In this episode of the Cherryleaf Podcast, Ellis Pratt talks with Ben French, leadership development consultant and business coach, about compassionate compliance: how leaders can use policies, procedures, and regulation to protect their people and meet legal obligations without creating a culture of surveillance, bureaucracy, or micromanagement.
Drawing on their shared experience of helping organisations develop clearer policies and ways of working, Ben and Ellis explore why compliance so often feels like the enemy of good work. They discuss the points at which organisations typically start to struggle with compliance, especially as they grow, prepare for investment, face audit requirements, or need to satisfy external regulators and funders.
They also look at how policies can support better decision-making, why simplification is often more effective than adding more rules, and how leaders can balance oversight with autonomy so people still feel trusted to do their jobs.
Topics covered include:
- Why growing organisations often experience friction around compliance and decision-making
- How external scrutiny from investors, auditors, regulators, or funders can change the way organisations manage risk
- The difference between information that satisfies auditors and guidance that helps staff do the work
- How over-policing processes can damage morale, slow down decisions, and reduce ownership
- Why compassionate compliance means leaders absorbing risk rather than simply passing it down to frontline staff
- The role of policy in setting boundaries while still allowing people to use judgement
- How AI creates new challenges around responsibility, decision-making, and “cognitive surrender”
- Why good policies should be living documents that are reviewed, simplified, and pruned over time
Ben also shares examples from organisations that have struggled with overly complex compliance processes, and discusses where leaders should start when they inherit a broken compliance culture: listening to staff, identifying legal requirements, understanding what assurance the board really needs, removing unnecessary rules, and prioritising work based on risk.
Transcript
Hello, and welcome to the Cherryleaf Podcast. I’m Ellis Pratt. I’m one of the directors and cofounders of Cherryleaf. And this is the second episode on the theme of leadership change in communication, which we’re doing with Ben French. And Ben is a consultant and business coach specializing in leadership development.
And, Cherryleaf, if you don’t know what we do, we write clear practical policies and procedures that aim that reduce ambiguity, capture critical knowledge, and help staff make the right decisions. For today, what we’re going to be talking about is compassionate compliance, leading through regulation and risk. And questions like how can leaders use policies to protect their people while meeting legal obligations and without making staff feel policed or micromanaged? And why does compliance so often feel like the enemy of good work? Hello, Ben.
Hello. How’s it going, Ellis? It’s Yes. It’s fine. Thank you.
It’s not too hot today. Thank goodness. Yeah. Absolutely.
Let’s start off by framing the problem. Um, you’ve got a lot of experience working with organizations.
When you walk into one and it’s one that’s struggling…
with compliance…
What does that feel like? What are the signs that that things are going wrong…
Yeah. It’s a great question and I was thinking about it in that I feel like there’s sort of two broad categories of organizations that are struggling with compliance and…but I think back to some of my sort of work actually being part of an organization, part of a company, I think that you get companies get to a certain size and…they’re making a shift. And often what you what I think you see anyways is almost a sense there’s a sense of friction. There’s…what you have in terms of how we make decisions or how you’re thinking about decision making…stops working as well. And people are starting to pull at the edges and you can sort of feel…anyone in the manager roles can start to see that they’re just feeling like they’re taking on more and more risk and they don’t quite didn’t quite know how to manage it.
So their pressure is going up. And, I think, what you then tend to see is a sort of almost an over policing of the decision making process. So, you know, that symptom in a in a organization that that sort of at that stage bit more mature, but it’s starting to move from that, you know, one hundred to two hundred people type to, you know, five hundred people type. It’s almost like they’re sort of starting to put in place so many little, almost pieces of scaffolding around what they’re processed, that the process note is not really clear anymore, and it feels really cumbersome. And so you hear…
junior staff basically saying, this is really cumbersome. We can’t take decisions. We feel micromanaged. We’re frustrated. Everything’s so slow around here.
And senior staff going, we don’t know who’s doing what. We feel like we don’t have enough information. We don’t obviously. So I think that’s one type of organization. And it depends a bit bigger, a bit more mature.
I think the other one…
is actually the sort of smaller…slightly more nimble start startup in in a transition phase really from, you know, maybe twenty ish people to fifty, sixty, a hundred. And…
that…piece is much more about…I think that tends to be a little bit more top down, and you tend to have the board starting to say…
we don’t understand how we are managing our risks. What is the process through which we’re managing risk? How are we ensuring that we are taking consistent decisions? So you have this sort of top down sense of almost a feeling of loss of control. We don’t know what’s going on tends to be the question you hear.
