6 Tips to Build a Modern Compliance Function for Your Firm

tips compliance function

With compliance responsibilities growing by the minute these days, it has become crucial for companies in the financial services sector to set up a strong, dependable and efficient compliance function.

However, many companies, specially the newbies and smaller operations, might have little experience or knowledge on how to properly establish an in-house compliance department that will cover most, if not all, of its regulatory duties.

As explained by Thomson Reuters, a solid compliance function “moves the company from reactive to proactive in detecting and preventing wrongdoing” and “helps establish the right ethical tone at the company, making it easier for employees to make the right choices.”

Plus, it prevents companies from being slammed with fines by the regulatory authorities.

With this in mind, below we will lay out several tips or issues to keep in mind when designing and developing a compliance function within your company.

Have a look and do let us know if there are any important items we have left out.

Get the Bosses on Board

If upper management is not on your side, then your efforts to establish a compliance function will be in vain.

For instance, if your company has a Board of Directors, it is essential for you to run this need by them and have them fully committed to the idea of setting up a specific team, standards and procedures to deal with compliance.

Yes, working on this effort might cost time, money and other scarce resources, but it will ultimately reward the firm in the long run.

As succinctly put by Deloitte, “the board and senior management should do more than pay “lip service” to ethics and compliance” and focus their efforts on “[empowering] and properly [resourcing] the individuals who have day-to-day responsibilities to mitigate risks and build organizational trust.”

If you’re the boss, good for you. But what are you waiting to get started?

Designate a Chief Ethics & Compliance Officer (CECO)

One of the first items to check off your list is to hire or assign a CECO or at least someone who will be responsible for all-things compliance within your firm.

This person should be organized, meticulous, respected and, above all, ethical. Having integrity at this level is a non-negotiable as the CECO will be setting the tone for the company when it comes to complying with anything and everything the regulatory authorities demand.

According to Farid Isayev, who leads KPMG’s Law in Azerbaijan, CECOs are required “to instill a culture of compliance, nurture an environment where employees understand the value of honesty and integrity, and encourage everyone to take compliance issues seriously.”

Likewise, he adds, a good CECO has “to build a strong organizational ethics and compliance program, which is a high priority in any organization.”

Run a SWOT Analysis

Since you’re starting from scratch or close to scratch, you need to have a complete picture of what’s currently missing in your company when it comes to compliance.

Hence, determining your firm’s strengths, weaknesses and any gaps related to fulfilling its compliance obligations are paramount.

A simple SWOT analysis (Strengths, Weaknesses, Opportunities, Threats, for those of you wondering) is a good starting point in defining some of these issues.

What’s interesting is that the SWOT analysis can be run at a company-wide level, as well as specifically on the person hired to be CECO.

For instance, GRC 20/20’s Michael Rasmussen writes in a blog post for Convercent, a leading ethics and compliance cloud solution, that as a CECO, you may need “to evaluate where you are now in your role, capabilities, and program, and what you need to work on to deliver the leadership and skills to achieve your goals moving forward.”

By carrying out a SWOT analysis at an individual level, CECO’s will be equipped with “an honest evaluation [that] will inform your strategic plan as you prepare for the rest of 2021, and help you build a compliance and ethics program with an aim of integrity in an era of risk and change.”

Formulate Basic Standard Operating Procedures & Code of Conduct

If you don’t have a set of guidelines or ethos for your compliance function, then it makes little sense to even get started.

It is essential to formulate a basic standard operating procedure that can be shared with your entire organization, laying out the distribution of responsibilities and steps to be taken by each individual to make sure the company is complying with its many regulatory obligations.

This will also include running frequent compliance risk assessments and tests to determine where further work is required and monitoring any progress made.

As succinctly put by Convergepoint, a regulatory compliance software provider, “by having a set of SOP that define the personality of the organization, it sets the standards by which the organization requires its constituents to abide by,” therefore helping lessen “risk by ensuring that all employees are on a level playing field and have the knowledge of how to act in a given scenario.”

At the same time, there should be a solid code of conduct in place defining what is expected from employees in terms of their overall behavior, thoughts and duties vis-à-vis the compliance function. Developing a robust code of conduct will allow you to establish and promote a culture of integrity within the firm.

Some things to keep in mind when formulating this code of conduct include talking to employees at all levels about what’s important to them, actively and continuously promoting its ideas so it becomes embedded in the organization, and keeping its message as simple and direct as possible.

Also, please always remember that both your SOP and code of conduct should be closely aligned with your overarching mission, values and goals as an organization.

Educate, Educate, Educate

Training your compliance team and the rest of your company’s staff is paramount to building a compliance culture that will perform in an efficient, ethical and responsible way.

There’s no point setting up an entire compliance function and then have your company’s employees not understand or be oblivious to what has to be done to remain compliant.

As suggested by Thomson Reuters Legal, there are some things you should keep in mind when training your staff on all-things compliance.

This includes relaying information in an easy-to-understand and simple way, making the training sessions fun by gamifying them, using online platforms when necessary, and emphasizing both the spirit and letter of the law.

Most importantly, Thomson Reuters believes “employees should understand that the company wants them to do the right thing, and compliance makes the company better and keeps it from getting entangled in lawsuits or regulatory actions.”

Streamline Reporting (or Embrace Tech)

Last but not least, you have to make it as easy as possible for your team to fulfill its compliance duties, whether it is submitting a report to the pertinent regulatory authority or setting up a system to track potential risks or disseminating information to senior management.

Streamlining these process generally involves embracing technology and the many advanced solutions available to companies these days.

According to MetricStream, a company that offers tech solutions for compliance, risk, auditing and the like, there are many advantages to incorporating technology into your compliance function.

In a recent blog post, MetricStream mentions tech’s ability to: 1) “aggregate and consolidate all their compliance information in a centralized repository;” 2) “help organizations define and link foundational compliance elements such as objectives, processes, risks, controls, and regulations;” 3) “accelerate workflows around policies, cases, compliance assessments, and other processes,” and; 4) “[enable] stakeholders to proactively spot areas of concern, as well as opportunities for improvement.”

If you have any questions or comments, do not hesitate to reach us at info@igca.org. We’d be happy to help.

Contact us




By submitting this form, you submit your information to IGCA, who will use it to communicate with you regarding this query and their other relevant services, based on legitimate interest. You will always be given the opportunity to opt out of any future marketing communications