Compliance in Mid-Size Companies – Mandatory or Optional?

Sie­mens, Volks­wa­gen, ADAC and Te­le­kom: four large com­pa­nies that have had to deal with the dra­ma­tic con­se­quen­ces of com­pli­ance vio­la­ti­ons. "Com­pli­ance" is a po­pu­lar and of­ten-used term that sug­gests that mid-si­zed com­pa­nies in par­ti­cu­lar have an ur­gent need to take ac­tion. But what does "com­pli­ance" re­ally mean? Does com­pli­ance ap­ply only to large com­pa­nies, or should mid-size com­pa­nies con­cern them­sel­ves with it as well, and can the con­cepts ap­plica­ble to large com­pa­nies be ap­plied to mid-size com­pa­nies one by one?

© Thinkstock

In the nar­row sense, com­pli­ance me­ans that a com­pany and its em­ployees com­ply with the law. That ought to go wi­thout say­ing for every com­pany. Com­pli­ance as a duty of com­pany ma­nage­ment the­re­fore en­com­pas­ses all com­pany pro­ces­ses that en­sure le­gal con­duct. Com­pli­ance gui­de­lines are par­ti­cu­larly hel­pful in this re­gard. Many com­pa­nies enhance their com­pli­ance gui­de­lines by ad­ding their own in­ter­nal ru­les and code of cor­po­rate be­ha­vior, which are pri­ma­rily ap­plica­ble to their em­ployees. In­ten­tio­nal vio­la­ti­ons of the law can­not be fully pre­ven­ted by com­pli­ance mea­su­res, but they do help avoid lia­bi­lity risks at the le­vel of com­pany ma­nage­ment, who will then not be lia­ble for failure to pro­vide the pro­per or­ga­niza­tio­nal struc­tures.

But how much com­pli­ance is ne­cessary? The Ger­man Cor­po­rate Go­ver­nance Code pro­vi­des an ef­fec­tive com­pli­ance ma­nage­ment sys­tem for lis­ted com­pa­nies. As a rule, mid-size com­pa­nies have much less de­ve­lo­ped mo­ni­to­ring sys­tems. The­re­fore, you should ask your­self what your goal is in in­tro­du­cing com­pli­ance gui­de­lines: is it me­rely to avoid sta­tutory vio­la­ti­ons or lia­bi­lity risks? The in­tro­duc­tion of com­pli­ance gui­de­lines is usually me­ant to ac­com­plish much more than that. Gi­ven the num­ber of scan­dals in re­cent years, com­pa­nies are in­cre­asin­gly aware of le­gal vio­la­ti­ons. So­me­ti­mes such vio­la­ti­ons can cause con­side­ra­ble harm to a com­pany's image. By the same to­ken, ex­em­plary com­pli­ance can si­gni­fi­cantly enhance a com­pany's image.

In ad­di­tion, an in­cre­asing num­ber of large com­pa­nies are now re­qui­ring their busi­ness part­ners to im­ple­ment com­pli­ance gui­de­lines. In this con­nec­tion, mid-size com­pa­nies do not al­ways need as­sis­tance with com­pli­ance, since they al­re­ady com­ply with the law. But they do need help with do­cu­men­ta­tion and evi­dence of com­pli­ance with the gui­de­lines. Mid-size com­pa­nies of­ten de­cide to forgo the cost and time that would have to be ex­pen­ded to in­tro­duce this sort of evi­den­ti­ary struc­ture. But with spe­ci­fic ad­vice cu­st­omi­zed to the com­pany's in­di­vi­dual pro­ces­ses, the cost of a com­pli­ance plan is usually mo­ney well spent. The key fac­tor is to main­tain the ba­lance bet­ween ne­cessary or­ga­niza­tio­nal struc­tures and over­re­gu­la­tion. Stan­dar­di­zed com­pli­ance struc­tures won't work. In­stead, an ana­ly­sis must be per­for­med of where risks exist and how they can be ad­dres­sed. Com­pli­ance should not be seen in any way as a bur­den, be­cause it also of­fers op­por­tu­nities: clear struc­tures en­sure more trans­pa­rency and ef­fi­ci­ency in the com­pany.

There are com­pli­ance risks lur­king ever­ywhere: in pro­cu­re­ment and dis­tri­bu­tion, there are the risks of cor­rup­tion and an­ti­com­pe­ti­tive be­ha­vior; in the HR de­part­ment, there are risks re­la­ted to the mi­ni­mum wage and to fre­elan­cers who should ac­tually be con­side­red em­ployees, as well as risks in­vol­ving data pro­tec­tion ru­les, pro­duct safety ru­les, health and safety re­gu­la­ti­ons, etc.

Tax law also pres­ents a con­side­ra­ble risk. A tax de­part­ment has to cont­end with in­crea­sed du­ties to coope­rate no­wa­days - es­pe­cially when doing busi­ness ab­road - and must be aware of cross-cut­ting is­sues in the field of va­lue-ad­ded tax. Mo­re­over, the tax aut­ho­ri­ties have in­crea­sed their staff and enhan­ced the tech­no­logy used in tax au­dits and in­ves­ti­ga­ti­ons.

Fi­nan­cial re­por­ting should also take com­pli­ance prin­ci­ples into ac­count in view of the lia­bi­lity risks for board mem­bers and exe­cu­ti­ves. Ac­coun­tants can as­sist com­pa­nies im­ple­ment gui­de­lines, me­thods and mea­su­res. Ac­coun­ting com­pli­ance also helps com­pa­nies avoid em­bez­zle­ment, misap­pro­pria­tion of as­sets, and mo­ney laun­de­ring.

The most im­port­ant fac­tor is that your com­pany's com­pli­ance goals be de­fi­ned as part of a com­pli­ance cul­ture and then be car­ried out at the ma­nage­ment le­vel. Eb­ner Stolz can as­sist your com­pany in nu­me­rous areas and con­duct a risk ana­ly­sis in or­der to im­ple­ment gui­de­lines, pro­ces­ses and mo­ni­to­ring pro­ce­du­res and can also train your em­ployees. The com­pli­ance gui­de­lines can then be im­ple­men­ted step-by-step ba­sed on the prio­rity of the va­rious risks. This will help your com­pany get a grip on its risks, with clean struc­tures re­sul­ting in si­gni­fi­cant ad­ded va­lue.