Compliance: Underleveraged Partnerships
Most Compliance Management teams suffer badly from underleveraged partnerships.
There are the obvious partnerships that are part of the compliance job:
Mandate-issuing entities: These would include payment networks, third party processors, and governing bodies overseeing the payments industry. Your Compliance Team receives legislative announcements, operational bulletins, and release documents from these entities. Your team may then try to analyze the documents to determine if any of the compliance requirements apply to your company and its operations.
Service-providing entities: These would include third party processors, internal IT and operational support teams as well as any other in-house or outsource services your payment products rely on. Your Compliance Team may attempt to identify compliance requirements for each of these entities, or they may ask these entities to self-identify compliance requirements.
When your Compliance Team’s interactions with these partners are painfully tactical, the results are devastatingly inadequate.
Why?
Compliance mandates tend to fall in the following categories:
Regulatory requirements,
Infrastructure to support new product,
Technology to support strategic direction,
Maintenance and technical adjustments.
The first three of these categories contain tactical requirements flowing from strategic direction. Effective compliance can only happen your compliance team’s conversations include the strategic and tactical aspects of the compliance requirements.
Strategic alignment between the mandating entities, your company, and your service providers will cause the tactical compliance solutions to be strategically effective.
What other partnerships should your Compliance Team be building?
Apart from the obvious partners listed above, there are several other partnerships that will make your Compliance Team more effective. These teams will also receive material benefits from a good strategic and tactical partnership with your Compliance Team:
Vendor Management: This team manages your company’s relationship with its service providers and vendors. Part of their role is to relay compliance requirements to these entities. A good bilateral relationship between Compliance and Vendor Management provides the Vendor Management team with pertinent information to help them manage their vendors. It also provides the Compliance team with real time feedback on the vendor implications of new compliance requirements. As I mentioned in a previous blog, these two teams need to work together as one team as there is so much overlap in their roles.
Corporate strategy: This team determines the direction your company is heading. A part of that strategy needs to be informed by Compliance so that future products and services will be compliant out of the gate. As well, the Compliance Team needs to receive regular input from the Strategy team to ensure that compliance solutions match the corporate direction.
Business Continuity / Disaster Recovery: This is a role I have done for a few decades, so I have unlimited empathy for how undervalued the Business Continuity team is! A well supported Business Continuity team will have complete corporate process flow diagrams, infrastructure inventories, as well as exhaustive lists of vendors and suppliers. There is a natural partnership between this team and Compliance as each has critical information for the other.
Finance: Finance is the heartbeat of any organization. They are also a natural partner to the compliance team:
Providing reporting to the Compliance team to identify any non-compliance fees or fines,
Compliance can also give the Finance team advance warning of compliance changes that will have financial implications.
Executive / C-Suite: I don’t know if I have ever seen a CEO who knows his Compliance team. That is incredibly unfortunate for both the CEO and the Compliance team. In my experience, Payment network presentations for the customer C-Suite almost never contain anything about compliance, new technical requirements, or rule changes. However, any of these can have significant impact on your company’s infrastructure, process flow, and corporate direction. I would like to see every company C-Suite have a quarterly debrief with the appropriate people from the Compliance team. I think the two-way information exchange would benefit both groups and would give the company a strategic and operational advantage over its competitors.