Compliance and regulation

A conversation on risk: part five

Compliance is something that every business is familiar with and the risks associated with it. McLaren Honda hold themselves to a high standard. Managing compliance can be difficult and what it can ultimately come down to is the individual.


The level of bureaucracy required for transparency is high. I think the intent is a good thing—and even though we’re not a listed company we would certainly hold ourselves to the scrutiny of the blue chip organizations that invest in us, to be judged by those standards.

For us to be a successful organization and a high performance one, we have to carry the credibility and the brand values associated with our investors. We take damage to reputation very seriously. As brand ambassadors, there are a series of expectations both codified and not codified that go with that; that also plays a factor in the whole risk management environment.

For us to be a successful organization and a high performance one, we have to carry the credibility and the brand values associated with our investors – Jonathan Neale


The role of individuals is critical in compliance and actually presents quite a difficult issue. An organization can put in place a robust, rigorous compliance programme but ultimately, its execution, its success, and its accountability are all dependent on the individuals involved. 

We see time and again that where there is individual failure to comply, that is what escalates risk and gives rise to exposure. In the chain of compliance, adherence for the organization is only as good as the compliance of each of the individual pieces.

At the same time, an organization has to consider when things go wrong whether it was as a consequence of individual foibles and human error, or whether such individual conduct arose out of the structure, lack of check mechanisms, and culture of the organization. One should be asking whether an issue of failed compliance came about because of failures in structure or was it truly a rogue employee? The individual may get the blame, but there may be a broader context that has to be examined.

Regulators are a constant in the world of Grand Prix and in business. For McLaren it’s about working with the regulators rather than against them.


We’ve seen a variety of moves by the regulators in Formula 1, some of those very good, such as the constant underpinning of safety since the death of Ayrton Senna in 1994. But every three or four years we roll the dice on the technical regulations and we move from one direction to the other without any seeming constancy of purpose. We end up altering the experiment slightly, in the interest sometimes of improving the spectacle of the sport (which begs a series of questions, for whom, and have we measured that, and can we quantify that).

But there’s an obligation on us all, I would say, to work with the regulators: if the industry of the sport is not regulated it becomes chaotic.

Of course, we see this from different vantage points. From our perspective we may not always get what we’re looking for. The regulator’s job is to balance the interests of the teams, which are diverse, alongside the interest of the spectators (also diverse) and the commercial rights holders and then the sports promoters. So there is this quite diverse stakeholder community whose expectations have to be managed. As with all these things, if you hold yourself up to be a moderator or regulator you hold yourself up to be a target, so we take pots at them.

But generally we work pretty closely with them. So I would say a blessing and a curse.


Yeah, that’s probably right. All you can do is try to work constructively with them, try to align changes that we think are good for the sport.


There is one difference though in our sport: we are actively if not encouraged then rewarded for scrutinising the regulations. One of the curious things is that the more detail there is in the specification, the narrower its application. We’re always seeking to find legitimate or innovative ways around the regulations. We look at every clause, every phrase to say, ‘What does this mean? How should we interpret this?’ There are prizes for being innovative with the regulations. The fact that things are meticulously specified is an area of innovation and opportunity for us, because we’ll find the gaps. And if we don’t then others certainly will.

Regulators around the world have become more aggressive and more invasive—and that is a trend that looks set to continue – Jane Caskey


How an organization feels about the regulators depends on your industry, and where you are in the world. The regulators set the tone and set the regulation in order to create the conditions for proper governance.

However, regulators around the world have become more aggressive and more invasive—and that is a trend that looks set to continue. It’s placing a heavy weight on the companies and the individuals in those organizations. Many clients are asking whether the regulators are doing this to ensure compliance or has it gone a little beyond that?

When you look at the 2008 financial meltdown and its global consequences for both companies and individuals, one appreciates the motivation to correct for that and put in place greater regulation and compliance obligations to protect against such events from occurring.

Jonathan’s point about regulation in the sport of Formula 1 is interesting and highlights the differences in how regulation and risk are approached across different industries. At a recent GC Dinner event we hosted which included GCs from the pharmaceutical and financial sectors, a common theme related to the ethics of risk. Specifically, several of these clients explained that the majority of their day is spent - not on what their organization can and cannot do from a regulatory perspective - but rather it is spent on assessing what the organization “should” do in given circumstances, whether it is formally obliged to or not.


Part one: I am #RiskReady. Are you?

Part two: Are your employees #RiskReady?

Part three: Is speed the biggest risk?

Part four: You cannot cover all the risks, can you?

Part six: Social media