Close
    Share
    Facebook Facebook icon Twitter Twitter icon LinkedIn LinkedIn icon Email
    security data

    Finance

    Mind the compliance gap

    by Ivan E. Velez-Leon, Salvatore Cantale Published 23 May 2022 in Finance • 6 min read

    In many businesses, compliance training fell by the wayside when Covid-19 altered priorities and made in-person teaching impossible. That could have significant ramifications. As a result, businesses should refresh both how training is provided and the syllabus itself.

    Are businesses sleepwalking into compliance failures? As the COVID-19 pandemic forced most industries to shift to remote working, one casualty was the loss of in-person compliance training programs. Research from KPMG shows that 23% of organizations fear the effectiveness of their compliance and anti-fraud training programs has been adversely affected by the shift to home working; 16% warn fewer people have been able to take part in in such training. 

    From financial services, where staff are not kept up to date on how to prevent money laundering, to life sciences, where medical protocol changes are continuous, many sectors now face significant compliance-related training gaps. The consequences could be serious – especially in regulated sectors. In financial services alone, firms worldwide paid a total of $5.4bn of fines for compliance breaches related to money laundering and data privacy last year. 

    Moreover, firms that fall short on compliance are vulnerable to gaps in related areas. Compliance work is often closely linked, for example, to fraud prevention and cybersecurity, and breaches in these areas can be devastating. One study has put the annual global cost of cybersecurity attacks at $6tn. 

    But the biggest danger of all may be reputational risk. With research suggesting trust in businesses already at an all-time low, compliance failures and related missteps could further undermine the brand value of businesses that are caught out. In some cases, these businesses will not survive the backlash from customers, employees and investors. 

    These are not theoretical risks, with a growing number of companies reporting concerns that interruptions to compliance training are now hitting home. Training that was originally delayed for a few months at the outbreak of Covid-19 was put off for longer and longer. Now businesses are seeing the consequences. 

    One life sciences company points to a sharp reduction in the number of calls to its whistleblower hotlines since training slowed; it believes the problem is that employees are no longer so sure which issues and concerns to report. Another business has become increasingly worried that supply chain disruption has forced its procurement teams to expand its sourcing – and that in the absence of training, the importance of maintaining supplier due diligence may be sacrificed in the name of keeping the business stocked. 

    Many organizations have tried their best. The Association for Talent Development (ATD) says that compliance training accounted for 14% of training delivered during the pandemic at the organisations it surveyed, more than any other type of learning support. However, with total spending on training falling sharply according to the ATD, this was a slightly larger share of a much smaller pot. 

    Recently, the Lapsus$ gang hacked Microsoft's Azure DevOps server containing source code for Bing, Cortana, and various other internal projects.

    No going back: How to close the compliance gap

    The obvious way to get back on top of compliance is to prioritize training as part of the organization’s risk management program. After all, risk registers and remediation plans put in place before the pandemic very quickly became obsolete, or at least out of date. Organizations urgently need to revisit that work. 

    A simple return to the training programs of the past will not resolve the issues of today. There has been no return to “normal,” and there is no likelihood of there being one any time soon. Hybrid working practices are now widespread, if not universal, which means that face-to-face compliance training will not reach everyone it needs to quickly enough. 

    So employers need to shift to new types of learning – and provide it in much more sophisticated ways. For example, many organizations have pivoted to online training by taking advantage of the ubiquity of video-conferencing tools.  

    Too often, however, this training is one-dimensional and lacks engagement from the audience. In the compliance context, where staff may feel that training is necessary but uninspiring, important messaging may not get through.

    Training needs to become more collaborative and use simple techniques such as audience polls during training sessions to see who is engaging. And it may be necessary to require participants to keep their cameras on to encourage genuine attendance. 

    It is not just the style of training that has to change. The content also needs an overhaul. Compliance training does require some basic modules on rules and regulations and how to follow them, but today there are also some new requirements. Staff working in new ways, often outside the office with less support than in the past, need to make nuanced judgements about difficult issues for themselves – particularly given the way the threat environment is evolving rapidly. 

