top of page
  • Writer's pictureRichard Bistrong

Moving Back In-House to Move Compliance to the Next Generation

Updated: Aug 17, 2021

The following interview is with Nicole Rose, Head of Risk and Compliance, Uniting Resources NSW and ACT. As you may recall, Nicole and I co-produced the anti-bribery training animation, “Why We Say Yes,” of which the trailer can be found here

RB: So, Nicole, I heard you have changed roles, so why the change?

NR: Richard, as you know I have spent the past few years using my creativity to inspire, motivate and persuade people to increase their appetite for compliance and adopt better behaviors. However, I felt my work was missing a big piece of the puzzle. I realized the real work needed was not just in persuasion and inspiration, but also in having the right structure to ensure that Compliance could genuinely be part of an entire organization. From the work I did out in the field, I saw the benefit of really listening, caring, showing compassion and understanding the part of the organization I was dealing with and not just applying a ‘one size fits all’ approach from head office. In short, what I felt was missing was the right structure that allowed a compliance culture to properly develop from the grass roots up rather than from head office down.

RB: Can you explain a little more about what you mean about the right structure?

NR: Of course! A traditional compliance structure is hierarchical ‘tone from the top’. Compliance is usually delegated to the compliance function by the executive teams who then try to retain careful oversight of compliance. The compliance function will then, under the mandate of the executive team, make mandatory systems, processes and policies to the wider organization. However, as you know only too well Richard, the realities of the people on the ground do not always meet the vision of the leadership team. People working on the ground often have a different agenda or priorities to the compliance agenda. Compliance therefore ends up competing against other ‘more important’ day-to-day issues. In this environment we will always be playing ‘catch up, keep up and check up’ when it comes to Compliance.

RB: So how do we avoid this ‘catch up, keep up and check up’ environment?

NR: Let’s set the scene. Imagine that there is no hierarchical one size fits approach to compliance! Imagine an entirely different scenario:

  1. Imagine if an umbrella framework was in place that had all the tools, resources, requirements, policies, training, communications, handbooks and tool kits relating to compliance which different parts of the organization can add to.

  2. Imagine that instead of an organization dividing its compliance needs into business functions but communities of people.

  3. Then let’s imagine that each community had the education and support to properly understand their risks and gaps and the consequences of not having compliance systems in place both at their level and also throughout the organization.

  4. Then imagine that different parts of the organization shared resources, ideas, solutions, challenges and skills to help support the compliance mission.

  5. Then imagine less oversight and tone from the top but more leadership throughout an organization through self-managing teams in communities who share a vision of compliance and help other parts of the organization to achieve that. In my view, communities can work to manage their own risks not by having more risk and auditors and regulatory experts but by utilizing the creatives, coaches, communicators, film makers, presenters and project managers who can actually bring compliance to life. After all, we all carry out our own risk assessments on a daily, hourly and often by minute basis (think of getting to work on time). We all have in place our own controls for managing our risks (think about the planning to get to work). And we all have our own communication and persuasion skills (think of trying to get your children to eat their breakfast). These skills can, with a little education, easily be adapted into compliance at work.

Let me break it down for you like an equation:

  1. 1 central compliance vision +

  2. 1 centralized depository of resources, tools and skills +

  3. unlimited sharing of skills and support in a network approach =

  4. a genuine culture of compliance at a deep level through self-managing teams.

RB: Nicole this all sounds very utopian. Do you really consider this could work in practice?

NR: Richard, as far as I can see we absolutely need to ensure that the grass roots of any organization owns its role in compliance. The head office approach to compliance does not work.

A network compliance approach is the framework upon which the grass roots in an organization can to work together with the leadership team and shared services on a unified compliance vision. As with any network, if you break a link, then the entire network can fall apart. Thereby, the community or part of the organization that breaks the link does not just answer to head office or even the regulator but to the entire network. I envision that the network itself is not built on rules or procedures but, instead, on trust, education, a joint vision and a genuine desire to care about their colleagues and the organization they work in.

RB: But how do you bring people together in this network?

NR: So the real work comes from properly setting up the structure so that people have a joined up vision. The vision I give to the people I work with is that: ‘together we can change the world through creating flourishing, safe and respectful communities’. If you have a powerful enough vision, people will listen. The art is to create a vision that moves people. FYI: regulatory investigations, legal and external requirements are often not a particularly good motivator. Motivators such as changing the world, being the best at what you do in the best way you can because of who the organization is rather than what it’s obligations are is usually far more motivating for people.

RB: But how about those people who simply don’t care and who are just focused on themselves?

NR: Richard the question should not be ‘how about’ but more ‘what should we do’ with these people. If these people exist in an organization then two things will happen within the right network structure. Firstly, their behavior will be different to the behavior of their colleagues and hopefully weeded out using peer pressure. Secondly, these are people that do not make an organization strong or grow in any area, particularly compliance. If their approach does not change to the organization then they clearly do not fit into the organization.

RB: So Nicole, where do you see the role of Compliance in the work you are doing?

NR: Richard there is no doubt that compliance functions and compliance professionals remain critical to any organization. We will still play an integral role in managing compliance risk. We are needed to set up and maintain the framework, educate, train, provide oversight and continuing policies, tools, resources and regulatory and legal guidance. In short, we will remain necessary, trusted advisers and guides to help support the network.

RB: Nicole where can people find out more about your work and your vision

NR: Richard I am inviting comments, discussions and debate about this approach. I will be continuing the conversation on LinkedIn and would be delighted if people would LinkedIn with me and give me their thoughts and ask me questions.

My LinkedIn profile is here, or contact me at

Interesting article? Would you like to know more?Contact Me


bottom of page