And the people at the bottom actually don’t mind. Right? Because they’re still doing what they’re doing. They’re joining this organization because it’s growing and it’s you know? So they’re quite happy…just continuing to stretch…And I think what you can find in that environment is that you start to get policies applied.
And because people aren’t consulted, the board just say we need more control, we need more oversight set. We put in place a project gate system, for example, and it doesn’t get used or people are really frustrated with it. And so it just becomes a cumbersome process. And so in both cases, you basically have the top saying we feel uncomfortable, we don’t know what’s going on. Um
, and in the bottom, in one case, rebelling against it. In the other case, basically, just feeling like they have you know, they’re micromanaged and they can’t actually do anything.
That sounds very similar to situations where we’ve been called in. Often, um, seems to be driven by external funding. So they are going for an IPO and they want everything in place…for investors, potential investors, or they’ve got private finance and that’s come with conditions of auditors…checking that the company is robust, identifying holes, and then the organization has to change from…controlling its own destiny to also having to satisfy another party, satisfy the regulators, satisfy those people that are financing, and prove and implement the checks and balances that they want.
And it’s getting that sometimes it’s getting the balance right between…that audience…and…
doing the work, the daily work, the operations of the business…
Yeah. And that becomes…
interesting in…
in keeping everybody going where they want the business to go, but also giving the evidence for people to be comfortable that…there are checks and balances in place. Yeah. Yeah. It feels that feels very resonant in that…that sort of external factor, that external push to be compliant…which almost drives the process but actually then the problem is that it’s driving one it’s one stakeholder’s view of what the process needs to be and it doesn’t take into account the needs of the organization necessarily…in terms of actually making those decisions. Yeah.
It’s an interesting tension that sort of what what’s needed externally, what does the organization need as it matures and how do you sort of strike the strike the balance. Yes.
And one of the things we approaches we take is that the from an auditing perspective and I spent nearly two years as a trainee auditor in the dim and distant past is…from that perspective, you want to check are there controls in place, what’s happening…
and what staff want to know is what should I be doing, how should I be doing things. Yeah. And you can satisfy both of them if you provide both types of information. They don’t compete, but you sometimes…one is provided, but not the other. And…
that’s where policies and procedures can fall down…
And you picking up on something you said…earlier about compliance, I guess, adding grit into the gears. When we’re talking or prepping for this, I think you put down a note of the department of no…
When you talk about in in in your…blog post and other…communication, you talk about ordinary leadership, the stuff of leadership that doesn’t make headlines but goes on. How does that kind of leadership get affected when compliance…comes into play and can become…an organization can have the end up with a culture of surveillance…
So yes. It’s a good question. I mean, I think…
you were sort of just describing it. I think it’s when…
you the organization loses sight of…what the point of the process is. So we talked about compliance, you know, from an audit perspective, you should have a way of…managing the risk related to a project that you’re putting through. And as you get bigger as an organization…either because you’ve got more money or you’ve got more people, the people who hold the risk and own the risk get further and further away from the day to day doing. So they put more and more stuff into the process to give themselves assurance…
and that might be sufficient for the auditors but actually for the person doing the work, all of a sudden it starts to feel like a lot of oversight, a lot of process, a lot of bureaucracy. And that’s often a word I hear is like, oh, we feel like we’re really bureau you know, there’s a lot of bureaucracy. And I…
think…
what tends to happen and I think and this is the sort of the tension organizations face is that most organizations, I think, believe fundamentally want their staff, their sort of middle managers, that the teams that are working at that the call phase are on the ground, they want them to take decisions, and they want them to see problems and then come up with solutions to them. And at the same time, they want that to be done in a way that is consistent with what they’ve said that they will do in terms of policy, you know, being auditable, managing risk. And…and they want to know about things that are genuine risks that might get bigger. So you have this sort of tension…and I when that balance goes out of whack, so when…the company or organization doesn’t calibrate that sort of, you know, trickle down to last trickle up of information well, you end up squeezing out any sort of ability for anyone to lead at the bottom because they they’ve lost all their decision rights. And at the same time, if you obviously expand the decision rights too much, then people at the top start to feel like they have no control, and they’ll stop to they’ll stop worrying about the policies, and they’ll just start to talk, like, talk to push on people.
