Siemens, Volkswagen, ADAC and Telekom: four large companies that have had to deal with the dramatic consequences of compliance violations. "Compliance" is a popular and often-used term that suggests that mid-sized companies in particular have an urgent need to take action. But what does "compliance" really mean? Does compliance apply only to large companies, or should mid-size companies concern themselves with it as well, and can the concepts applicable to large companies be applied to mid-size companies one by one?
In the narrow sense, compliance means that a company and its employees comply with the law. That ought to go without saying for every company. Compliance as a duty of company management therefore encompasses all company processes that ensure legal conduct. Compliance guidelines are particularly helpful in this regard. Many companies enhance their compliance guidelines by adding their own internal rules and code of corporate behavior, which are primarily applicable to their employees. Intentional violations of the law cannot be fully prevented by compliance measures, but they do help avoid liability risks at the level of company management, who will then not be liable for failure to provide the proper organizational structures.
But how much compliance is necessary? The German Corporate Governance Code provides an effective compliance management system for listed companies. As a rule, mid-size companies have much less developed monitoring systems. Therefore, you should ask yourself what your goal is in introducing compliance guidelines: is it merely to avoid statutory violations or liability risks? The introduction of compliance guidelines is usually meant to accomplish much more than that. Given the number of scandals in recent years, companies are increasingly aware of legal violations. Sometimes such violations can cause considerable harm to a company's image. By the same token, exemplary compliance can significantly enhance a company's image.
In addition, an increasing number of large companies are now requiring their business partners to implement compliance guidelines. In this connection, mid-size companies do not always need assistance with compliance, since they already comply with the law. But they do need help with documentation and evidence of compliance with the guidelines. Mid-size companies often decide to forgo the cost and time that would have to be expended to introduce this sort of evidentiary structure. But with specific advice customized to the company's individual processes, the cost of a compliance plan is usually money well spent. The key factor is to maintain the balance between necessary organizational structures and overregulation. Standardized compliance structures won't work. Instead, an analysis must be performed of where risks exist and how they can be addressed. Compliance should not be seen in any way as a burden, because it also offers opportunities: clear structures ensure more transparency and efficiency in the company.
There are compliance risks lurking everywhere: in procurement and distribution, there are the risks of corruption and anticompetitive behavior; in the HR department, there are risks related to the minimum wage and to freelancers who should actually be considered employees, as well as risks involving data protection rules, product safety rules, health and safety regulations, etc.
Tax law also presents a considerable risk. A tax department has to contend with increased duties to cooperate nowadays - especially when doing business abroad - and must be aware of cross-cutting issues in the field of value-added tax. Moreover, the tax authorities have increased their staff and enhanced the technology used in tax audits and investigations.
Financial reporting should also take compliance principles into account in view of the liability risks for board members and executives. Accountants can assist companies implement guidelines, methods and measures. Accounting compliance also helps companies avoid embezzlement, misappropriation of assets, and money laundering.
The most important factor is that your company's compliance goals be defined as part of a compliance culture and then be carried out at the management level. Ebner Stolz can assist your company in numerous areas and conduct a risk analysis in order to implement guidelines, processes and monitoring procedures and can also train your employees. The compliance guidelines can then be implemented step-by-step based on the priority of the various risks. This will help your company get a grip on its risks, with clean structures resulting in significant added value.