Four years after the introduction of Sarbanes-Oxley many organisations are still struggling with embedding compliance in their business.

They are realising that they need to get smarter at addressing regulatory compliance. It’s a challenge that requires a change of mindset from senior management.

Market reaction to the European Union’s markets in financial instruments directive (Mifid) shows we still have some way to go. I see the same confusion, procrastination and lack of strategy as in the early years of Sarbox. It is understandable, given the lack of clarity in requirements and timescales relating to Mifid. Directors can be forgiven for wondering where to start.

Non-compliance is not an option. Instead, we need to work out how best to minimise the effort and burden, and focus on sustainability. These are the challenges that the more progressive global organisations have addressed with their Sarbox programmes.

In many cases they have achieved this through several iterations but are now more capable of meeting future compliance requirements with minimised effort, and using this to enhance business improvement projects.

In the early days of Sarbox there was similar confusion over the requirements and how to comply. There was also a lack of documentation of business operations, and little idea of how much effort would be required to meet the new obligations. The initial response was to do everything in too much detail.

Once compliant, many organisations struggled with the dilemma of how to remain compliant while operations evolved.

Finally, some organisations started to take a smarter approach. Smaller governance groups were formed to agree and document principles and assumptions to form a compliance framework that they could ‘manage their external auditors with’. They adopted a risk-based, top-down approach to defining their scope, really thinking about what was critical and what wasn’t – and why.

Businesses embarked on culture change programmes throughout the o rganisation. They got their best people involved and they established initiatives to institutionalise compliance into the business.

Mifid compliance presents very similar risks and opportunities for the financial services sector.

But by taking the lessons from Sarbox, companies have a choice: to repeat the same mistakes and over-comply or to take the right steps early to ensure minimal pain and maximum value.

John Bronjewski is director of client services at Resources Global Professionals