No matter your industry (or your size), every organization needs to make compliance an essential part of business operations.
But what does compliance mean? Simply put, compliance is ensuring your company and employees follow the rules. And these rules could include a mix of pertinent legislation, internal company criteria, and external industry requirements.
These rules provide the target you need to hit, as they denote the compliance benchmark or compliance standard your company must meet.
Taking this a step further, then, what is compliance management? In light of all these requirements, compliance management focuses on the process of ensuring your company and employees follow these rules.
The methods and tools used for compliance management can include policies and procedures; internal audits; third-party audits; technology applications; reports and documentation; and security controls.
When determining how to handle your compliance management, look first to the compliance standards you need to meet. Whatever the law mandates will dictate the specific compliance benchmarks you need to aim for.
Beyond legal requirements, though, you can let corporate culture and industry norms guide your efforts, as there is no one-size-fits-all approach.
Ultimately, you need to decide an approach that meets your organization’s specific needs when planning, implementing, monitoring, and enforcing your compliance efforts.
That being said, three general approaches can provide guidance on the compliance management path that works best for you.
Strict, top-down approach
With this compliance management approach, a strong authority figure strictly enforces the rules throughout the company.
Here, compromise and flexibility do not exist. A situation is either black or white, right or wrong, end of story.
The authority figure ensures compliance with those very strict standards with little recourse for any lapses.
For certain fields, like the high-risk manufacturing and healthcare industries, this is not only appropriate, it is necessary.
If your company manufactures products, you want to ensure that you meet those predefined specs every time to consistently produce safe, quality, uniform
products. And if human lives are on the line, you need to strictly adhere to the rules to provide a safe working environment for employees and a positive outcome for patients.
This authoritative compliance management approach could even make sense in less-regulated industries.
For instance, any time an employee engages in risky behavior (such as operating heavy equipment while intoxicated), he puts his own safety, as well as the safety of others, at risk. Clearly, there is no room from compromise in this type of dangerous situation.
Another take on compliance management adopts a more flexible stance.
Here, the authority figure sets high-level guidelines but leaves the specific procedures and processes up to employees to figure out.
Of course, you can’t bypass anything the law mandates; but for other benchmarks, some flexibility could come into play.
The hands-off approach works for results-oriented industries where you set your own high standards, but you aren’t necessarily suffering legal or regulatory consequences if you fail to meet them.
That doesn’t mean that your standards lack importance, but it does mean you have the ability to give employees more room to maneuver within those standards.
For instance, if you promise to deliver an online order within three business days, you won’t be fined if you deliver it in five days. You might lose that customer because you didn’t deliver on your promise, but the government will not slap a fine on you for the delay.
Shared or distributed model
This approach involves everyone working together to make compliance their priority.
This distributed model means everyone understands the compliance problems, how they impact their daily responsibilities, and what they need to do in order to achieve and prove compliance. Compliance is not dictated from the top down, nor is it a case-by-case judgment call based on high-level guidelines. Instead, it takes a “we’re-in-this-together” approach.
This idyllic scenario still requires leadership in order to communicate, track, and set those compliance standards. However, it is done in a way that pushes the responsibility for maintaining and tracking that compliance to all levels of the company.
For example, this approach can work in a financial institution where every employee understands the laws and regulations and knows what they can and cannot do to stay in compliance.
Further, every employee actively tracks their processes in order to prove out they are in compliance.
How do you achieve this? Only with strong compliance leadership, very good communication, ongoing training, and organized systems in place to make all of it distributed throughout the company.