Compliance and value destruction

Compliance is important. In any large organization, rules – and clarity over the authority to deviate from them – must be defined. But in today’s business environment, where the speed of change is so rapid, how do we ensure that those rules are the right ones? How do we prevent compliance from becoming outdated, irrelevant, a source of competitive disadvantage?

This dilemma is nowhere more true than in the field of contract terms where an absence of data typically means that standards are based on opinion, rather than hard facts. Most term standards and templates are based on what organizations (and in many cases lawyers) view as ‘the norm’, yet they rarely have data to back up their opinion, nor do they have reliable sources to know when change is needed or could generate greater value. A system that measures and rewards people on compliance rates is not the sort of system that supports challenge or welcomes alternative facts.

The focus for compliance in today’s contracts tends to be on those terms and conditions related to minimizing risk consequence – for example, liabilities, indemnities, intellectual property rights. This is the simple – and lazy – way of protecting the business. In the volatile and uncertain environment we now face, do we actually understand our risks? It is quite clear that in many cases, either the answer is ‘no’, or alternatively that we decide to ignore them. Hence we often produce contracts that in theory protect us against failure, yet fail to address the much bigger and more prevalent risk that we will not achieve success.

The question we should regularly be asking is not “Are we compliant with our corporate policies?”, but “Do we know our risks and are we confident that we are addressing them responsibly and pragamatically?” It is through periodically addressing this question that we develop an organization which seeks data and information, which captures and records actual experience, which develops cross-functional teams to test and update established rules and policies.

Simply ‘being compliant’ is a mindless activity, performed with much greater reliability and accuracy by machines. Real and measurable value comes from knowing when not to be compliant, or when the rules of today need to be changed. In many organizations, I do not observe enough people questioning and challenging the status-quo. Perhaps just ‘going with the flow’ is more comfortable – but it rather depends on where that flow is taking you.