Back to Dr. Gerrit Hötzel

Compliance as a management task From the risk of personal liability to a competitive advantage

Fines, personal liability of the management and negative publicity that damages the business: the consequences of compliance violations can be far-reaching and threaten the company's existence. At the same time, legal obligations and requirements are constantly becoming stricter, even for SMEs. Companies must therefore take measures to minimize such risks. In the following article, we show why addressing the issue at an early stage can effectively save costs, create competitive advantages and minimize (liability) risks.

Classification of "compliance"

The term compliance initially refers to a company's adherence to legal and regulatory standards. Classic areas of compliance regulations in companies relate, for example, to the prevention of corruption or the implementation of antitrust and competition law requirements. Increasingly, however, the concept of compliance is also expanding to include adherence to values and basic attitudes set by the companies themselves. This can relate to corporate culture or sustainability and environmental aspects, for example. In this case, compliance also includes the implementation of such self-imposed requirements, which may go beyond the legal requirements.

Legal obligations and future developments

Direct legal requirements for compliance measures also apply to small and medium-sized companies if the business area is located in (risk) areas such as export control, medical products or the use of certain chemicals.

However, general compliance requirements, such as the Due Diligence Act (Supply Chain Act), which comes into force on January 1, 2023, rarely affect SMEs directly. The addressees here are usually larger companies first. The scope of application in accordance with Section 1 (1) of the Due Diligence Act applies to domestic companies with 3,000 or more employees.
From 01.01.2024, the size will be reduced to 1,000 employees. However, it should not be underestimated that large companies, as addressees of the law, must ensure their obligations "through the supply chain". In fact, this regularly means that the supplier must also prove to its (larger) contractual partner to the same extent that it has taken measures to meet compliance standards. The company that supplies a large customer will therefore very often be indirectly affected by further obligations, even if it is not itself subject to legal regulations.

The discussions in the area of legislation also make it clear that the future requirements for SMEs are likely to become even stricter. For example, the EU is planning an EU Supply Chain Act, which contains more far-reaching measures in many areas than the German Due Diligence Act. According to the draft, this already covers companies with 500 employees and, in certain sectors, companies with just 250 employees. At the same time, the German discussion about a corporate criminal law (Corporate Sanctions Act) has not yet finally subsided, although its implementation is currently open.

Advantages of a compliance management system

Anyone who has already dealt with the topic of compliance will notice positive aspects: The implementation of future indirect or direct legal requirements can be implemented more quickly and cost-effectively if a "compliance foundation" is already in place. On the other hand, a company starting from scratch will have to accept higher costs. This is particularly the case if implementation has to be carried out quickly because compliance measures are a prerequisite for concluding a contract with another company, for example.

But there are also advantages beyond the cost savings. If a breach of the law still occurs despite compliance measures, fines for the company and the management can be reduced or even prevented altogether if it can be proven that the management had taken the necessary measures to minimize risk. In the context of export control, for example, existing measures can also prevent criminal liability for the persons involved and the management.

Last but not least, new sales markets are opening up that were previously closed. Increasingly, larger contractual partners in particular are demanding proof of compliance measures in order for business relationships to be established at all. Early implementation can therefore be a "door-opener".

Implementation and first steps

The initial implementation effort can be limited, especially for SMEs. An important first step has already been taken when risks are identified. The specific risks and risk probability for the company must be determined. This is used to determine subject areas that are set out in a code of conduct. As a result, effective risk minimization is achieved by creating risk awareness. Employees (or suppliers, if applicable) must be committed to such a code of conduct.

If there are also particular areas of risk, the specific legal requirements can be considered. For example, in individual cases, responsible persons should be appointed to monitor and regularly evaluate the implementation of compliance measures.

Summary

  • Compliance requirements are also increasing in SMEs

  • Dealing with this topic at an early stage offers advantages: future cost savings, new sales markets and minimized risk of liability or criminal liability for management and the company itself

  • A first step is the identification of risks and the subsequent implementation of a code of conduct

Date: 18. Jul 2022