So you end up I think instead of having to have this conversation about calibration…
more than anything else is what is it that we need our policies to do and say to make sure that the board and the executive feel like they have sufficient oversight to own the risks legally…
And at the same time that people on the ground are actually doing the job that they need to do and taking decisions. They feel ownership of problems and challenges that they face and they can take decisions to solve them in an appropriate context. So I think it’s that type of…
leadership that gets eroded if you tighten the screws of policy too much or procedure too much. And at the same time…
without some structure…
equally, you lose that leadership. So it’s finding that sweet spot in the middle of Billy, I think…
Yes. I agree with that. I am reminded of a person called Donald Miller who I’ve heard on a couple of podcasts. And one of the things I remember him saying was leadership is about setting a North Star, you know, what the goal is, why it’s important, and where everyone fits in, and the challenge is to communicate that to people. And as you say, it’s that roles and responsibilities aspect of where everybody fits in, what they are expected to do, where the boundaries are of things they shouldn’t be doing, or…areas where they should be using their own initiative to go to do things that are consistent with the ultimate goal of the organization…
Can you name…
a moment where you saw compliance damage an organization, not just slow it down, but generally harm it? And…was there a root cause for that? So it’s a really good question. The example that just jumps straight to my mind is…
actually comes from one of the organisations I worked for for quite a long time and…
and that organisation was a bit bigger it was going through a period of transition…and I think…it had realized that its project management system was no longer appropriate for the types of projects it was managing and what it was trying to do and accomplish. So that all made sense. But the solution…
ended up being so complicated and so time consuming to roll out that I think what you ended up actually seeing was…a process that took too long…that became overly complicated…that added multiple layers of decision making to the process and actually led to sort of people, I guess, like myself, actually, in that case, you know, middle managers starting to feel pretty disempowered. And but also spending just more and more time in meetings on compliance. You know? Can we improve this project? Can we do this?
Oh, you know, have we managed to do this? Let’s write a briefing note to, you know, get our managing director on board. And so it…it moved from a sort of nimble decision making…
if slightly…
ad hoc and so sometimes difficult to navigate decision making process, into an increasingly complicated, messy, and bureaucratized. And it fundamentally damaged, I think, the that organization’s ability to, you know, go for work, you know, actively sort of go out and win work. And also the morale of staff and what’s interesting to me is that, you know, you think that you can’t oppose something top down. So the pieces just started to fall apart. And instead of, you know, having a good process that said, okay.
We’ve gone from here. We’ve added this policy, and then now we’re moving on. We basically spent two or three years constantly revisiting this one policy…or the sort of structural process…to…
take it apart, twin to, you know, tinker with it, fix it, remove pieces…
you know, and it never really worked. So you ended up with just a really messy, less consistent process and…
and probably more damage than it was worth. And not to say that that process wasn’t important because I think it probably was, but…I think that could have been done in a much simpler way that would have still bought in the compliance that was necessary in terms of managing the risks.
You remind me of an NHS project that we did. There was a trust…quite a large trust with geographically spread, and…they had…various policies around data security…because of patient records. Uh, and occasionally, patient records would end up…
in the wrong place. In those days, there were fax machines, and they had horror stories of consultants sending faxing patient records to one hospital, but forgetting the STD code and it coming out on the fax machine of a chip shop and other places. Yeah. Which then leads to disciplinary actions. So they had a policy for email, a policy for memory sticks, a policy for cybersecurity…a whole range of them, but none of them would joined up.
And…so we were looking at it from I guess a jobs to be done perspective. You want to send some records by email to an organization…And to practically do that would mean having five different procedures open or policies open at the same time to double check you were complying with them. It wasn’t orientated towards the work that people actually did. It wasn’t joined up in in that way. So…
that was the task that we did was to make…
it cohesive and clear related to the task that people actually come were doing. Yeah. Um, because they didn’t want…the whole disciplinary thing just took time, it demotivated staff…
and was triggered by something going wrong, and they really had a strong need to just fix that that problem…
And I really like that example because it sort of so much highlights the fact that in in often in these cases…it’s there is a problem that something’s starting to go wrong and it’s that sort of friction in the system…but the solution’s often not more process or policy, it’s often simplification…and I think clarifying because why people actually want to do this so that they understand the purpose behind the policy. I imagine that most people in an NHS trust do not want to be sending patient records through a chippy, and they’re not doing it intentionally. So, actually, how do you simplify the process, make it easier for people to check-in on things, and then also, you know, be really clear about the purpose of of the policy that you do have so that everyone can get on board with it. Yeah. There’s a trap there.
You reminded me of some people see that can all be solved through software. You just put checks and balances into the software to do that and others that it can be done through training. And they do play a part, but you do also need to have that reference content because…
not everything can be driven and be done through automation. It often involves human interaction, people talking to other humans doing stuff, doing things from one system to the to the next. Yeah. Yeah. And that’s it’s sorry, Alice.
