliance. Organizations can determine the strengths and weaknesses of their compliance and training programs by answering the following questions:
- Do our training programs match the risks of our institution, and the variety of functions within it?
- Do our employees have the right experience and training to do their jobs?
- Are we regularly addressing new issues and ensuring our programs help our teams deal with emerging risks?
Institutions should ensure robust and recurring communication. “One and done” is not an effective way to deliver communications or develop an organizational culture. A strong communications program issues clear messages in a recurring fashion. Institutions that want to create a culture of compliance should issue policy alerts and remind staff of changes to regulations and industry standards. Information on those changes should then be easily accessible and readily available for employees. Town halls, quarterly newsletters, and even short video messages explaining changes can be effective ways to ensure that all staff members understand what they must do to support the institution’s focus on compliance.