Compliance is not a 4 Letter Word (and can even be fun)

For most businesses, just mentioning the word “compliance” causes eye rolls, discomfort, or even some screaming.  My experience shows that once you understand what needs to be done and why, it can even be a little fun.  To accomplish this, you just have to have the right mindset and follow a few tips.

1. Understand the rules and tell your team why they exist

People generally do not like to have someone tell them they can or cannot do something, much less having an outsider conduct an audit.  We feel this is the largest reason the word “compliance” evokes negative feelings.

Explain why a requirement exists to your team.  Mindsets change rapidly when your company says “Dodd-Frank helps protect the integrity of the financial markets” or “Graham-Leach Bliley requires us to do this because we are part of keeping someone’s personal information protected.”  Once your team understands why compliance is important, it is much easier to motivate them to participate in the process successfully.

2. Accept the gray areas and dive in rather than run away

Most of us prefer black or white answers.  Bright line rules rarely exist when it comes to compliance.  Laws are too imprecise to contemplate every scenario and so there must be gray areas (i.e. customary and reasonable fees).  I say challenge your team to overcome those gray areas by teaching them how to confront them confidently.  It is easy to cross a goal line when you know where it is.  While that may feel good, crossing the goal line when it is hidden and you know how to get across it provides an even greater feeling of accomplishment.

The general process we use at our firm is called putting “borders on the box.”  First, write down the actual legal requirement (not something you see on an internet blog or paraphrasing).  Research the actual law or regulation.  Then think of the situations that are clearly in and clearly outside the lines.  Chances are, your business operates through the “clearly in” knows the “clearly out” situations, and often has events that come somewhere in between.  Congratulations!  You have just found the borders.

Last, motivate your team to come up with best practices to ensure that gray area situations end up closer to the “clearly in” border.  As good as my firm is at assisting with these practices, nothing beats having them developed by the people who see them day in and day out.   See who can come up with the most creative, most efficient, or most cost effective practices.  Then reward them for their efforts!

3. Put together a team

A business should never tackle compliance by themselves.  Talk to your clients about what they need.  Speak to your vendors on what they can do to help.  I find it helpful to talk to the regulating authority too.  They all have audit checklists, best practice tips, and advisory opinions to help put borders on the box.  Click here for an example of the CFPB Review Manual.  Plus, they are usually free (it is your tax money).

4. To make things easier, first make them simpler.

Often times a new law or regulation comes out and I get a call to “make us compliant” or other vague questions like “Is this good?”  To answer that requires that I look at the item in the bigger picture, in the trenches, and then back.  What I usually find is a hodge-podge of policies and procedures that no one has read, no one is trained on, and sometimes wholly contradict one another.

A great example of how to do it right is Nationwide Appraisal Network’s Compliance Manual.  It is much easier to see their efforts in context because they keep it one place.  If a change in appraiser confidentiality is made, we go straight to their manual which shows us 1) the policy, 2) the legal requirement (e.g. what USPAP actually says), 3) how they train their team, and 4) how NAN monitors it all.  This permits them (and others) to easily take that big picture look without getting lost in the forest because of the trees and is exactly how a business makes compliance simple, smart, and solid.

5. Check, double-check, and re-check

This was a phrase hammered into me during my time in the Army where forgetting something has much worse consequences than an audit.  Having policies and procedures is great.  Double-checking them is even better.  But the best compliance efforts I see come when you check, double-check, then re-check.  You will often find new situations you did not contemplate (see #2) and even gaps you forgot.

If you want solid compliance you need to go back and train, test, and rework.  To make it fun, engage your employees in a contest to find those gaps rather than the most “compliant.”  It is better and easier for an employee to find a hole rather than say one doesn’t exist.

Making compliance something other than a 4 letter word is not always easy, but if you understand how to tackle it properly, it can even be fun.

Jeff Baughman is the founder and CEO of Spartan Law Group whose mission is to help lead its clients through the gray areas of business. 

ERROR: 5 - Didn't receive 200 OK from remote server. (HTTP/1.1 400 Bad Request)