It’s just interesting because you just made me think about the sort of the world we’re in now with AI. And I think one of the big leadership and policy challenges actually is exactly what you’ve just said is this really interesting challenge…of the system can do a lot more so that we feel like we can automate more…The problem is that…
you still actually have to take some decisions about what you want to share with a large language model or an AI system and a big database. And is you know, how is that compliant? How is it going to be compliant? And you also want people to not feel like their job is disappearing because now they’re outsourcing a chunk of data. So what’s the purpose of what they’re doing, and how are they actually still taking ownership of that the wider precision context, and does that open up space for them?
So, yeah, it’s a really interesting challenge about setting purpose but then also…thinking through that, um, you know, that you can’t just rely on one thing, you can’t just rely on software, you can’t just rely on writing it down, you can’t just rely on training, it’s sort of it is that package, isn’t it? Picking up what you said about decisions, one consistent theme that’s coming through from the experts in in AI is that AI is…weak at decision making. That’s where humans and experts are needed, and…
you can automate things that don’t require a decision to be made. But where…that comes into play, then you really do need well trained…expert…people to do that that stage in the activity…
Yeah. And it’s just a it’s really it’s just a really interesting point, isn’t it? Because it is that…
well, especially if we’re thinking large language models, but most AI, it’s probabilistic. So it’s essentially just an odds based calculation on the right decision, which is obviously not what you want. You want people to take responsibility, don’t you, in in terms of leadership and to say, okay. We’re using this system responsibly by helping it synthesize information or helping us sort of run a process more efficiently. But at these decision points, we still need to understand what’s being said and done and actually take on ownership, take leadership for that decision because we are still taking on the risk.
You know, the legal world doesn’t view AI as a as a being that can be prosecuted. So how do we make sure that that understanding of the risk and the decision still sits with individuals…and so people feel that they own the process even if they’re not necessarily having to do as much of it as they might have had to ten years ago or even two years ago.
Cognitive surrender was a buzzword I heard earlier in the week, and, yeah, there is a temptation to surrender…
your thought process or surrender the decision making to an AI system.
We had the a topic of or theme for this episode of compassionate compliance. Yes. And you describe leadership as taking responsibility for change. In in the context of regulation, what does it mean practically…for a leader to take on that burden of risk?
So Yeah. It that doesn’t stay with the, uh…frontline stuff. And where does compassion fit into that? It’s a really it’s a really interesting sort of thought, and I feel like the conversation we’re just having on a AI links into it really nicely because…I think…it…
goes sort of linking the pieces of the conversation together what we’ve sort of said is that…you know people want to I think in general have autonomy in their roles, Most people don’t want to just be told what to do and then do it repetitively over and over again. And so we want policies that create space for individuals to understand their decision making framework and understand what responsibility that they have or authority they have to take decisions…
What I think is really important that policy doesn’t do or procedure doesn’t do, and in particular in terms of leadership, leadership’s job fundamentally should be saying, look. We’re responsible for driving this forward. We’re responsible not just for the day to day process, but actually sort of seeing what is working and what isn’t and managing change. And My view would be that good policy…recognizes the evolving risks and that sort of external environment and then is adapted and it’s sort of almost organic, it doesn’t, it might be written down but it doesn’t stay…static. It evolves to the risks that leaders see.
So…when we talk about absorbing the risk, I think the job of somebody in a leadership role is to look around and say, okay. Well, what are the risks that are facing us right now? And then how are we using the tools at our disposal, the policies, the regulations, the procedures…
to enable decision making…that…protects the organization and the individuals…
but also allows people to get on with and carry out their jobs and take those take decisions. And, you know, I think that that’s where you a leader needs to be really compassionate is that…their job isn’t to just pass it down and enforce regulation…and just say you have to do it this way, nor is their job to sort of abdicate responsibility and say, well, you know, the policy says this. You just you go, you know, go for it. Their job is to understand and sort of connect both upwardly, recognize what the board or the auditors might want to see, and then also downward into their teams and go, okay. These are the risks that face us.
This is how we can adapt and address them so that we can continue to take on the challenges that that we’re facing. So it’s that sort of balance of using policies dynamically, I think, to help you make better decisions…and manage the risks that face your team…
That reminds me, we’ve run a number of courses for fire rescue service…organizations in the UK and…
there’s lots of turnover of fire officers…
and there’s the law, so things like…using cameras at a fire incident, there’s the law of what you can and can’t film, what you can do with the filming of it, can you use it for training purposes…or manners that which is legally controlled with all of the legal penalties? And then there’s also this thing of…
there are fire officers who are expert in fires that need to be allowed to make decisions on how do you put that fire out. And so what the fire…
service has done is they’ve created something called national or operational guidance, which is…top level…guidance, government driven or centrally governed centrally driven guidance…
And but it’s guidance. It’s a one stop shop for best practice and…sort of good practice rather than best practice. And with the idea that each local fire and rescue service can take that and then adapt it and tailor it to their own particular needs. They’re not imposing this is the one and only way of doing it. They’re saying this is the experience from all of different fire services of what works well.
