How to correctly set up company compliance? Sensible rules and realistic expectations are key

Compliance is a phenomenon that attracts increasing attention in business circles. An effective compliance programme, from well-prepared codes of ethics to a balanced system of responsibility enforcement, is the foundation of high-quality, successful and secure corporate governance. However, keeping pace with the times and following the most modern trends is not an easy task for a company. Do you know how to set up such a company compliance system the right way?

Imagine a situation when an unexpected audit comes to your business, for example from the European Commission. How will you react? Such a scenario is a nightmare for most businesses, but it does not have to be the case – if compliance is set up correctly, such a situation should not lead to anything bad. However, all workers from common employees to top management should be sufficiently informed about internal rules and motivated to follow them.

Most common compliance myths

  • Myth: The bigger the threat of punishment, the better
    Reality: Compliance set-up is not just about avoiding a fine, it is about increasing the value of your company, its reputation on the market etc.
  • Myth: It is about keeping the right records – that means paperwork.
    Reality: It is important to focus on factual processes and engaging the company’s management.
  • Myth: Problems only need to be addressed when they arise.
    Reality: Compliance should have its own life cycle and be a standard feature of the corporate culture already at the level of prevention.
  • Myth: It is necessary to do (only) what the law says and what the authorities require.
    Reality: Compliance is not just a theory or a dogma, it is necessary to seek a practical benefit in it.
  • Myth: We should not open Pandora’s box; it could bring down the company
    Reality: Problems need to be resolved, but the solution itself does not necessarily have to be destructive.

Transformation of compliance in time

Legal, technological or even social changes go hand in hand with the increase in the emphasis placed on compliance programmes, which have to react to these changes. For example, the question of CCTV records was not so pressing 20 years ago, the law did not address in detail what and whom enterprises could record on camera, how long they should keep the records etc. Today, however, when a CCTV system is a completely commonplace and necessary part of even the smallest shop, this topic has to be provided for in the law.

However, it is not just technologies that change – changes happen in all types of audits by state or supervisory bodies that are related to compliance in some way. Changes concern not just their form and content, but also the subject of the observation. While the primary focus of tax audits of a few years ago was the investigation of accounting records through an endless provision of evidence, now attention is paid to traders, processes, risk management and the management of the company in general, etc.

Three pieces of advice on how to correctly set-up compliance

Whether you own a young, fast growing firm or a well-established company, the following rules can be applied when setting up the compliance programme at any time, regardless of the age or size of your company:

  1. Paper-based compliance does not work
    • Rules have to be practical and meaningful and most importantly, functional in practice.
    • When setting up the rules, we have to have realistic expectations. Rather than a robust documentation, choose brief rules that employees will be able to remember and follow.
    • Employees have to be properly trained and compensated – aggressive KPIs could instead motivate employees to unfair business practices.
  2. Compliance has to be suitably managed
    • Compliance roles within the company have to be appropriately divided and segregated, the head of compliance should report directly to top management.
    • An audit by state authorities has to be managed from the very beginning and you need to know your rights; do not let state bodies and authorities overstep their power.
    • In the event of an incident – if improper conduct is discovered – seek advice from an expert. It is crucial to secure evidence and know your rights with respect to the employees.
  3. The compliance programme has to be seen through to the end
    • Setting up practical rules is not enough, it is necessary to check regularly that the rules are observed and that they are up to date.
    • If a breach of the rules occurs, the relevant people always have to be held responsible.

Why be compliant?

When we already know what compliance is, how to set it up correctly and how to maintain it, a question suggests itself – why should we even be compliant at all (aside from the fact that the law demands it)? It is not just about covering criminal law, tax or competition law risks. What we should actually be asking about are the business consequences – what happens if the company is not compliant?

The reasons are rather convincing: a potential drop in the value of shares or equity investments in the company and loss of trust of business partners and investors, loss of business opportunities, decrease in the value of the company in the event of its sale or search for strategic investors, paralysation of certain processes as a result of an internal/external investigation, damage to the good name and brand, negative publicity in the media and on social networks etc.

What is the compliance programme like in your company? Are you just starting and need help with its set-up? Or do you have an established company and wish to check whether its compliance system is in line with modern standards and the market situation? Then do not hesitate and contact us! We will be happy to provide you with comprehensive legal advisory.

Risk management Compliance dReport newsletter

Upcoming events

Seminars, webcasts, business breakfasts and other events organized by Deloitte.

    Show morearrow-right