Don't overwhelm the work floor with compliance; then you slip

Many companies and organizations have set up compliance departments that are responsible for compliance with laws and regulations. But the involvement of these specialized departments is no guarantee of compliance. This is because they do not speak the language of the workplace sufficiently and are not sufficiently in line with the processes there. And the workplace is where the processes that determine whether or not you are compliant take place.

?

Do you know the movie Modern Times by Charlie Chaplin? In it, the famous comedian has to fight to stay afloat in modern industrialized society. The film has a fantastic scene in which Chaplin can't keep up with the speed of the conveyor belt, literally spins and is carried away by a man-sized gear.

?

Don't overwhelm the work floor with compliance; then you slip

Buckets full of regulations about the workplace

I often see that image in my mind when I think of the buckets full of regulations that are poured over the work floor, where the human dimension seems to have been lost. The rules then run off with the people instead of the other way around. While compliance is nothing but behavior. These are agreements that everyone must adhere to. Nothing more, nothing less.

?

Compliance is a monster of our own creation

Yet compliance is a monster that we have created ourselves by invariably responding to incidents with stricter requirements, rules and protocols. But because laws and regulations are based on a model, they rarely fit seamlessly into reality. As a result, new incidents arise and the control reflex triggers a new flow of rules and the monster continues to grow.

?

Companies often don't know enough about which rules have been implemented

I know from experience that the boards of companies and organizations simply do not always know whether they fully comply with laws and regulations that are relevant to them. This is because they have insufficient insight into what has and has not been implemented. Yet they will always say that they are in control. Openly doubting this is not done. Compliance is their license to operate: they can't and aren't anything if they're not compliant.

?

Tame the monster by adapting rules to the work floor

An individual company is not going to break the regulatory reflex, but it can translate the rules to itself in such a way that the risk of non-compliance is much smaller. That requires a different way of looking at those rules. In my view, the Compliance department is the guardian of internal and external policy. If a company has to adapt to a new rule or law, Compliance must ask itself questions such as: what does the legislator expect from me? What is the spirit of the law? The legislator doesn't know our process, but if we look at the spirit of the law, what does fit?

?

Work floor must be the starting point of Compliance

Not the legal texts, but the work floor should be the starting point of Compliance: how do our processes run and how do we translate them into rules and regulations. The rules provide the framework within which work must be done. Nowadays, the workplace seems more like an incident trail with endless legal cones looming out of the blue.

?

Speak the language of your employees

In my experience, things often go wrong with this translation and compliance officers act as if the workplace consists of paralegals who understand their language. But there are specialists in the primary process, not lawyers. They take note of a new regulation, do not always understand what it says and proceed to the order of the day. That is asking for mistakes and accidents, after which new rules will be introduced. It's like asking people to do something based on a Chinese instruction manual. But when the spirit of the law is properly transposed to the business process, an employee understands that the company is still allowed to export a lot of things abroad, but not this screw. And then a company sets up a process around it so that someone always grabs the right screw, friendly and stupid proof.

Remember that there are a lot of companies out there who claim to be compliant but the real fact is the opposite. Many times, I had to confront a compliance officer of the wrong procedures and even in the worst case this compliance officer was checking sent in documents on Google.com and this is/was a violation of the privacy law / GDPR (AVG in the Netherlands).

So, do not claim to be compliant within your branch, if you are not have any type of legal proof of this to avoid more complaints or reports in the near future.