6 ways to foster a positive compliance culture

Sword GRC Blog

6 ways to foster a positive compliance culture

Many organizations recognize the importance of establishing a robust risk culture in order to determine the business’ commitment to and style of risk management, enabling them to weigh up ‘threats v rewards’ and maximize opportunities when they present themselves. Meeting compliance requirements however may be viewed by some as ‘box ticking’, simply to keep regulators happy or to avoid penalties for non-compliance. Yet as is the case with risk management, where risk data can greatly inform decision-making, working to create a positive compliance culture and using data-based insights can release business value too.


The regulatory burden for businesses is high and evolving, with standards that may be sector-specific, externally legislative or internally mandated. To meet requirements, compliance should ideally be embedded as part of an organization’s GRC (governance, risk and compliance) strategy. One school of thought is that if the tone is set from the top and leadership can drive best practices in line with corporate ethical values, then a commitment to compliance can be fostered within the workforce.

And it’s a commitment worth securing. Should employees fail to follow procedures, violate regulations or act in non-compliant ways, the financial implications can be significant, in the shape of fines, damage to business reputation, loss of custom, product recalls and so on.

Sword GRC’s Marketing Manager, Jenny Ritson-Smith provides some suggestions for anyone keen to foster an understanding of and adherence to compliance within their organization and start fortifying its compliance culture:

  1. Encourage open communications around what practices and behaviors are considered ethical and acceptable in line with corporate values. Whilst leadership will define compliance strategy, it’s important that all within an organization can air their views, raise concerns and share feedback without any fear of consequences. As with conversations around risk management, transparency, when it comes to compliance, can be illuminating.
  2. How senior management and executive teams approach and adhere to company guidelines is demonstrative of compliance culture. Top down, ethical principles and behaviours should infuse the organization at all levels.
  3. Employee engagement is vital and ideally it should start immediately for new starters as part of the onboarding process. Employees should be clear on the company’s corporate values, ethics and integrity and know what is expected of them and of their colleagues. The same message applies to supplier and stakeholder relationships.
  4. Engagement can be enhanced when compliance issues are made relevant, relatable and accessible. It may be worth putting compliance issues on the table more and pushing compliance up the corporate agenda, rather than expect staff to focus solely on policy and procedure documentation.
  5. As with risk management, ensure that compliance processes are well structured and clear – regulation sets out what must be adhered to, but not how to go about it. With a compliance framework in place – ideally integrated within an organization’s GRC strategy – your business will be better placed to deal with threats.
  6. Turn to technology. It’s an enabler for GRC teams, providing a holistic, enterprise-wide view of the risk, governance and compliance landscape and building engagement within the workforce, even when staff are working remotely. Again, as is the case with risk management, accurate, real-time data informs a robust compliance culture. If the regulations that apply to your organization are flagged up for your teams and automatically updated, it’s much easier for them to stay on top of regulatory obligations and ensure the organization meets its legislative and regulatory obligations.


Gain peace of mind that your business is meeting its compliance and regulatory obligations with Sword GRC’s Compliance Manager