By Adam Turteltaub
I just participated in our annual program with the FBI, and as always it was an informative, enjoyable and inspiring event. Each time I leave more impressed with the FBI and its work than before, and even more glad that we can offer this program with them each year.
As I was listening to the sessions, I noticed a key difference in semantics. As I think one of the speakers even pointed out, we in business talk about “risks” but in law enforcement they talk about “threats”.
I started wondering whether it would be better if we in compliance started speaking about threats as well.
Now, I know business loves to talk about risks and risk management. And there is certainly an argument to be made for using the same language as the rest of the business community. But I wonder if, by using the same words, it invites treating compliance failures as just another risk to be managed, like currency fluctuations and whether a new product will help or hurt the bottom line. It implies that we can just buy some insurance, or decide it’s okay to just roll the dice and see what happens.
That, at least to me, sells the dangers of non-compliance more than a bit short. A major compliance failure is not just a risk (and some would argue in any large organization with thousands of employees it’s an inevitability), it is also a threat to the bottom line and the business for a long time.
As importantly, speaking about threats sounds a bit more attention-getting than simply talking about risks. It could help raise concerns among the business unit, and as a result, makes the value of compliance seem significantly greater.
I don’t want this to sound like I’m only interested in making us sound more important. I’m not. But if we help businesses realize that a compliance failure is not a risk that we can take but a serious threat we must respond to, it may get more people to pay attention and stop threatening the success of the business.
What do you think?