Compliance for SMEs

Compliance has to be part of the company culture

For a long time, compliance has evolved to become not only relevant for big and often listed corporates, but for all company sizes. A number of laws, in their application and enforcement, do not differentiate between company size or age. Thus, the repercussions of compliance violations can be existence threatening, especially for small and mid-sized companies.

Many small and mid-sized companies (SMEs) developed an awareness for compliance, but still remain sceptical towards this topic and the introduction of whole compliance management systems (CMS). Extensive GDPR prescripts, new standards like the clean desk policy and constantly changing regulations impede compliance for companies with limited resources – limited personnel and financial resources as well as limited know-how and limited organizational structures. But in most cases, the implementation of a good CMS is worthwhile in many ways. For example, it can lead to the following:

• Assurance of lawful behaviour in the company
• Protection of the company and the staff against hefty fines
• Risk minimization of reputational damage
• Increase in attractiveness for employees, customers, investors and other partners
• Early detection and control over risk and violations

Compliance must be a top priority

In the current times, the observance of applicable compliance regulations must be part of responsible corporate management. The management is in charge of the implementation and supervision of necessary measurements. In case of careless violation of this duty the board, the CEO, the executives and management can be held personally liable. Especially for SMEs, the consequences of illegal activities can be existence threatening.

Compliance violations appear in all industries

Multiple examples of various industries show how important compliance is today. Compliance incidents like Wirecard, Tönnies or the VW exhaust gas fraud are well known and display the broad impact. The insolvent payment service provider Wirecard landed in the headlines in 2020 because of balance sheet trickery. According to previous statements 1.9 billion euros are missing. No internal control system was implemented. The public prosecutor Munich is investigating on suspected gang fraud, feigning receipts and market manipulation. The former CEO has been arrested while the ex-board of directors is still on the run. (1) Moreover, in 2015 the scandal about manipulated exhaust gas measurements of diesel vehicles went viral. Million models of the automotive group Volkswagen were affected. VW still faces complex lawsuits and penalties of billions. (2) Those incidents shock the global economy on a regular basis. Although compliance scandals of smaller companies are covered less often in the press, businesses should not dare to think that they do not happen.

Compliance is a flagship for companies

A resilient CMS does not only protect companies from high fines, but is also as sign of external presentation. More and more often the proof of a CMS serves as a decision criterion of clients, especially big company groups, for order placement and cooperation. Compliance violations against the antitrust law, GDPR regulations or about acceptance of favours come up constantly and can have substantial consequences for the company image. In 2020 the Swedish fashion company H&M had to pay about 35 million euros. Executives of the call center in Nuremberg requested and saved private information (vacation details, medical diagnosis, family issues) from their employees which were accessible for many other executives afterwards. This incident was detected because of a configuration error which made the data accessible for everyone in the company group. The executives responsible strived for a transparent investigation and were willing to pay a compensation to the affected employees. (3) Although H&M apologized to the employees as well and announced a personnel change in management, this negative press will still accompany the company for a long time. However, preventive compliance measurements like a digital whistleblowing system, regular GDPR updates and improved security measures could have prevented this incident.

SMEs take their first steps towards compliance

Despite the number of regulations, the advantages and valid examples, the belief that compliance simply is a waste of money and time often remains in SMEs. There is no doubt that the implementation of a CMS requires additional efforts on the part of the company, but even this can be reduced with professional support. Compliance incurs expenses at first, but the lack of compliance is likely to cost much more. Like in every other strategic decisions, companies must think long-term and consider the returns of compliance: documentation, prevention and risk coverage.

We have a few tips for your way to successful compliance:

1. Awareness of the employees
   The staff plays a crucial role in the successful implementation of a CMS. Companies need to inform their employees regularly and invest in their awareness. Trainings are helpful to communicate the goals and conditions of a CMS and its measurements.
2. Appointment of a compliance officer
   Primarily the management is responsible for the company’s compliance with the law. By creating an additional position that serves as a contact person for this topic companies increase the awareness and demonstrate the importance of compliance.
3. Implementation of a whistleblowing system
   A whistleblowing system gives all company stakeholders the chance to indicate wrong behaviour and compliance violations. On the hand it demonstrates security as well as willingness and on the other hand the system is an easy preventive measurement for the company.

Compliance is relevant for all company sizes and should be addressed with professional experts right now. It’s an investment that pays off.