Is Maintaining Compliance Painful? It Doesn’t Have to Be

January 11, 2022

Ask a hundred people what compliance is to them and you’ll likely receive ninety-nine different answers. Here’s a particularly wordy and painful definition from, “Certification or confirmation that the doer of an action (such as the writer of an audit report), or the manufacturer or supplier of a product, meets the requirements of accepted practices, legislation, prescribed rules and regulations, specified standards, or the terms of a contract. See also conformance.” If you add enough words it must be correct, right?

While working with organizations in many different industries, we have come to realize the following truth, compliance is the core of B2B information. I would even say that compliance and business information are terms that are mostly interchangeable. In the B2B world, business information is best described by its qualities, TRAC-U (timeliness, relevancy, accuracy, consistency, and utility).

Timeliness is often the biggest hole in a compliance program. Compliance indicators have traditionally been lagging, a look in the rear-view mirror. Information, after-the-fact, only serves to point the finger after a failure has been discovered, it has little value to a company’s strategy and current operations. The most valuable business information is collected in real-time. A failure caught in progress may be rectified, or even turned into an opportunity — actionable intelligence. A compliance failure discovered a month, quarter or year later is just another failure.

“You are not in the business of compliance.”

Relevancy is tricky. Obviously, there are certain items on a compliance checklist that must be pass/fail, that’s the easy part. What else is there? How about a vendor’s relationship with the rest of the business world — their reputation? How do you even measure that? We’ve had compliance officers completely skip this discussion and tell us, straight-faced, that they monitor only what they’re told to monitor and then they file it. There are others that see themselves as the next Director of the CIA, thinking more information is better. The truth is somewhere in between. A solid compliance program tracks a pattern of behavior, in the larger business world, over a period of time. Only over a period of time will you be able to tell what information is relevant and what is not; and there are always indicators that rise to the top.

Accuracy is a loaded word. When shooting an arrow at a target, it’s an objective term. You either hit the target, or you did not. In the business information universe, it’s more subjective than you think. It’s a mistake to think otherwise. People are hard-wired to generalize, and generalizations are quickly perceived as fact. This can be a fatal error. There have been a few products released in the compliance software industry that attempt to apply a predictive score to the organization being analyzed. How likely is it that a business will go under? How likely is it that a company’s data will be penetrated? How likely is it that a loan portfolio will fail? There are proprietary scoring services being released on the market daily. Never forget that scores are generalizations, and generalizations do not describe individual companies well enough. Additionally, a system of scoring is an inherently lagging indicator. A good score does not preclude utter disaster, just as a bad score does not guarantee failure. Any system of scoring is always one data point away from failure. True accuracy is only achieved through the regular collection of relevant data in a consistent manner.

Consistency is the force that bonds a good business information system together. Methods need to be consistently applied and measured to be accurate. Reporting requirements and business indicators need to be consistently analyzed and weighted to be relevant. Communications with vendors and business partners need to be transparent, contain predictable content and occur on a consistent schedule to ensure timely business information. Actions resulting from non-compliance also need to be consistently applied. Finally, your team needs to consistently appraise its methods, tools, and expenses to maintain utility. If you take a hard look at a failed compliance program, consistency is usually where it all fell apart.

“Any system of scoring is always one data point away from failure.”

Utility is the gift of an adequate compliance or business information system. Notice that I used the word “adequate.” It’s not a very powerful word, is it? Even though it may feel like it sometimes, You are not in the business of compliance. However you organize it, however you monitor compliance, however you collect business information, your compliance program should only be as big as it has to be to be adequate, don’t waste resources on it. A compliance program can save you money, just remember that it will not make you any more money. Select your team, give them the tools to do what is required and protect your profits.

Trust Exchange wasn’t created to tell you how to maintain compliance, it was created to take the pain out of the task through automation, collaboration and customization. Ask for a demo. This problem can be solved.