Creating a Compliance Culture

Wondering how to create a positive compliance culture within your company?  We’re here to help companies make managing compliance, well, manageable.

We’ve defined the role and responsibilities of the Chief Compliance Officer. We’ve helped delineate what a Compliance Management System (CMS) is all about. We are now here to share the next best kept industry secret to achieving compliance success – creating a culture of compliance within your organization.

You can tell a lot about a company’s overall compliance posture by speaking with their employees. A positive attitude toward compliance means a positive working environment and employee buy-in. There are plenty of obstacles to overcome as a Chief Compliance Officer, so our goal is to help encourage steps you can take to create a positive culture of compliance within your organization, share some tips for creating incentive programs and overcoming bad habits and negative behavior, and discuss some ways to communicate risk in order to change management direction.

Creating a positive culture of compliance and driving cultural change within your organization requires strong leadership skills.  Your position as the Chief Compliance Officer gives you the authority, but that’s not all that’s required. An effective leader should have a vision, strong communication, and a clear strategy.

Vision is the first step in driving cultural change in a positive direction. You can’t just spout change without having an end goal in sight. In what direction should the organization go? You’ll need an idea of what you are wanting to change before you are able to set out to change it. The oversight and guidance is there to help shape your vision for achieving your organizational compliance goals.

The next step in achieving this culture of compliance is the importance of effective communication – starting with the Board of Directors/Executive Level Management. By understanding the requirements associated with your role as the Chief Compliance Officer, you can educate management by identifying associated business risks. Asking for their support will help spread the culture you’re after from the top down. Show them relevant enforcement actions so they can truly understand the risks associated with the industry. A common question asked by this level of management is “What’s it going to cost me?” Well, what’s at stake? Compliance has to come first. Show them what you’re protecting the company from. Show them specific cases and the ownership of what happened to each agency.

Communicating with mid-level management is also important. They should also be educated on the associated risk, but more importantly, should be involved in the risk management process itself. By developing and showing a risk/reward analysis, you can show how making a change can actually increase revenue and increase reward. A change in the culture of your organization is not a negative thing, and that’s what needs to be stressed and communicated effectively to this level of management as well. Demanding change without presenting a solution can be a risky move if you’re not wanting an operations team vs. compliance team war. Suggest things you can do within the organization to help reach common goals. Provide proof of your concept while making and implementing any changes.

Lastly, effective communication with collectors is key. You must deliver clear expectations with useful and accessible policies, procedures, and work instructions. You shouldn’t have any expectations without them being documented. Training and awareness will help your collectors understand the importance of compliance while helping them get on-board. If the tone is set from the top, they will follow. Creating collector buy-in should be done using fair and equal treatment, such as rewards for compliance as well as discipline for violations. Remember, it can take time to break bad habits and strive for positive change!

The final step in creating a culture of compliance within your organization is having a fully developed strategy and plan for continuous improvement (Plan, Do, Check, Act). Use your monitoring and audit results to plan for further improvements. Part of your responsibilities as Chief Compliance Officer is to stay current with any new rules and regulations in order to react effectively. And lastly, continue to involve management in the evaluation of risks in order to help to continue to create a positive culture of compliance.

Looking for a consultation in regards to your CFPB compliance and compliance efforts? Contact me at


Sarah Morris is the Managing Editor at KirkpatrickPrice, a valued partner of AIS Network. She is certified in General Information Security Fundamentals (GIAC GISF) and specializes in keeping organizations up to date on information security and regulatory compliance by being a thought leader and developing valuable content that revolves around industry trends and best practices.

100% Compliance Guarantee