Q&A: Compliance is people not technology led – it is a partnership
17th April 2026
In conversation with Ryan Dempsey, CEO, The Compliance Workbook Ltd
Ryan Dempsey discusses why compliance in social housing depends on people making informed decisions, supported by technology and processes, not replaced by them.
At a glance
Compliance depends on clear accountability and governance discipline, not just better systems
Technology structures information and surfaces gaps, but cannot create ownership where none exists
Listening to residents provides early warning signals that formal compliance processes often miss
How does compliance work in housing now, and what needs to change?
Right now, most providers are managing compliance through a combination of spreadsheets, document archives and periodic audits. The information exists, but it is fragmented. You might have gas certificates in one system, asbestos records in another, and remedial actions tracked manually or not at all.
The problem is not that people do not care. It is that the information is hard to interrogate. When a board asks whether all properties have current fire risk assessments, the answer should take seconds. Sadly, it often takes days or weeks to compile, and even then, there is uncertainty about whether the data is complete.
What needs to change is how we structure compliance information so it can be interrogated in real time. That means moving from static documents to structured data. But and this is critical, that change only works if it is accompanied by clearer accountability and better governance discipline. If you digitise a broken process, you just get a broken process that runs faster.
What role does technology play in compliance today, and how might that change?
Technology today is mostly about storage and retrieval. We are using it to hold documents and generate reports. That is useful, but it is not the same as managing compliance.
The shift we are seeing, and where I think technology becomes genuinely valuable, is when it moves from passive storage to active interrogation. AI can flag missing certificates, identify overdue actions, and surface patterns across thousands of properties. It can tell you which assets have incomplete records, which contractors haven't submitted documentation, and which remedial works are still open six months after they were raised.
That is powerful. But it only works if the underlying data is reliable, and if there is a governance structure in place to act on what the technology surfaces. AI will tell you there is a problem. It will not fix the problem. That still requires people making decisions, assigning accountability, and following up to ensure actions are completed.
The future is not about replacing people with technology. Instead it is about giving people better information so they can make better decisions.
How does organisational culture impact compliance delivery?
Culture matters, but I think we sometimes use it as shorthand for things that are actually about process and accountability.
If compliance fails, it is rarely because people do not care. It is usually because responsibilities are not clear, because there is no structured way to track actions, or because governance oversight is inconsistent. These are operational problems, not cultural ones.
That said, leadership sets the tone. If senior leaders treat compliance as a reporting exercise rather than a safety obligation, that filters down. If boards do not interrogate compliance data, if they accept assurances without asking for evidence, that signals that compliance is not a priority.
The role of leadership is to make it clear that compliance is non-negotiable, that accountability is explicit, and that findings lead to action. That is not about culture in the abstract. It is about setting expectations and holding people to them.
How does compliance become a shared responsibility across an organisation?
It becomes shared when everyone understands what they are accountable for and when there is a clear line of sight from frontline activity to governance oversight.
This means asset managers need to know which properties they are responsible for and what compliance obligations apply. It means contractors need to understand that submitting documentation is not optional. It means governance teams need to be able to see, in real time, where gaps exist and what is being done to close them.
The mistake is thinking that shared responsibility means everyone does a bit of everything. It does not. It means everyone knows their part, and there is a system in place to ensure those parts connect.
Technology can help with that. It can make accountability visible. But the accountability itself should be designed into the process. You cannot automate your way to shared responsibility.
Is listening to residents the most underrated component of good compliance?
Yes. Absolutely.
Residents know when something is not working. They know when heating systems are unreliable, when ventilation is inadequate, when damp is recurring. They are living with the consequences of compliance failures long before those failures show up in formal audits.
The problem is that resident feedback often sits in separate systems. It is treated as a customer service issue, not a compliance signal. But if you are getting repeated reports about the same issue, that is not just a service failure. It is a potential safety risk.
Listening to residents is not about sentiment analysis or satisfaction scores. It is about treating their lived experience as compliance data. If residents are telling you something is not working, that should trigger a review of whether the underlying system is compliant, whether the installation was done to standard, whether the maintenance regime is adequate.
We have built compliance systems that rely on certificates and inspections, and those are important. But they are backward-looking. Residents give you real-time information about whether systems are actually performing. That is invaluable, and we do not use it enough.
How do we strike the right balance between people and process in good compliance?
The balance is not about choosing between people and process. It is about designing processes that support people to do their jobs well.
Good process makes accountability clear. It ensures that when a compliance issue is identified, there is a defined pathway for resolution. It means remedial actions are tracked, verified, and closed out. It means governance teams can see what is happening without having to ask for ad hoc reports.
But process alone does not deliver compliance. You still need competent people making judgements. You need asset managers who understand the stock they are responsible for. You need governance teams who interrogate findings rather than just accepting them. You need senior leaders who recognise that compliance is about resident safety, not just regulatory reporting.
Too much process without clear accountability becomes bureaucracy. Too much reliance on people without structured process creates inconsistency and risk. The balance is struck when process makes accountability visible and when people use that visibility to make informed decisions.
Technology supports that balance. It structures information, surfaces gaps and tracks actions. But it does not replace the need for people to own the outcomes. Compliance is not about software, it is not about dashboards, it is not about reports. It is about people making sound decisions based on reliable information, with clear accountability for resident safety.
That is the partnership. Technology and process enable it. People deliver it.
Unlock all content
This is the 1 of 3 articles you can access for free. Become a member to unlock unlimited access to our full content library.