Every company has a duty to comply with existing regulations.
The Anglo-Saxon term compliance encompasses adherence to laws, ordinances and regulation as well as your company’s own regulations. However, compliance is now also shaped quite significantly by the expectations of your company’s ecosystem, so social responsibility and elements of sustainability should be included in the set of regulations.
A frequent experience in our customer projects is that our medium-sized customers react to the topic of compliance with the critical question: “And who is going to do that? Of course, a medium-sized company does not have the same resources as a group of companies, where a compliance department with several members deals with the topic. Nevertheless, the same legal framework conditions apply to SMEs and group companies.
Multiple crises, international interdependencies, challenging political developments. The risks for companies tend to increase. The business world is increasingly difficult to assess, more dynamic and more complex. Compliance has become an important basis for SMEs to safeguard the company, protect it from potential risks and thus create a foundation for the long-term success of the company. Good compliance can protect the company in the best possible way and indicate emerging crises and problems at an early stage. For effective implementation of compliance management, it is particularly important in medium-sized companies to use resources wisely and to sensitise everyone in the company to the issue. All too often, compliance is still perceived as a secondary task and the risks that actually exist are massively underestimated.
Without compliance with ESG criteria, it is becoming increasingly difficult for medium-sized companies to attract customers, investors and new employees and to convince banks. However, many questions arise when it comes to the concrete fulfilment of ESG factors. The overarching issue is to take the right approach to ensure that the ESG criteria are optimally integrated into one’s own business strategy and play their part in ensuring that the company acts responsibly and thus remains viable and competitive in the future.
Comply with regulations, implement ethical standards: Compliance is crucial for SMEs in the highly competitive business environment. Medium-sized companies that decide to professionalise their compliance can make their compliance management processes lean, efficient and transparent on the basis of certification standards. Once a solid compliance basis has been developed according to certification standards, the company is optimally equipped for active compliance management.
Acting ethically and responsibly is a matter of course for most entrepreneurs. The concept of the “honourable merchant” goes back to the Middle Ages and still has an important meaning for German companies. However, Germany is very much involved in global divisions of labour and along the supply chains there are always grievances in the economic, ecological, and humanitarian spheres. This should change. With the Supply Chain Due Diligence Act, or Supply Chain Act for short, a law was passed that obliges companies based in Germany to implement defined due diligence obligations. It came into force on 1 January 2023 and aims to protect human rights along supply chains, improve working conditions and protect nature from harmful impacts. In concrete terms, companies should ensure that human rights and minimum standards such as the prohibition of child and forced labour are observed through responsible management of supply chains.
On 16 December 2022, the Whistleblower Protection Act (HinSchG) was passed in the Federal Parliament. Based on the Whistleblower Directive, it guarantees whistleblowers better protection in their professional environment against reprisals such as dismissal or defamation. The next plenary session of the Bundesrat is on 10 February 2023. If it approves the HinSchG, the law can be promulgated in February. Since a law comes into force three months after promulgation, in this case it would probably be the end of May. In the first stage, the law will apply to all companies with 250 or more employees and, from 17 December 2023 to all companies with at least 50 employees.
Read more
The whistleblower directive is coming. But very few companies have taken care of it yet. This is shown by a recent PWC study. And it also confirms our impression in practice. But time is pressing: if the law is finally passed by parliament, all companies with 50 or more employees will be obliged to install a corresponding system. And the number of employees here is based on the European concept of employees – and this differs from the usual way of counting. Employees include everyone employed by the company without exception, including interns, mini-jobbers, and the management itself. This is important for determining whether thresholds are reached or not.
Since August 1, 2022, the new regulation in the Verification Act obliges German employers to record and archive further contractual terms in writing in addition to the information regulated in Section 2 (1) of the NachwG. And this in paper form. The new regulation leads to considerable additional bureaucratic work, and many companies have hardly been able to prepare for the new Verification Act due to the short transition period. Therefore, the question arises: How can medium-sized companies implement the requirements resulting from the Verification Act in a compliance-compliant and yet company-specific manner?
Strategy, liquidity, earnings: a company crisis can have various causes. Well-established crisis compliance shows the right steps to take in the individual situation. The risk of a crisis has increased significantly in recent years and more recently against the backdrop of the pandemic and the Ukraine war – even for seasoned companies. Moreover, in times of numerous high-profile corporate scandals, the liability claims of boards for misconduct have come into focus. Against this background, crisis compliance management is currently experiencing a strong upswing.
Well-managed compliance protects companies from criminal offenses, breaches of rules, unethical behavior and the associated financial losses and reputational damage. But even the most sophisticated compliance organization can only be effective if communication is right. It builds the bridge between the rules and regulations and acceptance within the company with transparent information and an exchange based on trust. Compliance management can only be successful if everyone is informed about the regulations, duties, codes of conduct and responsibilities, can understand all the rules and supports the associated goals.
“Organizations do not commit violations of the law or misconduct. These are committed by people in the organizations.”
Compliance combines goals and functions to comply with laws and rules in the company and to create the framework that misconduct is avoided. In practice, compliance looks different for every company: Of course, every company has to adhere to the legal provisions, thus acts “compliantly” per se. But for a craft business, other laws and internal rules are important than for an IT company or a logistics company. All internal rules that go beyond the law are formed from industry practices, stakeholder expectations and corporate values.
