Don’t Wait for the Knock on the Door: Transforming Compliance Mindset in the C-suite  

It’s no secret to the C-suite that compliance directly impacts the overall success and sustainability of the organization. There’s internal compliance, regulatory compliance, process compliance, industry compliance, and many more – it all serves to protect the company from penalties, lawsuits, and reputational damage.  

Yet here’s a truth that every compliance officer knows all too well: in most organizations, compliance is still seen as a box to be checked – “Are we compliant with X? Yes/No? Can we do this cheaper? Yes/No? Next item on the agenda!”  

Compliance will always be a cost center. And since every organization naturally strives to lower costs, that leaves compliance simultaneously on the C-suite’s radar…and squarely in its crosshairs. 

In recent years, more and more organizations that were quietly confident in their compliance have been surprised when regulators knocked on their door and found them not in compliance. Yet these occurrences are not inevitable. To head them off, without breaking the compliance budget, compliance stakeholders need to shift C-suite attitudes – and those of the organization as a whole – towards a culture of continuous compliance. This is not an impossible feat (even if it seems that way sometimes). If company culture is a big ship to steer, C-suite mindshare is the supertanker. Moving the rudder takes time and persistence but starts with culture and compliance working together. Here’s how to get started: 

The Five Pillars of Shifting C-Suite Compliance Minds 

To keep compliance top-of-mind in the C-suite and below, compliance officers need to constantly offer company leadership a clear window into organizational compliance. C-levels need to see constant and real-time compliance insights, not just after-action reports. They need to be able to evaluate compliance the same way they evaluate business performance – approaching it as a business metric that requires constant attention (which it is). To make this happen, here are some steps to take: 

1. Establish and monitor compliance KPIs 

To be proactive in a dynamic business ecosystem, executives monitor various financial and market KPIs. To be proactive in compliance – staying ahead of risk and not just reacting to it – the same thing needs to happen with compliance. Establish and constantly monitor organizational compliance KPIs. What do these look like? For example: 

• A peak in insider trading or employee misconduct indicators  
• A peak in escalations of compliance issues 
• How effective the internal compliance program is at covering specific risks that are currently relevant – a specific cyberthreat, a specific emerging regulation in a specific market, etc.  

2. Make it an organizational thing, not just a departmental thing 

For nearly 2 decades, digital communications were email. Period. It reigned supreme as the primary mode of business communication. However, this landscape has experienced a seismic shift, bringing with it complexities that were previously unforeseen.

Everything has changed in the past couple of years with the proliferation of mobile technology. Litigators and compliance professionals must build solutions that can adapt to the multiplicity of communication channels as they come online. The challenge lies in determining what to preserve and collect, which can be somewhat subjective.

Aronson lamented, “Now you must consider emojis, personal communications like WhatsApp, SMS, complex data sources, massive volumes of data, and of course it’s just growing. It is simply not possible to preserve everything because there are just too many ways to communicate. We are going to have to come back to relevance.”

3. Speak the language of business 

To demonstrate that compliance is a strategic advantage rather than just a cost center, compliance teams need to adopt the lexicon of business. They need to understand business objectives and how to present compliance programs in the context of them – rather than in regulatory terms. When speaking in terms of budgets, they need to highlight the benefits of compliance – how compliance can facilitate growth – and not just the costs associated with noncompliance (more on this below).  

4. Show that compliance is more than just another expense 

To demonstrate to executives that compliance is not just an expense but a revenue facilitator, compliance stakeholders should highlight how compliance creates: 

• Competitive advantage – Compliance is a serious differentiator, attracting customers for whom compliant business practices are important.
• Market reach – Compliance can open doors to new industries in new jurisdictions that require adherence to specific regulations for market entry. 
• Customer trust – Compliance can dramatically enhance customer trust and loyalty, helping foster long-term customer relationships. Think of the opposite – when we learn a company wasn’t compliant or had a data breach, we’re more reluctant to give them business. 
• Risk mitigation – Compliance lowers the risk of expensive legal issues, penalties, and reputational damage. We’ve all seen the rising costs of fines broadcast across the headlines recently. 
• Operational efficiency– Compliance frequently drives process improvements and operational efficiencies that lead to cost savings, productivity, and smarter resource allocation. 
• Investor confidence – Compliance attracts investors looking for evidence of strong governance practices and ethical behavior. 

5. Create a culture of compliance 

Finally, to create a culture of compliance, start by clearly communicating the importance of compliance to all employees, at all levels, from day one. From onboarding to everboarding, educate employees on their compliance obligations, the benefits of compliance, and the consequences of non-compliance. Foster open communication channels for reporting concerns and ensure protection for compliance whistleblowers. Embed compliance deep into the organizational DNA by tying it to compensation – for example, a lower volume of compliance escalations or external regulatory inquiries should play a role in bonus calculations. 

The Bottom Line 

Don’t wait for the knock on the door. Compliance is a strategic advantage and revenue facilitator – not just a cost center or box to be checked. By establishing and monitoring compliance KPIs, making compliance an organizational commitment, speaking the language of business, showcasing compliance as an investment, and creating a culture of compliance – compliance stakeholders can not only raise C-level awareness, but also do their part to safeguard the company’s long-term viability.