Recent studies show compliance implementation can be a slow, risky process.
Corporate compliance is a hot-button issue worldwide these days as more and more companies become painfully aware of just how much compliance violations can cost in penalties, fines, and forfeiture of profit earned from violations. In many cases, the long-term, intangible damage in terms of reputational loss is even more damaging than the short-term financial hit.
In this article, we’ll help you avoid these issues by looking at the typical processes involved in setting up solid compliance structures in a company. We’ll reveal where most common compliance risks arise and define terms such as “compliance culture” and “compliance management system (CMS)” along the way. We’ll also address the most common implementation shortcomings and show how remedial action can be taken.
Setting up operational compliance structures has long been seen as an indispensable risk management tool for companies. The first step in getting this right is to analyse whether sufficient compliance structures already exist in a company, and then assess which structures need to be newly created.
This process involves a detailed assessment of risks and legal requirements specific to the business. Additionally, internal regulations (“compliance guidelines”) and protective mechanisms must be formulated and implemented throughout the company (e.g. through appropriate training of employees).
Finally, suitable mechanisms are also needed to ensure compliance within these newly defined rules (e.g. via a system of regular checks) and corresponding emergency plans must be drawn up. The aim of these measures is to ensure that violations can be avoided and prevented.
Each compliance risk deserves special attention in its own right, and a useful distinction is made here between general and specific risks. General risks include possible violations of employee-protection legislation which covers a long list of areas such as working hours, minimum wages, cases of bogus self-employment, anti-discrimination law, data protection regulations, and anti-corruption legislation.
The list of specific risks can also be daunting. Areas which have to be taken into account here include antitrust law requirements, money laundering prevention, public procurement regulations and environmental standards.
Areas where compliance issues arise particularly frequently include anything relating to the legality of invitations or gifts from business partners and the attainment of similar personal benefits.
A genuine compliance culture is one where both managers and employees of a company observe all existing moral and legal regulations,´and have acknowledged their importance for the company. The totality of all measures, structures and processes set up in an organization to ensure compliance with regulations is also known as a Compliance Management System (CMS).
It should be noted that compliance implementation across European companies still leaves much to be desired, even in Germany. The recent “Whistleblowing Report 2019” international study by HTW Chur and EQS Group surveyed 1,392 companies with 20 or more employees across four countries. German companies were least compliant with more than 43% of those surveyed having administration issues.
This result compares unfavourably with companies from the other countries surveyed: Great Britain (40%), France (38%) and Switzerland (35%). A whopping 17% of companies affected put the damage caused by such issues at more than €100,000 euros.
The survey also revealed that only 59% companies surveyed have formal reporting offices for compliance violations. Though not yet legally binding, the EU Directive on the Protection of Whistleblowers stipulates the provision of such offices as mandatory for companies with 50 or more employees.
The extent of compliance deficits in European companies shows that there is an urgent transnational need for action. Compliance training courses such as those offered by lawpilots play an important role in improving in-house expertise in this area.