Regulators, regulations, compliance and change

with No Comments


Business lessons for when large scale organisational change is not optional

by David Ferrabee

Regulations and compliance are becoming increasingly complex.  The implications are also far reaching – If you don’t comply the fines can be punitive. As a result there is a greater need for companies to look to organisational change management practices for help in changing behaviours. 

However, many big, complex businesses have made successful changes when driven by regulations and regulators. They have learned important lessons along the way.

This article is about how to adapt to this new world. In these pages we share lessons and expertise on change management and compliance.


LONDON, JULY 2017 — Ideally there would be no need for public policy, regulators or compliance of any sort to keep an eye on businesses. Some might argue there isn’t now, but there is no denying that governments and public administrations do, and that an increasing number of big and important organisations are learning the hard way.

As regulations and compliance become more complex and the implications further reaching ― not least the costs of non-compliance ― there is a greater need for companies to undertake organisational change management (OCM).

What can be done?

This article is about sharing some of the lessons and expertise on change management and compliance.

Regulators, different layers of government, and international enforcement agencies are working together more and more.  We should not be surprised by this. Businesses are increasingly trans-national and international in their outlook and operations as well, and they are increasingly complex. As a result, businesses are working harder and with greater focus on compliance, tools and approaches to succeeding.  Because how you get people to perform and behave differently is key to OCM, and that should be one of those areas of cooperation and shared learning.

Our friends and colleagues at many big, complex businesses have made successful changes when driven by regulations and regulators. They have earned their stripes and learned some important lessons. In the work that Able and How does helping businesses to adopt change, rather than just temporarily adapting to it, we also have relevant experience.

All tolled we have collected 14 lessons and explained them below. That’s less than the average steps in constructing an IKEA wardrobe.  You can follow these. They should even fit in with your risk and resistance assessments. They match OCM approaches and best practice as it exist today and they can be driven by businesses in a compliance environment.


Before you start

Before you even begin your planning or think about launching a coordinated response, stop. Regroup. Review the lessons below and see if you have these areas covered. If you don’t, you are not ready to start.

Don’t be trigger happy. Don’t rush into announcing or launching plans or programmes before they are fully thought through or prepared.

  1. It is not just about reputation

Regulators are expecting real, deep-rooted organisational change. That means people in your business will need to perform and behave differently. This is not a Public Relations exercise.  This is not a dress rehearsal. The implications are serious.

Failing to meet regulatory requirements costs real money (see Box 1), as well as time and resources. When regulators find businesses not in compliance it also costs the business potential investments, potential hires and impacts future opportunities.

The only way to address it fully is with a coherent and well managed organisational change approach.

  1. Start it at the top

Motivation and the desire for the required change must be modelled first at the top. If senior executives – including the CEO and Chair – don’t take active ownership and responsibility, then full compliance will never be attainable.

Earlier this year, a new CEO told newspapers his view of what made his business unique in three simple behaviours. A few days later the same business proudly announced their values in three simple, and very different, behaviours. That kind of disconnect makes compliance harder to drive.

Alignment should be thorough.  Significant regulatory changes cannot be driven at the front line only. If there is a say-do gap the process will be compromised. (More on that in point 11 below.)

  1. Don’t ignore culture, it’s a killer

If organisational culture is “the way we do things around here”, then culture must be central to any discussion about compliance. Behaviours are largely what regulators are seeking to change. Regulation aims to address business practices.

In our experience, reports and recommendations that respond to regulation breaches tend to be focused on specific processes, like “create and share a Code of Conduct.” Those changes often seem like they can be made by changing specific things, not people.

Experience suggests that this is not enough.

  1. It’s more about ‘no sinners’ that ‘all angels’

Corporate governance has long been an issue that has interested legislators and governments. Sarbanes-Oxley (2002) is perhaps the most well-known instance. In that act, the United States government sought to bring more responsibility to the way in which organisations operated.  It brought greater vigilance and the potentially quite real suggestion that corporations could be pursued for criminal behaviour.

Organisations are asked by regulations to be 100% compliant. That does not require everyone in the business to be angels, it simply says sinners should not prosper.  While the experts argue over whether any business can call itself fully compliant – when a definition of “fully compliant” is elusive – we might all agree that efforts to be compliant are on-going.

Is your business ready to commit to consistently and indefinitely rooting out certain behaviour?

  1. Follow through

It is now an almost daily occurrence to have to check a box saying “I have read…” Generally we do it, even when we certainly have not read the details that preceded the request. In businesses the compliance processes are often not much different. In this area Health and Safety is similar for many organisations. They too often play lip-service to behaviour change.

At one great European brand people used to have to watch a detailed and animated video about ethical behaviour and then answer a true-or-false questionnaire. They needed to pass before they could get their first pay-check, the process was linked into the ERP system.

Their ethical issues did not disappear.

How do businesses go about changing behaviour to drive compliance?  Will most businesses commit to following through?  Do they even know how to?

In this and the other lessons raised so far, organisational change management can hold the key.

Planning and strategy


Once the level of commitment and the scope of the regulation-driven business changes are agreed, there are still plans to be made and strategies to be devised.  Many great businesses have launched into this area with relish and enthusiasm. Many of those have not come out with the results they would have liked.

They might have looked at some of these ideas:

  1. Look for outcomes not outputs

How will you measure success?  That should be an early planning question. And based on what we have already discussed, one would hope no one would suggest things like:

  • Signatures on a Code of Conduct document
  • Attendance at a workshop
  • Review of a video
  • A successful spot test
  • Line manager one to ones

These are not proof that the business has changed. Outcomes are more about behaviour.

Do you see differences in the behaviours of people when it counts? Do people really perform and behave as they must?

  1. Learn from others

Few businesses will be alone in operating under a certain regulator, or in their sector, geography or field. So it should be logical to ask: What have others done?

Businesses facing sanction should be no different. Who has faced sanction in the past and what can I learn from them? You don’t compete with every other company who has faced compliance issues. So why not learn from those that you can? Learning from the experiences of others is an important building block in addressing regulatory hurdles.

At the same time professional service organisations like Able and How can also provide balance and insight from other sources.

  1. Name it right

There is a Swedish expression that seems fitting: Put the fish on the table. Which can be read as: if there is something that needs saying, get it out in the open and deal with it.

A global Financial Services organisation is coming to the end of a regulatory process that was not of their choosing.  Earlier this year the compliance programme leader was asked about his biggest regret. “Not calling it what it was,” he said.

The initiative you set up to address compliance issues can be very direct. Getting the message across consistently should be a priority.  Something as easy as the naming of the programme is a great opportunity to make a strong stand. Don’t allow the organisation to down-play it. Give people fair warning and call it what it is.

  1. Get on the front foot and stay there

Don’t be led by the regulations and the narrow interpretation. Look at the spirit of the requirement and see it as a way to improve the business. Ask for input, show what can be done, agree a way forward, and then pursue it.

Don’t invest time in trying to discredit the regulators or tilting at windmills in other ways. Take the medicine and move on.  Look to proactively change your business. Let other parts of the business, or separate plans, address the long-term goals of amending regulations.

See how you can benefit from it and plan for that…


[To download a full copy of the article as a print-ready pdf please press the button below and follow the link.]

Download PDF

Download PDF

Leave a Reply

nine − one =