Best Practice and Delivering Value – The Future for Compliance
Whilst this can prevent a small problem from growing into a bigger problem – detection becoming prevention – reliance is invariably placed on after-the-fact KPIs: information arising from sales that have already been made, complaints that have already been received, policies that have already lapsed. The nature of the KPIs commonly used by the industry gives rise to a detective approach; identifying misdeeds that have already taken place.
An example of a control approach that appears to be both detective and preventative is so-called ‘mystery shopping’. Whilst a single ‘mystery shop’ will primarily identify one adviser getting it wrong on one occasion, it is often argued that it can also reveal that he is routinely getting it wrong with all his clients, and that his supervisor may be failing in his duties both with the adviser under review and the rest of his team. Surely then this is an example of detection being used for prevention? The point however is that the mystery shopping exercise in itself has not and cannot prevent errant behaviour; it can only detect it.
“There are no secrets
to success – it is the result of preparation,
hard work and learning from failure.”
General Colin L Powell 1989
Whilst some detective and remedial activity is an inevitable part of a Compliance function’s activities, it is ultimately self-defeating. The better Compliance becomes at detecting potential breaches of the rules, the more breaches will be found and the greater the cost in investigating and correcting them. Departments which place emphasis on detection and remediation at the expense of prevention quickly find themselves very busy indeed and in constant need of more resource, but not actually achieving a great deal in terms of improving their firm’s underlying Compliance performance.
It is of course the preventative controls that help the organisation avoid the regulatory issues in the first instance, but the degree to which Compliance Officers see their role as preventative rather than detective is linked to the purist/pragmatist debate. Many see the move towards prevention as a move away from the Auditor/Advisor role towards a line management function; for some, a step too far.