8 January, 2025 | JAN FEB 2025

Compliance: Finding the path of least resistance

Making compliance easier for employees: online gaming compliance consultant Alex Henderson provides Gambling Insider with a step-by-step guide on creating a unanimous approach

I wanted to write an article that could also serve as a form of guidance or training piece. Something that new or aspiring compliance officers could learn from, but also a reminder to myself and others that have been doing this a while of what works and, of course, what doesn’t. For anyone working in compliance, before you even start a role in this area, you are fighting an uphill battle. This is because, as I have said many times before, we have given ourselves the worst possible name – “compliance.” It sends the wrong message to our peers and, quite frankly, sounds outdated and incorrect.

I much prefer aligning our function to risk management as that is our aim, after all. We want to help a business understand and manage their risks. We are here to advise on the laws and regulations – and how to adhere to those laws in a way that helps business grow. Compliance rules are designed to keep businesses safe and operations running smoothly. But when these rules are disconnected from the realities of the people who follow them, they become as ineffective as a paved path ignored for a quicker, well-worn shortcut. When compliance feels cumbersome, employees find ways around it, introducing risks that could be avoided with better planning. I have broken this down into “lessons,” meaning they have come from things I have either got right or wrong, but either way, a lesson was learned. 

Lesson 1: Compliance needs to be realistic and accessible

Imagine a company that rolls out a new compliance policy, which requires an extensive checklist before even minor actions. Initially, everyone follows the rules to the letter. But, soon, employees start skipping steps to keep up with their workload. Compliance policies should enhance workflow, not create unnecessary roadblocks. When policies are complex or out of touch, employees are likely to create their own methods, which may not align with the intended compliance. 

A real-world example: One client implemented a multi-step approval process for every technical change, not just via the compliance team, but layers across other departments that simply delayed implementations. What they found was that teams were simply no longer forthcoming with improvement ideas. Team members who were previously forthcoming with suggestions to improve systems or user experience no longer came forward as the number of hurdles arising from the system began hindering progress. The fix? Streamline the development policy so that the most essential steps were emphasised, and minor tasks didn’t hold up the process. 

We live in an age where people prioritise ease and simplicity. So we should be making compliance easy for our peers

Takeaway

Design compliance that’s easy to follow. By involving employees in the development phase, you’ll gain insights into how the process impacts their day-to-day work and adjust accordingly to reduce unnecessary friction. Sign-off processes are vital but must be implemented in a way that is smooth and explainable to the wider teams. 

Lesson 2: Barriers can lead to creative detours, not compliance 

Some policies act as barriers rather than guides. Picture an office or system where accessing a crucial tool requires multiple sign-offs and password resets. Employees soon start sharing passwords or finding unofficial ways to bypass the process. This defeats the purpose of compliance, which is meant to protect, not inconvenience.

I have lost count of how many times I see people take shortcuts because the compliant choice is harder, i.e. how many people skip through compliance e-learning training and go straight to the exam because they don’t have the 30 minutes available it takes to sit through a bunch of slides… Effective compliance should guide, not obstruct. One of our clients faced a similar issue where password changes were mandated so frequently that employees began writing passwords on sticky notes. There was an increase in security breaches and a huge GDPR risk. After revisiting the policy and extending the password change period while adding two-factor authentication, adherence improved without sacrificing security. 

Lesson 3: Understand the "desired paths" of your team

I love the term “desired paths;” it is so simple but rarely considered by compliance departments who are typically more focused on installing rules into a business. Urban planners use the term “desired paths” to describe natural trails people create when the paved path isn’t practical. In compliance, these show up as informal workarounds. When policies don’t match the workflow, employees create their own ways to get things done. For instance, I witnessed a process whereby AML Officers had to re-review accounts on a monthly basis, even if there had been no increase to risk levels or activity. This resulted in them creating a shortcut of “copy and paste” the old reviews with a slight tweak in the notes. It meant they could hit their KPIs, but at the risk of missing something important in their review. If the steps don’t add value, employees will skip them.

Instead of blaming staff, take the time to understand why they’re taking shortcuts. It could be that some steps are redundant

Methodology tip

Map out these “desired paths” during staff workshops. Employees highlight which parts of the process they find cumbersome, and together refine policies to align with actual needs. This not only improves compliance but fosters trust and collaboration. 

Lesson 4: Listen to the team - they're walking the path every day 

When I first stepped into the glamourous role of compliance, I thought drafting policies was going to be the focus of my job. I was dishing out policies like there was no tomorrow. After a few setbacks, I sat down with one of my previous teams to find out why they werenot following the policy. Someone kindly pointed out that the policies were useless tothem because they assumed what their job entails. Too often, compliance policies are created in silos by people removed from daily operations. While well-intentioned, these policies can be impractical. Including the team in shaping compliance processes ensures they’re both realistic and effective. 

Example:

One client revamped their compliance approach by creating a cross-department taskforce to gather input from different perspectives. This group identified outdated or overly complicated rules that needed revisions. By including employees in these discussions, the company streamlined its policies and gave teams a sense of ownership. 

Make compliance the path of least resistance 

Compliance should be a seamless part of operations – integrated, not imposed

Policies that follow the natural flow of work will always be more effective than those that disrupt it. The psychology behind compliance isn’t complex: people prefer processes that help them, not hinder. Designing compliance with employees in mind – by involving them from the start and making adjustments based on their feedback – creates a culture where compliance is respected and followed. A compliance policy that’s easy to follow is one that will be followed. And that’s the real win for everyone. 

Henderson is the Group Head of Compliance for AMLGS, currently applying his services to GIMO and NetBet Enterprises; he started his career working within UK Law Enforcement Agencies as a Financial Investigator and AML expert advisor. He has more than 15 years of experience advising companies in the UK and internationally within sectors including financial services, hospitality and gambling operations. Alex is a dedicated advocate for ethics, risk management and inclusion and has set out his strategic agenda for a culture of compliance across the organisations he works within. He is a frequent guest speaker at ethics, diversity and compliance events with the focus on empowering employees within their organisations to achieve their goals and the highest of compliance standards. 

In the Magazine