The implementation of an effective compliance management system is becoming an increasingly important issue for small and medium-sized companies. The reluctance that is still widespread, especially among small companies, harbours liability risks that should not be underestimated and can even prevent business deals.
Compliance management is considered a key management element; however, small and medium-sized companies are only gradually becoming aware that a missing compliance management system can negatively affect operations.
Implementing a meaningful compliance structure is not as complicated as is often feared, but it is impossible without a certain amount of work.
Compliance management in SMEs –the procedure
Step 1 Definition and description of the areas of activity
When introducing a compliance management system (CMS) in SMEs, the first step should be a definition and description of the business areas and areas of activity of the company in which a CMS could be important and the extraction of special risk areas for rule violations. This can be:
- Criminal areas such as corruption, anti-competitive practices, breach of trust, bribery, and corruption.
- In tax law, the timely submission of tax returns and measures against possible tax evasion.
- In the law of public permits, clarification of the relevant permit procedures (e.g., building, and commercial law).
- In social security law, compliance with reporting requirements for pension, unemployment, and health insurance.
- In labour law, clear rules on occupational safety, health protection, compliance with collective agreements, the ban on discrimination, and the principle of equal treatment.
- Very important in the future: Compliance with data protection.
- Measures to prevent undeclared work.
Step 2: Written fixation of a set of rules
Rules adapted to the operational requirements must be worked out, according to which the relevant business areas should be served by the legal situation in the future. The following options should be considered:
- The appointment of a compliance expert who is also available to employees and external business partners if necessary for inquiries.
- The creation of a whistle-blower culture, i.e. appropriate opportunities for employees and outsiders to anonymously report discovered compliance violations where necessary.
- The implementation of appropriate mechanisms to control compliance, for example by introducing mandatory regular reporting to senior management.
- The documentation of violations that have become known.
- The creation of an effective sanction system for proven violations.
- The laying down of the rules in a written format that is made available to all responsible employees of the company.
Compliance in medium-sized companies is mostly done part-time
In small companies, the managing director is almost always responsible for compliance. In larger medium-sized companies, there are some compliance officers. However, they usually do the job part-time. Often their core business is managing the legal or finance department.
As studies show, more and more small and large companies are aware that compliance is an important and necessary issue.
However, in many companies, those responsible for compliance only deal with the issue on the side because there are no resources available for it. It happens again and again that there is not enough time to implement compliance in the company.
This content is meant for information only and should not be considered as advice, legal opinion, or otherwise. AKGVG & Associates does not intend to advertise its services through this.
CA Aman Aggarwal
AKGVG & Associates