4 Tips for Overcoming Compliance Fatigue
One current buzz term in the field of contract management is “compliance fatigue.” A perfect example of this trend is that despite the credit card and personal information breaches at major retailers, 6 out of 10 Americans still have old debit and credit cards.
Back in 2015, the credit card industry failed to meet its self-imposed deadline to convert to chip technology, continuing to leave consumers exposed to credit card fraud and imposing upon itself the burden of being responsible for covering the costs of fraud (the government indicated that financial institutions that don’t meet the deadline become liable for fraud costs).
To help you reenergize efforts in your enterprise, here are four measures to overcome compliance fatigue.
1. Point Out the Facts
It’s very easy to say for staff to think that “it won’t happen to us.” However, the facts clearly show that it may be just a matter of time. A survey from Ernst & Young of more than 2,700 executives across 59 countries showed that the risk businesses are facing and the incidence of fraud and corruption are not declining.
Still, you can’t be all doom & gloom. Focus on the positive as well or risk losing your staff’s interest in compliance altogether. Verizon’s 2015 Compliance and Security Report shows that compliance rates between audits increased by an average of 18% across 11 of 12 requirements.
In the case of chip technology implementation in the U.S., financial institutions should realize that the by using chip technology England brought down counterfeit card fraud losses from close to 170 billion euros in 2008 to about 48 billion million euros in just six years. Find applicable numbers that can become a point of inspiration towards better compliance.
2. Lead By Example
The CCO and other C-level executives are essential for the success of compliance processes. While they may sometimes feel overwhelmed by the complexity and cost of compliance frameworks, they have to focus on the fact that ethics and compliance contribute to the bottom line of any company.
A good strategy for executives is to avoid referring to compliance processes as “non-revenue contributing” functions. Instead, create benchmarks for those processes to demonstrate how they positively contribute to the sustainability and overall financial performance of the company. Including the status of a compliance benchmark on the dashboard of your contract management system increases the importance of compliance for your enterprise. For example, you could provide a status on completion of Sarbanes-Oxley for a fiscal year.
3. Involve Employees in Compliance Processes
Whether it’s the Health Insurance Portability and Accountability Act (HIPAA) to protect personally identifiable information within healthcare or the North American Electric Reliability Corporation to regulate activities of energy suppliers, there’s always need of extra hands to make sure that requirements are reasonably met.
Here are some specific examples:
- Gather information from sales staff to develop a checklist of red flags for spotting calls from fictitious companies or government agencies;
- Enlist IT staff to interpret and evaluate the credentials of vendors offering cloud-based services (e.g. SSAE-16 and SOC security certifications); or
- Engage marketing employees in export compliance to do a cost-benefit analysis of implementing compliance processes for certain products against potentials sales of those same products.
The main idea is to get everybody involved. Of course, if you’re going to involve employees in compliance process, you need to:
4. Compensate for Compliance Activity, Training and Certification
In the United States, the number of compliance teams spending more than 10 hours a week tracking and analyzing regulatory development almost doubled from 13% in 2013 to 25% in 2014. According to the same survey, two of every three respondents expect compliance costs to continue to increase.
While compliance practitioners are paid for their activities, those not involved directly in compliance audits and report aren’t. The problem is that by not being aware of best practices, the activities of non-compliance staff contribute to the ever-growing cost of keeping and improving compliance within a firm.
Just making compliance training mandatory isn’t sufficient to improve practices, it’s also necessary not only to compensate for hours spent on training but also provide monetary incentives to complete applicable certifications. The IACCM provides Contract and Commercial Management (CCM) professional certification programs and a set of almost 30 on-line modules.
By bringing attention to key compliance stats, leading by example, involving non-compliance staff more in compliance processes, and remunerating that staff for compliance activity, training, and certification, you’re taking important steps in overcoming compliance fatigue within your enterprise.