This is what we recommend. You can adapt it to what’s right for you. Yeah. So the use of guidance really fundamentally. Yeah.
Within but also within the context of also specifying mandatory information, what the law says they must do, and then how they can do things and comply with the law. And that’s So when we’re doing when we run training courses to give them the skills to write the procedures, it’s…addressing how can you…explain what you must do, and how…
to apply those legal obligations…to what you’re writing and explain why you have to do certain things in certain ways.
You mentioned we a couple of times…earlier, and…
we as a tool within language. How have you seen experience of how you can use we in in communication…
genuinely rather than it coming across as a buzzword or in a patronizing way…
Yes. It’s a it’s an interesting one, isn’t it? We, because, you know, if you use we, sometimes we is actually quite a confusing statement because it’s who’s actually doing the work? Is it are we doing the work? Are you doing the work?
Am I doing the work? And I think that it’s patronizing, and it will come across as patronizing. If I know as a sort of a manager or somebody who’s…that I’m not going to do the work, but I say we need to do this, but actually you’re the one who’s going to do that, the heavy lifting. I think that could be quite patronizing. On the other hand, I think…talking in particular actually, you know, about regulatory work or policy, talking very clearly that about we as something that is shared and it’s a shared responsibility, we are in in our most organization all responsible collectively for the policy…can be very empowering because you’re saying, look.
It’s not just me as the leader or the manager who is responsible for enforcing this policy. We are all responsible for the health of the procedures of the organization. And if the documents that we have and the ways of working that we’ve written down in terms of our policies, guidelines, procedures…
don’t serve us, then we need to reflect on them and potentially change them. I think that’s a different type of conversation. It’s much more genuine about how are we working together versus saying, well, you know, we need to do x or but, actually, what I really mean is unless you need to go away and, you know, have a look at that policy. Or so I think it’s that sort of finding that balance…in terms of how…
individuals engage with each other. And in especially, when I sort of seen more sort of leadership or management role, it’s really finding that balance of what are you jointly doing, and it is genuinely a we, versus when are you asking or requesting or directing, which is more about you or, you know, I’m instructing…
Have you can you think of any real life examples of a leader who’s done…
change or that you change…well? So well, actually, the project that we that we sort of met on, I think, it’s a it’s a nice example of trying to take an organization from where it is Mhmm. To where it needs to go. And it’s, you know, it’s I think it’s a good example in…recognizing that you couldn’t just impose a set of policies and procedures from the top instead of having the openness to go, okay, well what what’s right? And almost feel it out.
I think that was just a really nice example actually of doing the regulatory process…well and at the same time recognizing that, you know, it needs to be done and also that it takes time. And so…in this organization, I think we were lucky and then the sort of individual we worked with it was lucky that they were given the space and time to do it. But what I thought was really impressive is that he did a lot of work to manage upwards towards the board to help them explain, help them understand what was needed, to sense check with them what they actually wanted, and to right size the framework in terms of policies. And we actually started we started at that level thinking about what’s the framework, what are the guidance. But at all points in time, the sort of senior executive was kept in the loop and people were allowed and given space to feed in as to what was right for them and what wasn’t.
And then that sort of filtered down into the teams to allow teams to actually shape the structure of the policies. And you’ll know from having worked on that some of that was better than some of that was less in terms of engagement, but I think that the process and the way that the individual leader was trying to achieve the change in the end outcome was really really quite positive. I think it really helped that project that there was that…
person driving it along…
and making sure that people gave it the attention it deserved. And…
it was interesting. My YouTube feed suddenly come up with various interviews about this project related to sport…and how poorly that that sector, football academies, is in America compared to the rest of the world. And I didn’t realize quite the difference…in how…it’s run-in different countries and the impact that it has. So in America, their ability to qualify to the into the World Cup, they haven’t I don’t think they’ve done it particularly well in recent years, and that’s driven because they have a poor…
process pipeline from children to to professional adults doing the work. Yeah. And this organization…is all about getting the pathways in place from…to from child to adult and are very successful in doing that. And it gave me appreciation of how…well run or how many good things that organization is doing compared to to elsewhere…
Yeah.
