Culture, capability and comparison


Culture: the ‘vibe’ of compliance

Like a gentle breeze, culture may be hard to see, but you can feel it.
— William C Dudley, attributed in Hanrahan, Pamela F, "On Compliance" , June 26, 2018

Given that Compliance is a discipline that’s often accused of embracing Excel at the cost of effectiveness, there’s no surprise that Compliance Managers often struggle to quantify, measure and compare critical aspects of the businesses they seek to guide. For all the promises of better systems, and more systemic analysis, most compliance functions are isolated, impotent and ill-equipped to manage - or even effectively oversee - regulatory risks and the acts and omissions of the business’ representatives.

This yawning chasm between ‘promise’ and ‘performance’ of Compliance was starkly highlighted by the Royal Commission. While a range of compliance failures were highlighted, the Commissioner thankfully identified management, conflicts and ‘culture’ as the underlying causes of these failures.

Unfortunately, as is often the way, the Compliance functions of many licensees have been charged with responsibility. If our clients are any indication, they’ll do an incredible job in implementing the Commissioner’s recommendations and reconciling ethics, stricter regulatory requirements and commercial necessities.

They may find, however, that ‘culture’ - the beating heart of their business - is protean, unmanageable and almost impossible to convincingly define. Trying to do so, in the absence of relevant information and comparative data, makes a difficult task impossible.

Compare and contrast

Measure what is measurable, and make measurable what is not so
— Galileo Galilei

While the capability and experience of our team has underpinned our success, Assured Support is a data driven business that has always believed in the value of measurement, comparison and contrast. In fact, these values (and contextual analysis) are at the core of all our review methodologies. Detailed analysis, comparison and benchmarking is provided in our Advice Assurance and Licensee reviews.

We’ve written about our risk and conduct approach previously. We’ve also repeatedly emphasised the value of ‘small data’ - local, specific and integrated information - and written about our belief that misconduct is more frequently the result of environment than personal preferences.

We don’t intend to labour these points in this article, nor do we intend to offer general prescriptions for specific problems but we want to help you understand whether, and to what extent, you compare with your peers on ‘culture’.

The following diagnostic, extracted from our broader methodology, may assist you to understand some of the ‘measures, processes and procedures’ that we think are credible indicators of a business’ culture. Clearly, an effective assessment requires far more analysis and introspection than the diagnostic allows, but it might help you focus your resources and prioritise your activities.

Now more than ever, firms need to be thinking carefully about culture as a driver of risk and performance
— Elizabeth Arzadon

Culture: Eight indicators

A basic cultural diagnostic follows. If it’s helpful, please use it. If it’s not helpful to you, don’t.

The survey is anonymous, but if you complete it you’ll be provided with the aggregated results against which you can compare your own business.

... there was a widespread sense of complacency, a reactive stance in dealing with risks, insularity and not learning from experiences and mistakes, and an overly collegial and collaborative working environment that lessened constructive criticism, timely decision-making and a focus on outcomes.
— APRA Information Paper, page 7

Basic Cultural Diagnostic

Just for the purposes of context, in what capacity are you providing financial services
'Culture' changes over time and it's important to consider the maturity and sophistication of your governance, compliance and risk framework. Regardless of its age, would you define your business as:
1. Code of Conduct
Does your business have, and enforce, a Code of Conduct
2. Tailored training *
In the past twelve months has your business rolled out ethics and compliance training customised for its risks, roles and activities?
3. Business Improvement
In the last 12 months, has the effectiveness of your compliance framework been measured and improvements recommended?
4. Monitoring and Supervision
Does your business embrace a risk-based approach to compliance?
5. Resourcing
Is your compliance function adequately resourced given the 'nature, scale and complexity' of your business?
6. Capability and Competence *
Do you have confidence in the competence and capability of your compliance team?
7. Regulatory Change
Do you have a formal, effective and consistently followed process for regulatory change management ?
Are you respected (or rewarded) for offering constructive criticism or challenging consensus views?

Culture: Cost and consequences

Compliance obligations are broader than strict legal requirements and incorporate standards of integrity and ethical behaviour.
— Laker, Broadbent & Samuel "Final Report of the Prudential Inquiry into the Commonwealth Bank of Australia, APRA 1 May 2081, p7

Compliance is evolving in a way, and at a speed, that few commentators foresaw; and Licensees no longer have the option of ‘opting out’. The regulators expect more from regulated entities than just compliance with minimum legal requirements and satisfying them requires more than allocating additional resources.

In fact, as NAB learnt, there is little direct correlation between a Licensee’s ‘investment in compliance’ (cost) and in its effectiveness (outcomes). Capability, Competence and Culture have a far greater impact.

Deloitte, “Get out of your own way: Unleashing productivity” 2014

Deloitte, “Get out of your own way: Unleashing productivity” 2014