Are you BOARD of Compliance?

I remember reading a story about the first passenger flight which had TVs where passengers could select channels. It was a transatlantic flight and when the plane landed in the states, there was press and reporters etc there to ask questions and report on this amazing new way of travelling. What was reported was NOT what was expected.?

As the passengers disembarked from the plane, they were asked for their opinions. The majority said it was good BUT they would have preferred more channels.?

This got my braincells jumping and I wanted to then understand the reason behind the lack of compliments and the desire to have more when you’ve been given enough. ?

The study of the brain and research into Neuroscience shows there are seven core ‘instincts;.

These are:?

Anger

Fear

Panic-Grief

Maternal Care

Pleasure/Lust?

Play?

Seeking

Strangely, of these seven, the one that means more to the human race and the one that impacts our lives the most is the ‘seeking’ instinct. Seeking something impacts the human brain more than finding or achieving something. Like winning the lottery or achieving a major goal provides us with instant pleasure but not long term satisfaction. Is this the same as the many tasks around compliance and the fact that we don't get pleasure from achieving Compliance to something as the pleasure is in the process? ?Strange concept right.

When we then consider this in Compliance in Housing today, we can see why boards are somewhat disturbed with the direction or are being seen to show little or no attention to what would be seen as a significant thing to manage. It’s not that the passion and desire to provide safe homes is not a top priority, its just that the bar keeps moving and as such the ability to seek a moving target, or a target that didn’t exist 6 months ago but now seems more important than the things we’ve tried to manage over the last 20 years, maybe this is why the perception is that the desire isn’t there. We just don’t know what to do and feel like we are stood on the edge of a cliff ready to fall. ?

We can couple that with the many brands coming into the market who are diluting the understanding because they can see the word compliance as a money making market.?Brands that promote compliance yet don't do compliance have zero accountability to risk and as such dilute understanding.

We can drill a little deeper into some of the issues we face in ‘Compliance’ which may, or may not, provide an even better insight into why board level executive teams look sideways at the task of compliance. I think a major factor, from a personal opinion perspective, is that of interpretation on some areas of compliance. For example:?

Electrical compliance has never been clearly defined because no one wants to stick their head up and be counted for. It’s much easier for the sector to provide documents and regulations that should be interpreted and applied based on the organisations need. This isn’t helpful when the churn rate in housing associations is high because something interpreted one way could be back peddled if that individual leaves and someone else steps in.?

The question is, whats right and whats wrong? Can common sense ever play a part in the decisions we make around managing aspects of compliance or are we constantly changing what we think based on the committees who write what they feel is best from their perspective??

Theres also a massive issue in the UK whereby the management of risk is seen to be different geographically. I have noticed since leaving Housing and taking up the roll of CEO in TCW, that people inside the M25 see competence, quality and the management of risk differently to those outside of the M25. I remember working for Leeds City Council and having a great relationship with people around me who did a great job. I then started to push some buttons in London around risk and competence and I was met with side eyes because I didn’t have letters after my name. Once I gained these I was seen as someone who should be listened too. Strange really because my understanding hadn’t changed dramatically, my experience slightly. ?

I often wonder how we can be consistently judged against a set criteria yet the differences in how we manage risk are not accounted for. Furthermore, we are judged against compliance on financial performance yet public safety obligations is judged based on a few brands opinions rather than a true understanding of risk.?

For example: A senior consultancy firm has, multiple times, pushed organisations towards the Housing regulator due to outstanding C2 observations on electrical yet the whole premise of a C2 is that it is potentially dangerous. The risk isn’t there but the potential is….., surely that simply applies to all aspects of the management of risk. The potential is why we manage it…?

Again, interpretation driven by a commercial need will also present things that can be debated either way.?

Some other key considerations on how teams are managed, this is important as how you manage people determines their output. Theres some cool research on the different types of leaders and leadership styles. For example, Lewin’s leadership styles give us a great insight into how some people demand or trust in the output of their teams. The autocratic leadership style demands obedience and looks at peoples opinions, whether fuelled with experience, skill, knowledge etc or not, as lesser in importance than their own. This is a dangerous style of leadership as it pushes people away. Something `I am seeing a lot these days when I pop into organisations to help answer some key questions. In fact, a few months ago I was asked to review a specification and assist a director in putting together a set of KPIs for a contractor. I attended the meeting and within 5 minutes knew I needed to dip out and leave the director to his own self obsessed ways. Just didn’t listen and knew everything already.?

We then have the diplomatic leadership style, which in my opinion is by far the best when it comes to managing risk and applying accountability across an organisation. It needs trust and the board level team need to know that when an accountable person speaks, it’s time to listen. However, it’s not all about the leadership team, the person under management needs to make clear decisions and not over exaggeration of an issue that can be managed. Ive also seen this and find it sad that most organisations I go into confirm that their engineering tribe don’t understand the organisation and so constantly state we are non compliant without giving clear opportunities to improve. It’s a collective task whereby everyone needs to be singing off the same sheet.?

The other leadership style is Laizzes-Faire which in truth, is not an ideal method for managing public risk. It’s good for some things but I don’t feel compliance and risk is it.

So let’s flip this on its head, let’s stop talking about why we do this wrong and focus on what we can do to show improvements.?

First things first, every board and executive team should create a document that defines what Compliance means to their organisations. From a personal perspective and not fuelled with Regulations and Standards.?

An example:?

Compliance within our organisation should be measured in two ways. The confirmation that risk is managed through a process and that the process can demonstrated at all levels. The second element is the satisfaction reported by those we provide safe havens for.?

Obviously the document would be build around those points and be in much more detail than I have added. But you get the picture.?

The next port of call for any organisation is to apply the accountability tag to an individual or team and to cement that accountability across the whole organisation. It won’t work if you expect someone to manage something they can’t see or control.?

So you have a document that defines why you manage risk, you also have a document that defines who is accountable for the management of risk. Now comes the important part……

We remove the word compliance from the equation. The truth is, the management of risk is not the management of compliance. It never has been. The management of risk involved an element of compliance management but is ultimately focussed on the need to achieve undoubtable assurance that people are safe.

For the avoidance of doubt, compliance is not assurance. Compliance to something does not mean it’s safe. Compliance is an overused word that has lost its meaning since Grenfell.?

In terms of how to manage this process, Ive worked with a few organisations (Free of Charge I might add) to help them discuss and clarify a few points. Im always available to help in any way.?

As a side note to this and to ensure I promote TCW. It’s important. Since 2013 when I first set up the company, and before for that matter when I had the original idea, my aim was to provide a safety net that is so well constructed that the management of risk and assurance is flawless. I genuinely feel like my company has saved lives because of the data it can get and the information it can provide. That makes me very happy even if I don't know who has actually benefited from this directly.?