The concept of a culture of compliance is somewhat cringe-worthy and not exactly an inspiring goal to aim for. It conjures up images of lines of androgynous human drones trudging through an office doing what they are told by Big Brother screaming through the TV screens. However, learning from other industries allows us to evolve our thinking and with this in mind I want to share something that I learned during my time working in the counter terrorism protective security environment. Perhaps it is a concept which can be introduced into AML & Financial Crime Compliance offices.
The security guarding operations of a major critical infrastructure facility was suffering from a poor reputation within the broader organisation, the operators of other businesses at the facility didn’t perceive them in a good light, and the morale of the staff was pretty ordinary.
A wise man who was in charge of the security operations set about a cultural change. It was a small change but the effect was hugely positive. Instead of positioning the staff as ‘Security Guards’ which had negative connotations (sometimes due to the behaviour of guards in other sectors) he added a few minor functions to their duties and re-badged them as Protection Officers. He re-positioned them as a proactive group who’s first function was to protect the people and facility, rather than the reactive mob that you called when something went wrong. They proactively attended the business clients and became known for their positive service. This resulted in a more positive culture in the team, reduced sick leave, created a positive perception of the team within the business and provided better security outcomes for the facility.
Financial Crime Compliance teams are often viewed by the business in a negative light, simply as a cost to business. They are not revenue producing business units and are begrudgingly funded with many being under resourced and over-worked. However, the reality is that protecting the business from financial crimes and ML/TF is the first function of AML & FCC officers. Compliance with the law and procedures is how it is achieved, but first and foremost protecting the company from attack helps to keep the business in business! Perhaps we can learn from the protective security industry and reposition the culture and perceptions of the FCC team – not as Financial Crime Compliance, but as a Financial Crime Protection Unit. Allow them to also have a more proactive role, visiting other business units to help build the understanding of the risks, the mitigation strategies, and, importantly, WHY they are in place (tell some “war stories”).
Perhaps this type of shift can create a positive culture for organisations to embrace, rather than simply view a cost centre. Who knows, it may just be worth a try…