Hyper focus on compliance and risk management has blossomed since the world financial crisis in 2008. As all struggle to define, design and implement new regulations to be sure that never again will we face such calamity, what must business leaders do to cope? Some guiding principles:
Business is good. Business exists to serve customer needs. By taking risks to transform capital into product, business seeks to generate a return for its owners that the owners feel justifies the risk involved. It is too easy today to perceive that not only risk but business itself is bad, and compliance and risk management csars are required to discipline the bad and eliminate risk, including non-compliance risk. There can be no innovation without risk, and innovation drives progress.
As a Harvard Business Review article put it, “Surprises are the New Normal; Resilience is the New Norm”. Thus focus on how to achieve resilience, defined by IBM as “The ability of business operations to rapidly adapt or respond to internal or external dynamic changes – opportunities, demands, disruptions or threats – and continue operations with limited impact to the business”, is growing.
Playing on defense will suck the life out of your enterprise. Instead, embrace the new rules, a number of which have not yet been formulated five years later, as a chance to move beyond a static compliance focused organization toward one that is engaged and resilient.
Some suggested steps:
- Move forward. Focus on risk and compliance matters as an opportunity to move your company forward. Find the gift. We do not want to create a world in which we look to rules to tell us what to do.
- Focus on execution. Consider Dilbert’s pronouncement: “Ideas are worthless. Execution is everything”. Poor execution has been the cause of most business failures.
- Revisit strategy. Be sure that the entire company is organized to support achieving the results envisioned and knows how you measure success.
- Understand your resources. Are your resources arrayed to support execution of your strategy? Define resources broadly: intellectual, leadership, human, technological, financial, production, innovation, and whatever other capacity matters to you.
- Make decision-making processes explicit. Governance is the system by which an enterprise makes decisions. Review the hierarchy of decisions your company needs to make by type and magnitude and ensure that the ability to make a decision is lodged at the right place to support the strategy.
- Review your systems. Are the right people in the right place, with access to the right information? Do systems speak to each other so decision makers can evaluate the impact of choices they make?
- Make risk analysis your constant companion. If multiple risks identified present themselves at one time, as they tend to do, how will our company be affected, what does it mean to how we array our resources and how might we or should we adjust our strategy to allow us to succeed in such adverse conditions?
- Treasure and cultivate feedback. Learn from all around you: employees, customers, suppliers, regulators. Are appropriate feedback loops in place to support continuous refinement as strategy implementation proceeds?
- Make policies clear. Policies are codifications of expected behavior that help maintain consistent quality of execution. Over time, these policies become the description of what the company values; the codification not just of rules but of culture, so approach them with care and review them regularly to see if these ‘living’ documents need updating.
- Make strategy universally understood. Can every individual in the company describe the company’s strategy, the level of acceptable risk, and their active responsibility for both implementing the strategy and safeguarding the enterprise? Does each person know where to go with suggested improvements, with identified risk factors that need attention, so that the whole organization can continuously improve?
- Compensate people mindfully. Easier said than done, but given repeated ravaging of corporate balance sheets by unexpected but predictable individual behavior driven by a desire to earn available incentives, it must be done, throughout the enterprise.
- Model values. Remember that truth is rarely hidden in a spreadsheet. Truth becomes what human beings do as a result of looking at the spreadsheet.
Lloyd Blankfein of Goldman Sachs provides an excellent recipe: There must be an “ongoing commitment by the entire organization to be self-aware, to be open to change and to learn the right lessons from recent experiences. Going forward, we know we will inevitably make mistakes, but we commit to learn from them and respond in a way that meets the high expectations of our clients, shareholders, other stakeholders, regulators and the broader public”.
And a final comment on resilience from Dean Becker, CEO of Adaptiv Learning Systems: “More than education, more than experience, more than training, a person’s level of resilience will determine who succeeds and who fails. That’s true in the cancer ward, it’s true in the Olympics, and it’s true in the boardroom.” That is what we must strive to become.
(Adapted from longer article that first appeared in Risk & Compliance Magazine, January – March 2014. To read the entire article, click here.)