de en
Nexia Ebner Stolz


Compliance in Mid-Size Companies – Mandatory or Optional?

Sie­mens, Volks­wa­gen, ADAC and Tele­kom: four large com­pa­nies that have had to deal with the dra­matic con­se­qu­en­ces of com­p­li­ance vio­la­ti­ons. "Com­p­li­ance" is a popu­lar and often-used term that sug­gests that mid-sized com­pa­nies in parti­cu­lar have an urgent need to take action. But what does "com­p­li­ance" really mean? Does com­p­li­ance apply only to large com­pa­nies, or should mid-size com­pa­nies con­cern them­sel­ves with it as well, and can the con­cepts app­lica­ble to large com­pa­nies be app­lied to mid-size com­pa­nies one by one?

© Thinkstock

In the nar­row sense, com­p­li­ance means that a com­pany and its emp­loyees com­ply with the law. That ought to go wit­hout saying for every com­pany. Com­p­li­ance as a duty of com­pany mana­ge­ment the­re­fore encom­pas­ses all com­pany pro­ces­ses that ensure legal con­duct. Com­p­li­ance gui­de­li­nes are parti­cu­larly help­ful in this regard. Many com­pa­nies enhance their com­p­li­ance gui­de­li­nes by adding their own inter­nal rules and code of cor­po­rate beha­vior, which are pri­ma­rily app­lica­ble to their emp­loyees. Inten­tio­nal vio­la­ti­ons of the law can­not be fully pre­ven­ted by com­p­li­ance mea­su­res, but they do help avoid lia­bi­lity risks at the level of com­pany mana­ge­ment, who will then not be lia­ble for failure to pro­vide the pro­per orga­niza­tio­nal struc­tu­res.

But how much com­p­li­ance is necessary? The Ger­man Cor­po­rate Gover­nance Code pro­vi­des an effec­tive com­p­li­ance mana­ge­ment sys­tem for lis­ted com­pa­nies. As a rule, mid-size com­pa­nies have much less deve­lo­ped moni­to­ring sys­tems. The­re­fore, you should ask your­self what your goal is in intro­du­cing com­p­li­ance gui­de­li­nes: is it merely to avoid sta­tutory vio­la­ti­ons or lia­bi­lity risks? The intro­duc­tion of com­p­li­ance gui­de­li­nes is usually meant to accom­p­lish much more than that. Given the num­ber of scan­dals in recent years, com­pa­nies are inc­rea­sin­gly aware of legal vio­la­ti­ons. Someti­mes such vio­la­ti­ons can cause con­s­i­de­ra­ble harm to a com­pany's image. By the same token, exem­plary com­p­li­ance can sig­ni­fi­cantly enhance a com­pany's image.

In addi­tion, an inc­rea­sing num­ber of large com­pa­nies are now requi­ring their busi­ness part­ners to imp­le­ment com­p­li­ance gui­de­li­nes. In this connec­tion, mid-size com­pa­nies do not always need assi­s­tance with com­p­li­ance, since they already com­ply with the law. But they do need help with docu­men­ta­tion and evi­dence of com­p­li­ance with the gui­de­li­nes. Mid-size com­pa­nies often decide to forgo the cost and time that would have to be expen­ded to intro­duce this sort of evi­den­tiary struc­ture. But with spe­ci­fic advice custo­mi­zed to the com­pany's indi­vi­dual pro­ces­ses, the cost of a com­p­li­ance plan is usually money well spent. The key fac­tor is to main­tain the balance bet­ween necessary orga­niza­tio­nal struc­tu­res and over­re­gu­la­tion. Stan­dar­di­zed com­p­li­ance struc­tu­res won't work. Ins­tead, an ana­ly­sis must be per­for­med of where risks exist and how they can be addres­sed. Com­p­li­ance should not be seen in any way as a bur­den, because it also offers oppor­tuni­ties: clear struc­tu­res ensure more tran­s­pa­rency and effi­ci­ency in the com­pany.

There are com­p­li­ance risks lur­king eve­r­ywhere: in pro­cu­re­ment and dis­tri­bu­tion, there are the risks of cor­rup­tion and anti­com­pe­ti­tive beha­vior; in the HR depart­ment, there are risks rela­ted to the mini­mum wage and to fre­e­lan­cers who should actually be con­s­i­de­red emp­loyees, as well as risks invol­ving data pro­tec­tion rules, pro­duct safety rules, health and safety regu­la­ti­ons, etc.

Tax law also pres­ents a con­s­i­de­ra­ble risk. A tax depart­ment has to con­tend with inc­rea­sed duties to coope­rate nowa­days - espe­cially when doing busi­ness abroad - and must be aware of cross-cut­ting issues in the field of value-added tax. More­o­ver, the tax aut­ho­ri­ties have inc­rea­sed their staff and enhan­ced the tech­no­logy used in tax audits and inves­ti­ga­ti­ons.

Finan­cial repor­ting should also take com­p­li­ance prin­ci­p­les into acco­unt in view of the lia­bi­lity risks for board mem­bers and exe­cu­ti­ves. Acco­un­t­ants can assist com­pa­nies imp­le­ment gui­de­li­nes, methods and mea­su­res. Acco­un­ting com­p­li­ance also helps com­pa­nies avoid embezz­le­ment, misap­pro­pria­tion of assets, and money laun­de­ring.

The most important fac­tor is that your com­pany's com­p­li­ance goals be defi­ned as part of a com­p­li­ance cul­ture and then be car­ried out at the mana­ge­ment level. Ebner Stolz can assist your com­pany in nume­rous areas and con­duct a risk ana­ly­sis in order to imp­le­ment gui­de­li­nes, pro­ces­ses and moni­to­ring pro­ce­du­res and can also train your emp­loyees. The com­p­li­ance gui­de­li­nes can then be imp­le­men­ted step-by-step based on the prio­rity of the various risks. This will help your com­pany get a grip on its risks, with clean struc­tu­res resul­ting in sig­ni­fi­cant added value.

back to top