So if you come across a director who’s inherited a compliance culture that’s already broken, and there’s distrust and there’s rule for the sake of rules, You’re asked to come in. Where do you start…
There’s always the million dollar question, isn’t it…
And I think that in general, if you’re working with that director, it is part of the question to them is, well, what are you open to trying? Uh, because for me, the starting point is go out and listen. You know? What are what are the pain points? What are people frustrated about?
Why are they why are they frustrated? Why is a policy or procedure even in existence in the first place…Um, you know, back to your NHS point. Right? If you’ve got one I imagine that that that trust had built up over time as new systems came in, a new policy Yes. Because they felt like they needed the accountability, but no one had actually probably paused to think, well, why are we creating a USB policy and an email policy and a fax policy?
Or, you know, how can we merge our sort of data management or information sharing policies? And I think that’s often very underestimated in in terms of any sort of changes, the listening phase of just…
asking why and genuinely trying to figure out what what’s going on…
before you sort of start to say, okay, this is what we’re going to do. I think then the second process is, again, it’s not that…
big bang that we’re going to change everything. It’s actually…going, okay. These are the challenges and problems…and figuring out which are the ones you can solve relatively quickly. So, you know, for example, are there a set of policies that just actually are no longer relevant, are not protecting the company, are making people’s lives worse? Can you just get rid of them?
That’s a quick win that will buy you support, generate momentum, make people more supportive. At the same time, you might have a set of policies or challenges that are genuinely complex. You know, the policy or the regulation or the procedure exists for a reason. It’s managing a risk, but it’s become really complicated. So can you bring a group of people together to actually work on that so that rather than it feeling like it’s a top down imposition, you’re moving people along in that process together.
Um, and then there might be some things that you’re like, yeah. Well, we need to take these away and actually figure out how we manage that with the with the board, where you know, where’s the problem sit. So I think that second stage is sort of what are the quick wins, but also how can you start to buy people into the process. And then the third stage is sort of the testing and iterating, uh
, and just being very wary. I think in particular in the world of sort of procedures and…and guidance and regulation in an organization, that you don’t let it drag out and become a three year thing. I think it’s okay to say, look. We’re going to put something in place, and we’re going to test, reiterate, and we’re going to adapt it as it goes. And we’ll we’ll visit it every year.
And if that’s what you need to do, then then do that. But don’t let the process become so long because, actually, no I don’t think very many people are really motivated by talking about procedures in an organization. They want to do the the do the work. And for businesses that are trying to grow, they need to be outward looking. So you do need to do some of the inward looking work, but make it short, discreet…with a commitment to revisiting it when it’s not when you find out what’s working and what’s not working.
So I think if you do those three things, you tend to have more success in sort of revising the wider policy environment.
I want to pick up on something you said there. Often, the choice is…
between…do the easy stuff so you build confidence or do the complicated stuff that will provide the biggest benefit. You mentioned a third one which is look for the waste and delete stuff that’s not necessary to streamline things in in that way, and I think that’s often forgotten. And that pruning of…stuff that’s not needed…
all links into a theme that we talk about and that is that procedures shouldn’t be a snapshot in time, they’re not a momentum of how things works years ago. It does require constant gardening of pruning stuff that’s no longer needed and adding stuff that or changing stuff to reflect how things are today. And, actually, that’s a really it’s a really nice point because it as with almost everything in organization, culture, leadership, the procedures…
if we forget to do the gardening and the weeding…
it becomes overgrown and difficult and disentangle and doesn’t work as well. And so, actually…you know, often…as much as anything, can you set out and articulate a process or a way that you’re going to do that on a regular basis that doesn’t feel underused, but enables people to know that they if they feel something’s not working, they will have a voice and they will have an opportunity to sort of tweak it and improve it. We’ll get rid of it if it’s not no longer appropriate…
And is there a particular test to decide whether a rule should stay or go? How you tell what’s a genuine safeguard from just noise…
So really, I mean, it’s an interesting question, isn’t it? Because I it will vary depending on the industry. I mean I think if you’re in the oil and gas or in a very heavily regulated industry, fundamentally you’re going to have quite a lot of procedure that you have no choice in or at least you’re going to have a lot of compliance that you have no choice in and that will lead to a lot of procedure that you need to put in place. Um and so I think as like a first test you often the first question needs to be…
what are we legally required to…do? What do we legally need to have in place to be compliant as a business, as an organization…
And unfortunately I think sometimes when I was actually talking to people recently, especially if we’re sort of charities or smaller organizations…
that can feel quite burdensome in and of itself because there is still quite a lot of regulation…
So I think but I think that’s a really good starting point is…
just make a list of what are we required…
to do by law, um, or by our governing body. And then I think the second question often…is to the the board or the trustees…who own fundamentally own legally the risk…which is what do you what do you need to feel confident that the company is managing these compliance issues appropriately? And I think sometimes people forget that that, you know, boards change over time, and you might have had a board that really wanted to because of a moment in time or transition a lot more compliance. But actually going back to the board and sense checking what is appropriate, Actually, I’ve an example that I’ll come back to. Just is really important.
