It’s a given that some industry sectors fall under far stricter regulatory scrutiny than others. Anyone responsible for governance, risk or compliance in the financial, energy, food and drink, or pharmaceutical industries, for instance, will recognise how exacting their regulatory bodies are. But how often do you consider what underlies the rules you must comply with?
The philosophy behind the making of rules and regulations is rarely explored – but is an interesting topic. How much regulation is driven by questions of trust and ethics – and what do “trust” and “ethics” mean from a regulator’s perspective?
Whether your responsibility for corporate compliance stems from a legal, company secretarial or chief compliance officer perspective, understanding how issues of trust and ethics underpin the regulatory landscape will make it easier to understand the drivers of legislative priorities – and to deliver on them.
Trust and Regulation
In some sectors, the role trust plays in regulation has changed over time. Pre-2008, for instance, there was a more permissive approach to regulation in financial services, with light-touch regulation.
Following the global financial crisis, when it was determined that banks had failed to adequately police themselves, the approach to regulation had to change. Increasing – and gradually more stringent – requirements were introduced, with strict financial and other penalties if firms failed to comply.
Overall, though, when it comes to supervising compliance, regulators worldwide are moving toward a more “hands-off” approach.
Regulators are starting to trust that organizations will do the right thing places the imperative on businesses to act in a compliant way, and not to push the boundaries of non-compliance.
This demands a cultural – rather than checkbox – approach to compliance that might be a departure for some organizations. All too often, regulatory compliance has been an exercise in checking boxes – doing the minimum needed to comply with requirements, without the deep culture change that underpins a business philosophy of “doing the right thing.”
A regulatory regime built on trust requires an industry that’s prepared to do the legwork; to implement the cultural shifts needed to deliver compliance that’s built in, not bolt-on.
The Role of Ethics in the Regulatory Process
So, trust is clearly a consideration for policymakers. Ethical issues, too, are considered when legislation is devised.
NIST, the USA’s National Institute of Standards and Technology, for instance, is drafting a privacy framework that sets out an ethical framework for data usage, as reported via Federal News Network in February 2020. Designed to provide boundaries for the rapidly expanding tech sector, the framework aims to achieve a balance between innovation and the US’s privacy laws.
Talking about the framework, and the wider issue of privacy, NIST Director Walter Copan noted that “Getting privacy right will underpin the use of technologies in the future, including AI and biometrics, quantum computing, the Internet of Things and personalized medicine.”
Here, again, the need for a strategy that goes far beyond a checkbox approach is recognized. In the article, Chris Calabrese, interim co-CEO and vice president for policy at the Center for Democracy and Technology “warned organizations to not view these privacy considerations as a check-the-box exercise.”
And ethics are clearly top of mind for businesses as well as regulators; the article quotes a Deloitte survey which found that 55% of “high-growth” companies are “highly concerned about the ethical ramifications” of emerging technologies.
Good Intentions Sit Alongside Knowledge and Skills in Trust-Based Compliance
It might be expected that a knowledge of regulation and best practice underpins good governance – and it does. But while this knowledge and skill, which relies on technical ability, is essential, there is another equally important aspect. Good intentions and honesty are also crucial, depending less on technical skill and more on firms’ and individuals’ moral and ethical standpoints.
Where organizations fail to meet legislative requirements, this cultural element can be the reason. In the case of the recent California Consumer Privacy Act (CCPA), for instance, a lack of compliance has been attributed in part to “a lack of education and understanding of the Act and its aims, which hinder a culture where protecting customers’ privacy is second nature.”
When it comes to assessing trustworthiness, relying on past evidence or on documents that may evidence skill but not trustworthiness – banking exam certificates, for instance – is not enough.
Trust comprises, in the words of former U.K. financial regulator Andrew Bailey, “an expectation of future behavior, an identification of common interest and values and the development of a reputation.”
Regulation Underpinned by Trust and Ethics
Taking a trust and ethics based approach to compliance in future should, in theory, encourage organizations to take a more proactive approach. Light-touch regulation – which many businesses would prefer to draconian penalties – depends on the collaboration of regulated organizations, and the creation of compliant cultures where “doing the right thing” is second nature. Embedding this type of culture – mandating the correct approaches and ensuring employees are helped to take the compliant route – isn’t always easy, but can pay significant dividends.
Compliance software, like Diligent’s suite of compliance solutions, can help organizations to put in place the approaches that deliver good governance and minimise business risk. By making compliant policies accessible and easily communicated, and by mandating correct approaches, software solutions facilitate compliant behaviors. As a result, compliance software moves organizations toward the cultures of compliance they seek.
To find out more, request a demo to see how Diligent’s suite of governance, risk and compliance (GRC) software can help your organization to ensure compliance across your legal structures.