Depending upon the person in which you’re having the conversation, the compliance definition can mean different things, but for most environmental, health and safety professionals, the compliance definition means “the act of being in accordance with established standards, guidelines, or legislation.
The term “compliance”, which is frequently used in business administration and law, originated in the US financial system, but is now used in practically all industries and economic sectors. It’s basically about companies and their employees complying with the rules. In the past, this primarily meant complying with laws.
Today, however, the concept of compliance has long been much more broadly defined: In addition to maintaining legality, the concept now also includes recognizing standards and guidelines customary in the industry. Even more important, however, is committing to its own set of values, with which a company imposes strict ethical rules on its internal and external conduct.
Why are compliance rules so important?
Firstly: Avoiding criminal proceedings
Secondly: Assumption of social responsibility
How can compliance be implemented in the company?
A compliance management system (CMS) is needed to implement and enforce compliance within the company. This system ensures compliance with all guidelines and enables rule violations to be quickly detected. The aim of this CMS is to implement and maintain a transparent, unambiguous, and clearly understandable compliance culture.
Due to the variety of topics and areas of interest that the concept of compliance can affect, however, developing a CMS is not an easy undertaking. Even medium-sized companies often lack the necessary know-how for a project like this. Depending on the industry, company size, and type as well as the organizational structure, there will be individual requirements for the implementation, so therefore there is no generally applicable procedure. Nevertheless, the following is a rough explanation of the most important steps.
Step 1: Assemble a compliance team
Every CMS starts with company management committing to compliance and defining a term that is individually tailored to the company. This is the only way to ensure that all those responsible pull together and avoid misunderstandings about the nature and scope of the project. How serious the management team is about this commitment can already be seen from how much personnel capacity and budget they are prepared to spare. An effective compliance team should consist of experts from all departments of a company (e.g. personnel management, financial administration, legal department). Only in this way is it possible to identify and cover all conceivable areas of interest and risk in the company.
Additional external expertise can be obtained from lawyers, tax consultants, and management consultants. It is also legally necessary and advisable to involve the works council in all decision-making processes. For example, it needs to be decided whether existing employment contracts or operating agreements need to be changed. A realistic timetable and a clearly defined distribution of roles (including a competent team leader) can help to keep costs manageable and achieve a timely result.
Step 2: Compliance analysis
The team’s main task is to carry out an analysis of the current situation. It could be that the company already has (at least rudimentary) compliance structures, in the form of “unwritten rules” that apply among employees. On the basis of this pre-evaluation, the target state is then defined: Which measures and mechanisms must be supplemented, modified, or completely recreated in order to do justice to the company’s compliance concept? It is worthwhile identifying the civil society interfaces that the company has to deal with in its day-to-day business.
It could even be worthwhile to hire a compliance solutions company, which could coordinate procedures and activities according to the current compliance regulations and requirements. These companies work together with employees and teach them how to insert compliance into the internal workplace culture and also come with these benefits:
- Ensuring compliance with all state and federal laws
- Maintaining a firm ethical standing ground
- Transparent reporting procedures
- Well-defined processes that increase efficiency
- Reduced potential for lawsuits and other legal problems
- More efficient audit processes
And even more.
Step 3: Formulate and communicate compliance policies
There are numerous compliance policy patterns on the internet, but there is no general requirement for the content and structure. Instead, it is recommended to adapt all rules exactly to the individual needs and circumstances in the enterprise.
One possible structure could be the following:
- General rules of conduct
- Specific issues (e.g. gifts to business partners, behavior towards competitors, equal treatment of employees)
- Contact persons and formalities for reporting infringements
- Documentation mechanisms for infringements
- Sanctions (e.g. reminder/caution, transfer, (extra)ordinary termination, salary reduction, compensation, police reports)
Once completed, the compliance guidelines must be openly communicated throughout the company. This is done by means of newsletters, publications on the intranet, and informational events. Regular training sessions must be held to sensitize all those involved in the company (including contractual partners and suppliers) to the new compliance culture. It is also essential for all employees to be bound by their employment contracts by means of appropriate supplementary clauses.
Many companies also decide to place a reduced version of their compliance policy on their website in the form of a “Code of Conduct” or “Mission Statement“. Being so transparent can strengthen the trust of customers and business partners and attract applicants in the context of employer branding. The most important thing, however, is that managers always set a good example and exemplify the compliance culture both internally and externally.
Step 4: Implementation in regular operation and adjustment
Although the main responsibility and full liability for compliance lies with the company management, this responsibility can be given to a single chief compliance officer, an entire compliance team, or a compliance solutions company can take over the work (as mentioned above).
These are then responsible for the following tasks, among others:
- Implementing the CMS
- Organizing training courses
- Continuous quality control
- Conducting employee surveys
- Monitoring legislative changes
- Adapting, expending, and further developing the CMS if necessary
- Documenting infringements
- Regular reporting to management
Such a complex task requires competent and assertive personnel, which is why particular care is required in recruiting. The compliance officer does not necessarily have to be at the highest management level, but should have a direct, consistent and the shortest possible communication connection in order to be able to work effectively. This is the only way to ensure that compliance efforts are fruitful in the end.