And then and then I think at that point, you sort of sense that this is what we need to do. So…make sure you’re doing that and actually ask yourself the question. In order to achieve this, what is the bare minimum we need to do? Because actually the bare minimum over time will expand. So, you know, stripping things back to the bare minimum.
It’s a little bit like pruning a hedge that’s a fast growing is you often can take it back a lot further than you do…
because it will grow back out and I think that’s the same with policy and procedure. And the example that was just in my mind is I sit on the board of a…multi academy trust…and it’s been really interesting because they’re growing and they’re we’re bringing in more schools, but it started actually quite small. And so the board’s role in the compliance and governance and oversight was really hands on and the procedure and the process and the review of even policy…reflected that that…and that most of it sat with the board, and often the board was really involved in it. As we’re maturing, we’re going back to this conversation now almost on an annual basis to say, well, what as a board, we are a governing body. We’re not a doing body.
So how do we…are we getting the calibration right in terms of what needs to come to us versus what sits with the executive? What is it that we need to see to be confident that that our legal responsibility is being fulfilled? And I think that’s a really interesting question to sort of keep asking yourself…
in order to filter it down. Sorry. That was a longer answer, but No. It’s really interesting because I was I was thinking of there’s a tendency in this country of gold plating everything and…often with we’ll get asked how long does it take to write rewrite our procedures…which is like how, you know, how long how long does it take to write a software application? You do need to scope…the work and that that is an important that is an important And then also with that is then triage it or prioritize it.
What are the things that…you have to do, which are the things you should do and things you don’t need to do, and then you can…help to plan and realize how long this is going to take, how much effort is going to require. And if you’re bringing an external resource, get a sense of the budget that you need to allocate to it as well. Yeah.
So we’ve…
from that, it’s we’ve sort of answered the question of where does somebody start…
and focus at the beginning…
in that it’s scoping the work and prioritising the aspects and…
looking at what isn’t needed so that you don’t get bogged down in that. Is that a fair summary, or would you say there’s anything else that somebody should do if look consider where they wanted to prioritize this and think about the initial stage…
I I think I mean, I think that’s that’s it. I guess the only other thought that jumps to my mind is…I think there is value in in in having a really open conversation about risk, uh, and doing a bit of a risk-based prioritization because it it’s tempting to do everything all at once, but that’s overwhelming for an organization. And so actually asking yourself that the sort…
of third question, I suppose, which is how much what risks are we most willing to carry…in terms of a policy not being up to date or policy being not fit for purpose, but it’s not one it’s one that we don’t feel is a significant risk to us. So for I mean, maybe not a great example, but the example that jumps to mind is that an organization that doesn’t deal with too much personal data. Updating your data information and sort of GDPR compliant policy might not be the first thing you do if you’ve got a whole set of other regulatory…things that you you actually do need to have in in place and you feel are a bigger issue for your for your team. So sort of it’s again, it’s making that risk assessment and…I think, you know, from a an organizational perspective rather than perhaps on the leadership front, I think that the challenge is to get the board and the executive to be having that conversation really efficiently because the board needs to say this is the risk we’re comfortable with but the executive needs to be sort of providing the sort of perspective and the judgment and the sort of operational this is how it is and having that back and forth with the board. Yeah.
You remind me of the anti modern slavery policy. Yeah. And for one organization so there are different rules to the size of the organization based on turnover. And…
we were involved with one project where there was a holding company, so technically, they had a very high multimillion turnover, a very, very small…
team within that. So anti modern slavery was something that was unlikely to in reality to be a high risk, but from a legal perspective, organizations are meant to provide annual reports and audits of assessing what risks and mitigations they’ve got in place. So do they…deemphasize that because it’s very unlikely to happen or do they prioritize it because there are potentially legal fines if…it were to happen or if they if…they hadn’t completed these audits and published them on their websites. And those are not decisions that we can make as a charity, if it’s there for the board of the organization to decide whether what how what they do with that priority. And it’s not a some ways, it’s a tricky and challenging question to to do to decide.
Yeah.
