Regulatory compliance has become an industry in its own right. Too frequently organisations take a siloed approach, compliance becomes a burden and the underlying reason for a regulation gets lost. Business architects treat regulations to be one of the inputs to strategy and embed streamlined processes and systems in the operating model. Compliance can then promote sustainable improvement and be a positive enabler of change.
Why do we regulate?
In recent years we have seen a series of events that undermined confidence and resulted in calls for regulation, both nationally and across trading areas. Accounting practice issues impacting investor confidence, data losses in an increasingly digital world and economic shocks arising from hugely complex financial instruments have led to regulation upon regulation. It doesn’t help with obscure names like SOX and Basel. At least GDPR gives a hint of its purpose in Europe or CCPA in the US. Regulation tends to be reactive and struggles to catch up with innovation.
Even de-regulation leads to regulation and complex governance. Open markets for gas and electricity need to be coordinated, so in the UK we created OFGEM (separate from OFWAT which regulates only a partially deregulated water market). Another industry emerged to enable consumer choice through switching suppliers, which in turn needed to be harmonised through new governance defined through MRASCo.
The upshot of this fluid situation has been a diverse set of evolving compliance regimes enforced through carrots and sticks – granting authorisation (FCA) or operating licence (OFCOM), monetary penalties and criminal procedures (ICO). Regulation has even spawned the new Regtech product sector. It’s unsurprising that compliance is seen as a costly burden. Memories fade and we forget the original purpose of regulation and compliance such that it takes on a life of its own.
And that’s not the end of it. Periodically new situations emerge such as threats to the resilience of our Critical National Infrastructure (see NCSC CAF guidance). Sector specific frameworks are now being formulated, with a hot topic in 2020 being the COVID-delayed consultation on operational resilience across the financial sector. A whole new set of guidance, working practices, advisory services, endless webinars etc are springing up. Diverting effort and investment from other business imperatives just when the economy is at its most fragile.
How did we get into this situation?
Certainly, the underlying issues giving rise to regulation are important to the economy, society and individuals. However, the extended timescale over which these have arisen has resulted in fragmented regulation and a vast number of regulatory bodies. These have grown to the point that the UK Regulators Network was formed in 2014 to promote best practices and help regulators to work to “the benefit of consumers and the economy”.
Even worse, the fragmented regulation is reflected in a silo approach to compliance in organisations, albeit these teams tend to be clustered into Risk & Compliance (Finance), Ethics and Sustainability (Telecom) or Ethics and Compliance (Pharma) functions. Each of these functions write policies, engage in awareness campaigns and try to get silo’d operational units to be compliant or at least in audit-speak to attract fewer non-compliances.
Organisations designed their operating models having regulatory requirements simply as an input, with compliance through optimised capabilities that organisations to use to their competitive advantage. These being delivered by people with good multi-disciplinary skills and systems to achieve the right business outcomes. The organisational learning would be embodied as knowledge rather than reinvented (with expensive advisory services) each time a regulation changes or a new regime is applied. This is all achievable with a well thought out business operating model that is adaptable to change driven by an ethically-informed strategy, laying the foundation for business agility.
Talk with us if you would like to understand how to establish the operational foundations to change compliance from being a burden into an enabler of business agility. Become Compliant by Design.
Bill Blackburn is an experienced business design practitioner with skills across regulated sectors helping organisations to gain value from compliance investments.