Rules Navigator

Panel discussion: What does a unified compliance culture look like?

Global RegTech Summit Panelists
(L to R): Jess Harvey, Marili Anderson, Michael Rasmussen, Conrado Chavez, Sayuri Ganesarajah. Photo: Global RegTech Summit

Hameed Shuja

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

Experts discussed the different perceptions about compliance, and how it can be achieved across organizations.

A panel of experts at the Global RegTech Summit 2025 in London discussed the different aspects, strategies and impacts of introducing a unified compliance culture across organizations.

The panel was chaired and moderated by Jess Harvey (Compliance LnD). Panel members included Marili Ander (Rabo Bank), Michael Rasmussen (GRC 2020), Conrado Chavez (tide) and Sayuri Ganesarajah (HIVEMIND).

The moderator opened the conversation with a simple but important question. How is compliance currently perceived?

Anderson answered first, and explained that compliance practice has changed from a policing role to a more friendly one. But she also accepted that role had changed since firms across the globe were moving into a complex environment.

“Nowadays compliance is much more part of the DNA of at the company. It’s not just a support function. Gone are the days when you had two compliance officers, the friendly one and geek. Now the role is more visible.”

She added that in modern compliance practice there was a lot more acceptance and openness towards sharing of the risk, and that it is in everybody’s interest to do the right thing.

“Gone are the days when you had two compliance officers, the friendly one and geek. Now the role is more visible.”

Marili Anderson, Rabo Bank

Ganesarajah spoke next, and said a good compliance culture is one where everyone understands their individual role, as well as their part in the overall compliance mechanism.

Chavez agreed and said: “A good culture is when each of us is a compliance professional. Good compliance decisions were made when no one was watching.”

Rasmussen said: “Doing the right thing is never the wrong thing. Educate and tell your team it’s the right thing to be compliant.”

Ganesarajah rounded up the first part of the discussion by adding that a lot of things are more pre-emptive rather than reactionary now. “You have to be ahead of things now. Everyone needs to understand they have a responsibility in compliance.”

She also explained that the main compliance role is now a lot more commercial than before, and that compliance officers these days have to understand rules around digital assets. She advised firms that a compliance officer who is capable of being commercial will help the business.

Communication gaps

Having agreed on what a unified compliance culture looks like, the discussion moved to another key question. Why do communication gaps and silos appear in organisations?

Rasmussen answered first and said the division of the compliance role across departments was one of the reasons for communication gaps. “There are a lot of departments who do compliance. For example in HR, in audit, in operations. That makes things complicated. Sometimes these departments are not in sync.

He added that the solution would be to establish a central design for compliance which could then lead the organization. It was also important to make sure the senior management at the top understands compliance.

“Your chief compliance officer is your chief integrity officer. If your policy says one thing and your actions show another, then you have an integrity problem,” Rasmussen concluded.

Chavez explained that compliance was not about having nice documents in the shelves in the office. It’s about people reading the policy and understanding and following it. “Do your homework and then you can compare whats happening elsewhere. The DNA of the firm is super important. Only a nice policy on your website is not enough.”

Rasmussen, controversially, also highlighted a key difference in compliance culture between the US and the UK/EU. According to him, in the US compliance is about ticking a check box. But in the UK and the EU it’s about outcomes. It’s principles based. And that’s why they have a better culture which avoids communication gaps.

Here at GRIP we report, on a regular basis, on the robust and frequent enforcement action by regulators against market participants in the US that has very little to do with box ticking. So this generalizing assertion should be treated with some caution by our readers. Having said this, it would be interesting to find out whether this sentiment is shared more widely by other compliance professionals and we would welcome any feedback on this point.

What about implementation?

The discussion then moved on to the subject of implementation, and panelists were asked about the steps firms should take to implement compliance culture.

Anderson said it was important to have a team of compliance individuals that goes beyond high level policy, and one with individuals who understand what they monitor and control. She added that clear communication, raising awareness and engaging with the front office helps with establishing good behaviour and a pattern and improved the culture.

“There comes a point where good compliance becomes a visiting card. People want to join a company because the culture is good,” Anderson said.

Panelists also agreed that an example of a strong compliance engagement is the compensation time of the year, when everyone in the business finds out who did well and who didn’t. According to the experts on stage, there is now better understanding around accountability, and why firms record breaches as well as good performance.

“You chief compliance officer is your chief integrity officer. If your policy says one thing and your actions show another, then you have an integrity problem.”

Michael Rasmussen, GRC 2020

The panelists also agreed that implementing a unified compliance culture was a challenging task when new regulation emerges but no or little clarity or certainty about what needs to be done about is forthcoming.

Rasmussen added that culture is important and should be nurtured. He warned that organizational reputation can be destroyed overnight and can take decades to recover. “We need to develop human firewalls and nurture compliance culture. It’s important to communicate, engage and have proper reporting mechanisms to ensure appropriate implementation.

Anderson said measuring compliance culture was not easy as it was subjective. She insisted that the right tone has to come from senior management at the top, and departments must adapt.

Role of technology

The panel also agreed that one big future challenge is to recruit the right talent who can use technology better. For example, the FCA expects firms to be more tech savvy. Future compliance function needs to understand the technology stack the firm is running and also help the rest of the organization keep on top of this.

Experts explained that, with the emergence of AI, the skills set for a compliance officer is changing. Advanced technologies such as AI can now help firms predict risk in advance. Chavez said technology will help firms avoid costs because they can see in real time whether their solution model is working or not. It can help firms decide what to do and what not to do.

Traditionally, a key challenge in compliance practice has been dealing with a lot of data. It has been an exhausting task for small teams of compliance professionals. But now a good technological support and culture means less burden on compliance professional.

Experts also pointed out that understanding the advances in technology and building a compliance culture won’t happen overnight. It is constant effort and an ongoing process which requires hard work. But once implemented, maintenance is much easier.

The moderator then asked the panel whether regtech products can help in compliance and collaboration.

Ganesarajah said AI will be key. She accepted that technology is important but insisted that it was about integrating compliance into the entire organization. According to her, every team needs to know where compliance comes in. Compliant behavior has to be in all aspects of their day-to-day work. And individuals need to understand why they are doing what they are doing with compliance outcomes in mind.

Rasmussen added that technology has many applications, from AI to chat box, and that element has a lot of potential / other abilities such as staff training are also important.

He also advised firms that compliance-related policies and trainings should be on the same portal so they are easily accessible for staff.

He rounded out the discussion by saying that technology can deliver and help nurture good decisions.

Dealing with egos

The main discussion was followed by a brief Q&A session and audience members were invited to ask the panel questions. Your GRIP correspondent asked the panel about ways to deal with corporate egos and stubbornness when implementing a compliance culture.

Anderson accepted that a lack of cooperation or unwillingness to listen can be a challenge sometimes. According to her, the best way to deal with it is to establish and keep trust and credibility. She added that it was important for a compliance officer to know what they were talking about, and to explain to other employees that they shared adn faced the same risk.

“If something goes wrong the culture is affected. Whoever that difficult person is. Take them to a place of trust. It’s not easy. You have to work at it,” she added.

Chaves said it was important to understand that individuals respond differently.

“We need to be careful and make sure we don’t make compliance culture of fear. It can lead to silence. That is not good in the long run. It’s important to understanding the role that we all play,” he added.

, , , , , , , , , , , , , , , ,

You may also like