Without Benchmarks, Compliance Teams Tend to March in Circles

Michael Nyhuis
4 min read
It is a curious fact that left to their own devices, people tend to walk in circles. A team of scientists confirmed this in 2007 when they dropped participants into a thick German forest and the featureless Sahara desert. People sometimes walked in straight lines, but only when there was a clear point of reference, like a mountain rising above the foliage or the sun gleaming. Blot out the sky with clouds and people resume their loops.

It is a strikingly similar story in the world of compliance. Without a point of reference ' benchmarks on how other businesses calculate risk or quantify impact ' compliance teams tend to measure themselves (and applaud themselves for progress!) based on past performance. Like walkers, they've gone astray. But where? And by how much? And like one large European bank, it's bound to get them into trouble.

Past Performance Is a Persistently Poor Predictor

The reason lost hikers tend to walk in circles is not anatomical, but rather perceptual. The loops they walk are more or less random ' not related to right-handedness or foot preference. The issue is one of compounding errors. A slight left turn compounds with other slight left turns or attractors in their environment until three lefts have become a right. The same cognitive bias affects compliance teams.

A team with historically inadequate Anti-Money Laundering (AML) measures is likely to continue an inadequate trajectory. It's only in the presence of clear benchmarks that compliance managers can sound the alarm, which many do. But if they lack data, they find themselves labeled as alarmists by higher-ups who are confident they've been walking a straight line with no previous evidence stating otherwise. But if the 2020 pandemic has taught us anything, the absence of evidence is not evidence of absence. Black swans still loom and like one European bank, you can be fined a surprise ''40 million when the unforeseeable becomes manifest.

For this bank, a culture of shirking client due diligence persisted until it had a backlog of 2,000 such cases. Then a sudden fine. Said the FCA Executive Director of Enforcement and Oversight, '[its] oversights over an extended period had 'created a significant risk that financial and other crime might be undetected.''

This is still a challenge even for those who aren't willfully negligent. Part of the problem is obtaining and updating fresh benchmarks one can trust, particular to one's vertical and business. Another is tracking compliance, actions, and progress ' a full-time job for a department that's chronically understaffed and has increasing responsibilities. There are over 120 privacy regulations around the world ' GDPR alone has 11 chapters with 99 articles ' and there are hundreds of other regulations and certifications one might want to stay abreast of. And we haven't even begun to discuss internal governance.

Today's compliance teams are marching bravely toward their destination ' but for many, the sky is cloudy and overcast. They operate in the dark, lacking benchmarks. And predictably, they tread in circles. Which is why automation has become so tremendously important.

Automate the Obvious

When GPS was invented in 1978, it was a military tool, but it was quickly made a public good when it was clear that it offered a way for humanity to avert tragedies ' particularly, to help airliners not crash into one another. Today, it is ubiquitous as the technology that helps people travel in straight lines without conscious thought.

GPS frees us for higher-order tasks. Its analogous counterpart in the compliance world is automatic compliance software. These platforms free compliance teams from the drudgery that causes them to miss important details. Such a system can provide the automatic benchmarks and internal tracking software needed to inform them of risks and the actions being taken to remediate them, not unlike turn-by-turn navigation. Also like GPS, such systems do not grow fatigued. Even while compliance teams sleep, the checking goes on.

Like the Saharan hikers in the 2007 experiment, all people have a tendency to walk in circles. But when armed with GPS-like benchmarks guidance, compliance teams can see where their path diverges from the ideal. And with a tool like that, they actually stand a chance of helping their companies walk the straight and narrow ' sunshine or not.

Our compliance software, Diligent Compliance automatically identifies compliance gaps across your entire organization and suggests improvements. Ensure your organization is always audit-ready. Schedule a demo today.
Related Insights
This is where Author Role goes
Michael Nyhuis
Michael Nyhuis is the former Director of Audit & Compliance at Diligent and a modern governance expert with over 25 years of experience.