    For that reason, some organizations are now shifting to an approach that emphasizes the skills employees need to identify failures for themselves, rather than more prescriptive measures. They are introducing codes of conduct that effectively operate as frameworks, providing a reference model that equips people with the means to evaluate whether an action complies with the organization’s ethics and integrity standards, rather than listing dos and don’ts. 

    Learn more about the program
    In the wake of the pandemic, more and more people want to do business with organizations they perceive as honest and authentic

    Change the message and take compliance seriously

    Indeed, training cannot cover every eventuality, nor can it ensure continuous vigilance. That calls for a widespread shift toward recognizing the compliance imperative. And this will only be possible if organizations build this imperative into their internal communications strategies, with the right messaging flowing down from leaders to managers and the rest of the workforce. 

    Culture is the broader issue here. One reason why training has been allowed to slip during a period of disruption is that many organizations see compliance as a defensive task that comes second to the “day job” and activity that creates value. Employees often feel the same, which is partly why they may struggle to engage with compliance training. 

    Now there is an opportunity to look at compliance again, and to build a case for taking it seriously. After all, in industries where there is evidence of widespread mistrust, building a reputation for honesty and integrity through impeccable compliance can provide a competitive advantage. 

    That might have to start with some firefighting. For example, gap analysis to understand which areas of compliance training have been shortchanged, so that these issues can be promptly addressed. But more broadly, this is a moment to think afresh about building a culture of integrity that goes beyond regulatory compliance and builds trust. 

    The compliance advantage benefits brands

    That has never been more important. Studies suggest that in the wake of the pandemic, more and more people want to do business with organizations they perceive as honest and authentic. And it is not just customers who place importance on such values. Reputation is equally important to staff, with as many as six in 10 people changing jobs in search of an employer whose values they share. In a tough market for recruitment and retention, no organization can afford to ignore this trend. 

    In that context, there is a clear business case for leaders to invest time and resources in the levers that are most likely to shift the dial for their organizations’ integrity. Those organizations that are unable to demonstrate a culture of trustworthiness and reliable will lose out in the battle for talent and the race for market share. 

    So all roads lead back to compliance. For organizations where compliance follows from purpose, training will be an essential and natural part of building a culture of integrity. The benefits will follow – not simply protection against regulatory sanction, financial loss and public embarrassment, but also an increase in brand value. 

    Authors

    Ivan E. Velez-Leon

    Managing Director at KPMG

    Ivan E Velez-Leon is a Certified Public Accountant and Certified Fraud Examiner with over 20 years of business advisory experience, encompassing assignments in the commercial, retail, financial services, industrial, and governmental environments. He has assisted organizations and attorneys in the US and Latin America with fraud, white-collar crime, bribery and corruption investigations, fraud risk management, fraud / corruption risk assessments, and third-party risk management, due diligence, and dispute advisory services.

    Salvatore Cantale - IMD Professor

    Salvatore Cantale

    Professor of Finance at IMD

    Salvatore Cantale is Professor of Finance at IMD. His major research and consulting interests are in value creation, valuation, and the way in which corporations structure liabilities and choose financing options. Additionally, he is interested in the relation between finance and leadership, and in the leadership role of the finance function. He directs the Finance for Boards, Business Finance, and the Strategic Finance programs as well as the Driving Sustainability from the Boardroom program and the newly designed Bank Governance program.

     

    Related

    Learn Brain Circuits

    Join us for daily exercises focusing on issues from team building to developing an actionable sustainability plan to personal development. Go on - they only take five minutes.
     
    Read more 

    Explore Leadership

    What makes a great leader? Do you need charisma? How do you inspire your team? Our experts offer actionable insights through first-person narratives, behind-the-scenes interviews and The Help Desk.
     
    Read more

    Join Membership

    Log in here to join in the conversation with the I by IMD community. Your subscription grants you access to the quarterly magazine plus daily articles, videos, podcasts and learning exercises.
     
    Sign up
    X

    Log in or register to enjoy the full experience

    Explore first person business intelligence from top minds curated for a global executive audience

    Register NowSign in