Compliance

by John Bandler

Organization compliance basically means complying with legal requirements such as laws and regulations.

Bandlers Three Platforms to Connect simple

I think of compliance in connection with my Three Platforms to Connect.

Three Platforms to Connect for Compliance

The three areas to consider for compliance analysis are:

  • Laws and regulations (external rules)
  • Policies, procedures, and other internal rules
  • Practice, action, or what is actually done.

Organization need to assess and review what external rules apply to them.

Then they need to create internal rules (policies, procedures, and other governance documents) that align with those external rules and which support the organization's mission.

Bandlers Four Platforms to Connect (1) inline

Then, practice needs to align with both. Where the platforms are aligned and the gaps are minimal, the organization is in compliance.

Don't forget mission

No organization exists just to comply, they exist to accomplish a mission. So we need to add a fourth platform.

And align all platforms.

Compliance and mission need to coexist. So the key is accomplishing the mission and complying at the same time. Some of those two goals overlap, but there is some divergence too. We can show it this way.

Compliance Two Goals - Bandler - Comply and Mission

Compliance is not just a cost center

Compliance is not just a cost center, compliance is a part of what good organizations need to do.

Some people in an organization may be more focused on compliance (e.g., a legal department, compliance department) where others may focus more on mission and earning revenue (sales, marketing, business lines).

We can see that divergence with a compliance line and mission line

The organization can only have one set of internal rules, and they need to serve both mission and compliance.

Bandlers Four Platforms to Connect (2) Lshape

So showing all four platforms inline is not always the best way. We can move them to more of an L-shape like this.

Then we can flip to a top view of the platforms, and see how there is a compliance line, a business needs line. Both run through practice and internal rules, but then diverge because some are motivated differently.

Areas of compliance

Bandler's Four Platforms to Connect (L-shape - Top view with lines)

There are a lot of areas that organizations might need to comply with, each might require its own specialization.

For example:

  • Cybersecurity
  • Privacy
  • Anti-money laundering (AML) and counter-terrorist financing (CTF)
  • Human resources and employment law
  • OSHA (workplace safety)
  • Anti-discrimination
  • Anti-fraud and identity theft

Conclusion

Compliance is a duty for every organization.

Some organizations are highly regulated and have higher compliance duties.

This short article has many simplifications, is not tailored to your circumstances and is not legal or consulting advice.

If your organization needs help with improving its internal documentation and compliance with laws and regulations, including regarding cybersecurity and protecting from cybercrime, let me know.

Additional reading

This article is hosted at https://johnbandler.com/compliance, copyright John Bandler, all rights reserved.

This article is also available on Medium.com at NOT YET (though not kept as up to date).

Originally posted 12/21/2023, updated 12/21/2023.