Why Compliance Culture Starts with HR

Bridging two worlds that should never be separate.

In many regulated firms, Compliance and HR operate in parallel but disconnected streams. Compliance focuses on controls, policies, and audit trails. HR is seen to handle engagement, performance, and development. But in truth these two worlds overlap when it comes to culture and process. Harmonising this relationship is key to either side being truly effective. The reality is that we cannot deliver meaningful compliance without a healthy leadership culture — and you cannot drive cultural change through HR, without embedding responsibility, accountability and performance management into the ongoing rhythm of the business

This blog explores why regulatory oversight is more than a compliance issue and how aligning HR and compliance processes is not just desirable — it’s essential. It also shares how tools like Actus Performance and Actus Oversight can help firms track, evidence, and embed cultural expectations throughout.

1. Less ‘tick box’ more embedded cultural processes

The FCA and all regulators have been trying to move away from ‘tick-box’ compliance for many years. However, culture is now centre stage — and for good reason. Culture is the invisible force behind decision-making, risk appetite, customer care, and ethical conduct. In the same way, HR professional bodies have been emphasising how performance management and appraisal should be meaningful, ongoing AND not treated as “tick box” exercises if they are to be seen as meaningful and actually impact performance.

But how do we develop and regulate culture?

The Consumer Duty is a prime example. It asks firms to prove they are delivering good customer outcomes — not just through policies, but through training, behaviour, leadership, and performance.

Other FCA regulations follow the same logic:
– Under SMCR, firms must demonstrate that individuals take ownership of conduct and accountability
– The FCA’s focus on non-financial misconduct feeds into traditional HR domains such as bullying, harassment and discrimination positioning poor culture as a potential conduct risk
– HR’s processes look to remove bias and discrimination and promote equity and inclusion – again great in theory but actions speak louder than words here and that comes back to leadership and culture

This is where the concept of compliance toolkits start to look inadequate because they give the illusion that you can just ‘fix’ compliance when in reality the right people driven processes, supported by the right technology (like Actus Comply, Oversight or Perform), come into their own.

2. Why HR Processes are central to regulatory success

Let’s be clear: compliance culture doesn’t live in a policy document, it lives in the decisions leaders make, the behaviours they reward, and the way people are held to account.

And this means that key HR processes can directly influence regulatory success. By success that means embedding the ethos of a compliance rule, not delivering the minimum acceptable standard. Examples include:

• Performance Management: Do objectives include customer outcomes, conduct, and compliance behaviours?
• Training and Competence: Are staff not just completing learning modules, but applying it in practice? Are managers coaching and reinforcing it?
• Appraisal Systems: Are values and behaviours part of performance reviews and if they are, do they align with Conduct behaviours?
• Fit & Proper and Succession: How acceptable is it to have development areas in relation to Conduct Standards? Are succession decisions made objectively, with reference to integrity, judgement, and conduct history?

These are questions Actus Perform can help to answer. By digitising performance reviews, one-to-ones, objectives, and feedback, Actus makes it easy to weave compliance expectations into the performance cycle — and to report on them in real time.

3. Cultural Consolidation

The strongest compliance cultures emerge when HR and Compliance join forces.

Co-create behavioural frameworks

Regulators want to see that your values aren’t just slogans — they’re tied to behaviours, and those behaviours are embedded in processes. Whether it’s integrity, transparency, or customer focus, these should appear in:

• Objectives and OKRs
• 360 feedback processes
• Promotions and development planning

With Actus Perform, firms can embed behavioural frameworks directly into the performance process — so people are held accountable to them, not just reminded of them once a year.

One platform to align individual objectives with regulatory outcomes

Under SMCR or the Consumer Duty, individual accountability is key. To embed this culturally, it all starts with clear objectives and consistent feedback in the same way as other important activities and processes are delivered. Actus Perform can embed this at an individual level whereas  Actus Oversight enables firms to assign and track Consumer Duty responsibilities at all levels, monitor progress, and create a complete evidence trail — reducing regulatory risk while driving internal clarity.

Use performance data as a compliance culture audit tool

Regulators are asking: How do you measure culture? Performance management systems provide a rich dataset — if you know where to look.

With Actus, you can track:

• Completion rates of one-to-ones or appraisal conversations
• Frequency and quality of behavioural feedback
• Inclusion of customer-focused or conduct-related objectives
• Line manager engagement in coaching and competence development

4. From insight to oversight: Build dashboards to support a Compliance Culture

With Actus Oversight, firms can move from anecdotes and spreadsheets to consistently gathered metrics and evidence. It can bring data together across HR, compliance, and training, offering a single view of cultural health and regulatory readiness. You can track:

• Role-specific Consumer Duty responsibilities
• T&C compliance and gaps
• Non-financial misconduct reports or cultural red flags
• Objectives and improvement actions against customer outcomes or regulatory duties
• Line manager oversight and escalation trends
• Full performance management process and activities

This bridges the worlds of HR and Compliance in a way few systems do – providing board-level insight and operational accountability in one place.

5. Avoid the risk of a silo approach

When compliance overly delegated, and HR is restricted to the people space, risks can emerge such as

• Misconduct going unchallenged, if performance processes fail to identify or address behaviour issues
• Toxic subcultures, hidden beneath good surface-level reporting
• Customer harm, when incentives or objectives push the wrong behaviours
• Regulatory breaches being overlooked or even encouraged

Cultural failures rarely occur due to bad intent — they occur due to poor alignment between what the firm says it values, and what it actually rewards and monitors.

6. In Summary: embed cultural compliance into your people processes

To build a resilient, customer-focused compliance culture, firms must embed regulatory expectations into their day-to-day people practices. That means:

✅ Including regulatory objectives in performance reviews
✅ Holding regular, documented check-ins about behaviour and accountability
✅ Monitoring training application, not just completion
✅ Equipping managers with the skills — and systems — to lead culture conversations
✅ Using joined-up platforms like Actus Performance and Actus Oversight to bring it all together

Final thoughts: Culture is everyone’s job — systems can embed and support this

We’ve entered a regulatory era where “culture” is no longer a woolly concept. It is measurable. It is auditable. And it can no longer be the sole responsibility of HR or Compliance — it must be co-owned, embedded, and continuously monitored. Actus helps firms do exactly that — by aligning performance, oversight, and accountability under one cultural roof. If you’re serious about driving good outcomes, start by building the systems and behaviours that support them.

Why don’t you get in touch or take a look?