As a compliance officer or HR manager, you set the framework of the compliance programme, roll it out, train on it, assess it, get feedback on it, analyse that feedback, and give data-driven recommendations and action plans to the management team and the board. You identify problems, improve the culture, reduce risks and help your company move the risks from red to green.
You may have started your compliance management by manually poring over spreadsheets, frantically chasing down documents, talking to department leads, and eventually finding – and fixing – issues. But soon after you likely found it difficult to manually manage and monitor your entire compliance programme. That’s when you started looking for ‘compliance tools’ to save you time and help you accurately assess your programme’s performance.
But does the compliance tool really do what you want? The software you’ve purchased over the years to facilitate an array of tasks may not play well together. All you wanted was reduced administrative tasks and easier tracking so you could get the big picture; in fact, what you have is a tangle of disparate tools creating silos of trapped information, keeping you from the insight needed to unravel issues. You only wanted a ‘carrier pigeon’ that reduced your burden, but instead you bought a bulky automobile with complicated engines and gears – and now you need to learn how to use the porter.
If you’re feeling this way, you’re not the only one. While the tools are meant to solve problems, they can actually end up creating more work.
We know compliance programmes are not a ‘one-size-fits-all’ thing. Even though the general goal may be common and the framework standardised, each organisation has their own set of problems and the rules and decisions are not the same. Just because a tool has the biggest market share doesn’t mean it will be the best for you and your company – on the contrary, it could actually be the worst option for you. Let me explain why.
You want to roll out your compliance policy and programme, train, communicate, get feedback, and then track and document everything in one place.
Let’s think about what you really need to accomplish this.
It’s obvious that communication is the most vital part of your compliance programme. For successful communication, you need to be able to connect to your employees at any time through the device they’re most comfortable with. Ideally, you’ll also be able to expand your audience beyond just employees. If you consider other stakeholders, including third-party vendors, resellers, suppliers and your board, you can cover a bigger scope of your programme. The space and connection needs to be individualised (not like a web portal or compliance website), interactive and secure, and should allow anonymity where possible (as we know a higher percentage of people are more likely to engage if they can remain anonymous).
Say you have to release a revised work-from-home policy during the pandemic, including mandated updates about vaccinations and wearing masks when returning to the office. After you update the policy you need to send it out to all employees to read through and sign. You would also like to check their awareness by sending a test or survey to them. Afterwards, you would like to know whether the new policy and rules are accepted and get some feedback and ideas for improvement.
Or you would like to send out a reminder to all about disclosing conflicts of interest, including an updated gift policy and the request form so it is available at their fingertips.
What about if you want to send out an annual ethics and compliance survey so you can analyse the current speak-up culture and attitudes and plan out what should be enhanced to improve the culture?
Getting used to a platform takes time and money, so it’s important to choose the right one. Many companies often select a vendor based on what’s been built already. That may look more convenient and as though it may fit to your current needs, but you’d be making a decision based on the past, rather than being forward-looking. Technology solutions that develop for the future are better, and you don’t want to be stuck with old-school technologies or concepts.
But the future is not determined, so what do you need to consider when choosing the right vendor for your current solution?
A bigger company is not necessarily stronger here, as being agile can be only achieved by minimising the stakeholders. You want a dedicated client service team that can advocate for your needs and escalate and follow up for you.
Even though the end goal will be the same, technology solutions can be designed very differently based on each user’s circumstance. A tool will work best if it’s designed for your specific use case. A very different approach should be taken to design a tool for one or a few teams instead of for 100 team members. Tools that have been optimised for larger organisations will have more layers in terms of permissions, authorities and collaborations etc, taking up a chunk of development time but leaving small- or medium-sized teams with extra unnecessary routes and configurations. A general commitment of configurability or flexibility can’t cover all use cases, so it’s important that any tool has been designed with your specific use case in mind. A vendor with a market size similar to your company’s market size will be far more likely to be thinking in the scale that you need.
Ask your in-house IT team to check and review any potential vendor’s technology. Determining whether the vendor is using cutting-edge modern technologies or old-fashioned stacks can give you proof about their commitment and the status of their technology.
Surprisingly, many compliance solutions that are marketed as a single tool actually offer individual apps for each piece. Often the most powerful and useful tool will actually be the simplest. The more comprehensive the tool, the more complex it will be to configure. A more practical and efficient way is to automate a task that takes up 80% of the time in just a few minutes, and continue manually doing the other 20%, than spending weeks, months or even years attempting to configure an entire process.
You wouldn’t advise your management team or board members to comprise a compliance programme if the action plan was not fit for purpose and you anticipated that it would fall apart at some point. So why would you choose a solution that doesn’t support your specific needs with nothing more than wishful thinking that it will work?
Despite the growing number of products in the market, you need to determine what the perfect solution is for you and your company to manage compliance.
Whatever tool you choose, it will need to work for you and your programme. After all, it’s you that is building and executing the programme, not the ready-made tool.