And…
I think…
as a final question…
let me let me post this. What’s something you believed about compliance five years ago that…you no longer think is is relevant or believe…
That’s a great question. I laugh because I think I probably would have sat in the camp of like the more clearly you can write down a policy the better that people will follow it and I think there’s real value in that. But I think probably what I believe now is that people have to understand the purpose of the policy…and so you know we haven’t really been able to touch on this today but you know when in some of our work we’ve done I think both you and Ginny at different times have said look this doesn’t need to be a lengthy document, we don’t need to write everything down, like we need to get the general principles down And I think that’s probably something that’s really changed for me is that a good policy doesn’t actually…have to say everything. A good policy needs to be really clear about what why it exists and what what it’s trying to achieve, what it what the expectation is of of anyone who sits in that organization…
And that the how…
can often be left a bit more open and more flexible…to allow individual leaders and managers to shape their decision…so long as as the purpose and the sort of, you know, the key outcomes essentially are really clear. And I think that for me sort of shifted my view on on what you would write down. So…
in some in some cases, that might still require lots. Right? If you’re highly regulated and there is a specific thing you have to do, then you’re gonna have to write it down because that’s what you need people to see. But…I think equally, if you are…
you know, if it’s a policy that is relevant to you as an organization and how you work in terms of managing a risk on a way that you are sort of setting standard…
It doesn’t actually require a really complicated long policy document and the thing there’s it really is that sort of piece about calibration which is probably the thing I feel…more clear on than I ever have is…that the goal of policy isn’t…
to confine or constraint. It’s to capture the culture and the values of that organization and how it wants people to work going forward. And that should be living and should adapt as as things things evolve and change. So instead of getting that balance right feels really important to me. It’s definitely something that I I probably didn’t believe sort of six to six or more years ago.
Yeah.
That’s interesting. I remember there was a we were involved with the policy relating to security. And you it was very easy to fall into a rabbit hole of security for the offices, security for the playing field, security for the stadiums, and going into all of the detail. Um, there are rules that FIFA have.
There are rules the organization has. And I think FIFA Pro, which is the player organization. So…
I think in the end we stripped it down saying these are what these, um, two external bodies require you to do, and this is what the organization requires…
Make sure you implement them, but in terms of each country and each location…
that’s going to vary and you you do it in the way it’s appropriate for you because…one place might not have any public…members, perhaps only parents arrive, and then others, there might be games with thousands of of fans. And in the end, set the ground rules so everyone’s clear on those, and then…you can…go from there for each particular situation because a one size fits all…
was gonna end up with a a just this huge document where ninety percent just wouldn’t be relevant…to specific countries. And it’s such a good example about…
of what we’ve just been saying is you know what’s the risk to that the board needs to sort of think about? What’s the role of the executive in creating space for leadership to identify the challenges and create solutions…but setting a consistent standard. So actually just really simplifying and being like look our policy is very simple, we want to see this because this matters to us as an organization or we need to see these two things. It’s up to you as the individual responsible for that location to make sure that that is in place and to justify to us that that is. And I feel like that sort of meets the criteria of good policy because it’s testable.
You know somebody can show up there and say…
explain to us demonstrate that the you are compliant with our policy and…you know, and it’s clear what the policy is and it manages the risks…
in a in a clear way with with authority sitting where where is appropriate. So, yeah, it’s just it’s such an interesting one, isn’t it? It was a very interesting project.
One of the privileges of doing this work, I think it’s true for you, is you get to…see the insides of different organizations, how they work, and what’s important to them. And…
it’s Yeah. It is fascinating because you get If you’re doing a a normal…job working in a bank, you only see the one organization. Whereas Yeah. With these sort of roles that we do Yeah. You’re seeing multiple organizations work around.
Now in the last podcast episode we did, we didn’t ask you how or ask how…people can contact you if they want to if they’ve got a project…Yeah. And they need for guidance on leadership. And so…
how if somebody does would like to have a chat with you or pick up more, ask questions about what we’ve discussed, what’s the best way of contacting you? Yeah. Thanks, Alice. I mean, this is this has been great. And, yeah, I mean, if anyone wants to work on policy and leadership together, we’re we’re a good team.
We know that we work well together. So Yes. Um, but if you wanna get in touch with me, the easiest way is is to email me at ben, so b e n, at ordinary leadership dot org, uh, and you’ll you’ll find you’ll find me there. You can also have a look at my website w w w dot ordinary leadership dot org, or you can find me on LinkedIn very easy, w b French. So that’s how you how you find me, and I’m always interested in in having a chat with with anyone who’s got a a leadership or a team development challenge, policy related or or not.
So yeah. And we’ll put this also those in that those details in the show notes as well. Brilliant. Ben, thank you. Well, thanks, Ellis.
Yeah. Thanks so much for your time today. It’s been it’s been a real pleasure. It’s been really interesting.
Leave a Reply