It’s a given that some industry sectors fall under far stricter regulatory scrutiny than others. Anyone responsible for governance, risk or compliance in the financial, energy, food and drink, or pharmaceutical industries, for instance, will recognise how exacting their regulatory bodies are. But how often do you consider what underlies the rules you must comply with

The philosophy behind the making of rules and regulations is rarely explored – but is an interesting topic. How much regulation is driven by questions of trust and ethics – and what do trust and ethics mean from a regulator’s perspective? 

Whether your responsibility for corporate compliance stems from a legal, company secretarial or chief compliance officer perspective, understanding how issues of trust and ethics underpin the regulatory landscape will make it easier to understand the drivers of legislative priorities – and to deliver on them. 

 

Trust and Regulation  

In some sectors, the role trust plays in regulation has changed over time. Pre-2008, for instance, there was a more permissive approach to regulation in financial services, with light-touch regulation. 

Following the global financial crisis, when it was determined that banks had failed to adequately police themselves, the approach to regulation had to change. Increasing – and gradually more stringent – requirements were introduced, with strict financial and other penalties if firms failed to comply. 

Overall, thoughwhen it comes to supervising compliance, regulators worldwide are moving toward a more hands-off approach. 

Regulators are starting to trust that organizations will do the right thing places the imperative on businesses to act in a compliant way, and not to push the boundaries of non-compliance.  

This demands a cultural – rather than checkbox – approach to compliance that might be a departure for some organizations. All too often, regulatory compliance has been an exercise in checking boxes – doing the minimum needed to comply with requirements, without the deep culture change that underpins a business philosophy of doing the right thing. 

A regulatory regime built on trust requires an industry that’s prepared to do the legwork; to implement the cultural shifts needed to deliver compliance that’s built in, not bolt-on.  

 

The Role of Ethics in the Regulatory Process 

So, trust is clearly a consideration for policymakers. Ethical issues, too, are considered when legislation is devised. 

NIST, the USA’s National Institute of Standards and Technology, for instance, is drafting a privacy framework that sets out an ethical framework for data usage, as reported via Federal News Network in February 2020. Designed to provide boundaries for the rapidly expanding tech sector, the framework aims to achieve a balance between innovation and the US’s privacy laws. 

Talking about the framework, and the wider issue of privacy, NIST Director Walter Copan noted that Getting privacy right will underpin the use of technologies in the future, including AI and biometrics, quantum computing, the Internet of Things and personalized medicine. 

Ethics, then, has the potential to underscore regulation surrounding a wide range of technologies in future, and even to influence product design. As Naomi Lefkovitz, a NIST senior privacy policy advisor, comments in the article, the NIST framework should “allow organizations that build the technologies that shape our world [] to make better decisions about protecting privacy when they’re designing their products and services before individuals ever even touch them.” 

Here, again, the need for a strategy that goes far beyond a checkbox approach is recognized. In the article, Chris Calabrese, interim co-CEO and vice president for policy at the Center for Democracy and Technology “warned organizations to not view these privacy considerations as a check-the-box exercise.” 

And ethics are clearly top of mind for businesses as well as regulators; the article quotes a Deloitte survey which found that 55% of “high-growth” companies are “highly concerned about the ethical ramifications” of emerging technologies. 

 

Good Intentions Sit Alongside Knowledge and Skills in Trust-Based Compliance 

It might be expected that a knowledge of regulation and best practice underpins good governance – and it does. But while this knowledge and skill, which relies on technical ability, is essential, there is another equally important aspect. Good intentions and honesty are also crucial, depending less on technical skill and more on firms’ and individuals’ moral and ethical standpoints. 

Where organizations fail to meet legislative requirements, this cultural element can be the reason. In the case of the recent California Consumer Privacy Act (CCPA), for instance, a lack of compliance has been attributed in part to a lack of education and understanding of the Act and its aims, which hinder a culture where protecting customers’ privacy is second nature. 

When it comes to assessing trustworthiness, relying on past evidence or on documents that may evidence skill but not trustworthiness – banking exam certificates, for instance – is not enough.  

Trust comprises, in the words of former U.K. financial regulator Andrew Bailey, an expectation of future behavior, an identification of common interest and values and the development of a reputation. 

 

Regulation Underpinned by Trust and Ethics 

Taking a trust and ethics based approach to compliance in future should, in theory, encourage organizations to take a more proactive approach. Light-touch regulation – which many businesses would prefer to draconian penalties – depends on the collaboration of regulated organizations, and the creation of compliant cultures where doing the right thing is second nature. Embedding this type of culture – mandating the correct approaches and ensuring employees are helped to take the compliant route – isn’t always easy, but can pay significant dividends. 

Compliance software, like Diligent’s suite of compliance solutions, can help organizations to put in place the approaches that deliver good governance and minimise business risk. By making compliant policies accessible and easily communicated, and by mandating correct approaches, software solutions facilitate compliant behaviors. As a result, compliance software moves organizations toward the cultures of compliance they seek

To find out more, request a demoto see how Diligent’s suite of governance, risk and compliance (GRC) software can help your organization to ensure compliance across your legal structures.