Non-Compliance

It is amusing to find that some corporations put in place policies for the sake of having those policies, without any intention to comply with them. The reason is public perception. Those corporations want to be perceived as doing the "right" thing.

My personal view is that those corporations will be "better off" if they do not have those policies. The reason being if the management themselves do not comply with the policies, it will be prima facie evidence of negligence (or even wilful misconduct) on their part. It will be so much easier for any claimant (usually shareholders or creditors) to prove their case against individuals whom have corporate governance responsibilities.

What's worse is that these corporations will normally publicise that they have put in place super duper policies and processes to ensure compliance OR to implement various policies which are inconsistent with each other. For e.g, one policy will say that the management and employees of the company shall not expose the company to "unacceptable risks". The words "unacceptable risks" have not been defined in the policies. However, there is another set of policies that say in the case of global contracting (i.e master contracts signed with the head office of client that bind the whole world), all risk management policies are not applicable and the company is free to accept unlimited liability etc. By virtue of this, it would appear that exposing the company to unlimited liability claims is NOT an unacceptable risk. If this is the case, then what the hell is unacceptable risk???

I am not sure whether the senior management around the world have actually considered the implications of implementing the various policies but it sure make the senior management look explicitly incompetent by putting in place such inconsistent policies. The funny thing is, it never crossed their minds until I brought up the inconsistency and highlight the fact that risk management department will lose its credibility trying to enforce the "thou shall not expose company to unacceptable risks" policy.

I just had a discussion with my boss this morning about non-compliance with one of the policy which our company has implemented. Fortunately or unfortunately, I am the compliance officer for that particular policy. And the person who breached the policy is.....my boss. How do one tell one's boss that he/she should comply with the rules that he/she had put in place? Well, what I did was to inform my boss that there has been a non-compliance of that policy and that is because the staff has escalated the matter directly to him without complying with the process/protocol that has been put in place. As this has happened numerous time, I told him that it appears that the company is comfortable with that "process". Hence, it will make sense to change the policy so that the management/staff will not be in breach of the policy - i.e the matter should be escalated to him and it will be up to him as to whether he wants to delegate the matter to me, rather than the other way round. He thought about it and insist that the policy stay as it is without any changes and that he will reinforce the policy by raising the matter at senior management meetings followed by emails. He does not want to take on the responsibility of ensuring compliance although he doesn't mind the power of letting me know that I am merely as important as he wants me to be. I really have no issue with it. In fact, I would be more than happy to be relieved of that responsibility (and not to mention, workload). For some reason, reverse psychology always work.

What can I say..... I love my job :)