Risk Management Is the Natural Owner of Compliance
With the adoption of Enterprise Risk Management (ERM), many organizations have already begun to include compliance risks as part of their organization’s risk management portfolio. However, even if the organization has not yet climbed aboard the ERM bandwagon, risk managers should be actively supporting, if not directing, their organization’s compliance efforts in several key areas, namely, interdepartmental risks.
After all, the compliance challenges in most organizations will not be those that land neatly in one department. Dining services managers will be on top of sanitation regulations; comptrollers will file their taxes.
No, the greatest compliance challenges are those that cross division and department lines.
Take a look at some of the compliance requirements that prove challenging to institutions of higher education.
• Title IX: Which prohibits discrimination on the basis of sex, covers not only equity in sports but also sexual assault and misconduct. Consequently, this impacts nearly every division of the institution.
• Americans with Disabilities Act (ADA): Its related laws and regulations impact academics, student life, facilities, IT, human resources, admissions, athletics and a multitude of other departments.
• Export Controls: A mishmash of laws that similarly effects any department involved with academics, research, technology, and travel.
• Records Retention Policy: Required under the tax form 990, covers every division and department and has additional privacy and security implications.
“…the compliance challenges in most organizations will not be those that land neatly in one department.”
Institutions traditionally find it difficult to manage compliance requirements such as these because there is no natural “owner” of the requirement. It is here that risk managers are ideally situated to help their institutions by gathering together individuals from the affected departments into a committee or task force.
Together, they can begin to create a shared management process for the institution. In the absence of hierarchical authority, committees and task forces can wield significant influence, especially if appointed by the president or board.
Furthermore, many compliance requirements are a natural fit within a risk management portfolio because they address insured risks. Compliance with anti-discrimination laws (like Title IX and ADA) is a perfect example, as acts of discrimination may be insured through educators’ or employers’ legal liability policies.
Other compliance matters may directly affect the essential identity of the institution. For instance, if an institution violates the regulations on political speech, it could lose its non-profit status and suffer reputational damages.
While it is impractical for a risk manager to be on top of every regulation that an institution is required to be in compliance with (they number in the hundreds) it is important that the risk manager be a leader in compliance matters that, when not addressed, can directly impact insurance and claims.
Offer to help organize a compliance effort. Make sure to (successfully) follow though.
You don’t have to be a subject expert to do this! Your results can showcase risk management services in the institution, reduce risk, and create a template for your next compliance project.