What is Compliance Management actually?
Happy New Year, everyone! If you're reading this blog, you're probably interested in "compliance," or "keeping up with" regulatory requirements (and maybe New Year's resolutions?). And that's what the following is all about: What is compliance management, anyway? Compliance with what exactly, really my resolutions to exercise more and quit smoking?
The original purpose of compliance management is actually the prevention of corruption and economic crime. The trend was largely triggered by the Siemens bribery scandal, the largest corruption affair in post-war Germany. Since then, no company can be imagined without prevention work or ensuring compliance with all relevant laws and internal company guidelines. By the way, the legal requirement for this comes at least from §130 OWiG, so if you run a company, I recommend taking a look at it. In the case of companies that are heading for an IPO or are already listed, § 93 of the German Stock Corporation Act (AktG) also applies to the duty of care.
The larger the company is, possibly even listed or aspiring to be listed, the larger compliance teams are founded nowadays, which are supposed to prevent (corruption) scandals and protect management from liability with the help of more or less efficient processes, guidelines and often terribly boring and incomprehensible training for employees. Often, this involves poor communication, the wrong tone from and at the top and not clearly communicating the added value to employees, which is why the topic is often unpopular.
Unfortunately, it is also now not at all clear what compliance is actually about. It's not about keeping New Year's resolutions, presumably. But is it only about preventing corruption? Certainly not, compliance with recycling regulations, data protection regulations, antitrust law, money laundering law, capital market law, trade laws, environmental laws, anti-discrimination measures, labor law, and so on and so forth - and the whole thing on an international level - are now all topics that are included under compliance. Of course, depending on the type, size and industry of the company, there are different areas of focus that a careful manager must consider. The exact compliance topics that are relevant to your company can be determined with the help of a risk analysis. Based on this, an efficient, lean compliance management system can then be created that fits the corporate culture, if done correctly (more on this here).
Culture is the keyword here; we don't want to talk too much about individual laws here. In the end, compliance is a cultural issue, because no matter how many internal guidelines you write and processes you create to comply with laws, if an employee wants to deviate from them, usually to benefit himself, then all these measures are of no help. The only thing that helps preventively is to very actively create a corporate culture based on ethically correct behavior. And this is true even in the absence of rules, because nothing can be conclusively regulated or anticipated, although one should of course do one's best. For the reason that compliance is more a cultural and educational than a legal topic, it is recommended to change the way of looking at the topic and not to look at it from the point of view of "compliance with xy" and to use the term "compliance", which nobody understands anyway (and is often confused with "complaints" and in the next step with "customer service"...), but to look at everything under the term "business ethics". This also benefits the fact that there has been this proliferation of avoidable compliance topics in recent years as described above. In the end, everything can be summarized under "ethics" - i.e. ethically correct behavior in everyday business in all matters and compliance with the laws from the most diverse areas relevant to a company.
The Advantages of Compliance Management even in Smaller Companies
So, apart from the law, why should a small or medium-sized company concern itself with this topic, when ethics and compliance management presumably do not generate sales, but rather create work? Well, that is exactly too short-sighted. If you as a company can credibly demonstrate that you are a reliable business partner through your ethics management, this will have a number of knock-on effects that will increase your sales and thus secure the sustainability of your company: First, you become more attractive to investors. After all, who likes to invest in a business that is in danger of having to shut down due to unethical and/or illegal behavior? For the same reasons you become more interesting for business partners or customers. If they can rely on receiving your product or service as agreed, they will be happy to do business with you in the future. You will also attract top talent as employees. In addition to salary, corporate culture and social commitment of the employer are important decision criteria for employees nowadays, and the better motivated and qualified the employees are, the better their performance will be. Who doesn't like to work for a company that is characterized by fairness, respect, honest behavior and appreciation of its employees? On the other hand, if your company stands out for misconduct and unreliability, it will not only damage your reputation, but can also lead to severe financial losses due to legal fees, lost contracts or fines. This is exactly what you can prevent with a good compliance (or ethics!) management system, and at the same time, with a well-formed corporate culture and smart communication of these issues, you can sustainably inspire your employees for the common goals!
But how do you build up such a System and from which Company Size should you start? And what does it cost?
The good news is that the whole thing can be set up very cost-effectively. With the exception of a whistleblower tool (more on that in another blog post), software is not necessarily required. The only thing you need to be aware of is that if you don't want to hire a full-time compliance manager (and good ones are rare and expensive, which is why smaller scale-ups like to outsource), you should get good advice. The earlier you start building an ethics and compliance culture in your company, the better. Then it can grow from the beginning and does not have to be "imposed" on the employees afterwards, for example because it is suddenly required. Not only for acceptance, but also for credibility, an early start is advantageous.
If you now have the urgent impression that you need to address the issue as part of your management responsibilities - very good! More information on effective and efficient ethics and compliance management and tailored solutions can be found here. If you don't feel an urgent need to implement a full compliance management system, you should still be aware that the Whistleblower Protection Act will require all companies with 50 or more employees to establish whistleblowing channels, which are a core element of any compliance management system, as is a code of ethics. But more on the topic of whistleblowing in another blog post! Until then, feel free to contact me at firstname.lastname@example.org with any questions.