How to Convince Your Organisation’s Top Management About Compliance 

Ethical conduct and compliance are being increasingly regulated by law in different countries, notably through PIDA in the UK, Sapin 2 in France and the Wet Huis voor klokkenluiders (Whistleblowers’ Authority) in the Netherlands. The European Union has also launched several directives that its member states will have to transpose into national law in an attempt to harmonise the bloc’s fragmented legal framework. They impose regulations on large international corporations, but also, small and medium-sized enterprises that are increasingly being subject to more obligations and rules.

For example, the EU is planning to make sustainability reporting mandatory from 2023 with the help of the CSR Directive. The first step is only obligatory for companies with more than 250 employees and it will be extended to small and medium-sized organisations from 2026. In February, the EU Commission also presented a proposal for the EU Supply Chain Act which obliges companies based in Europe to monitor their supply chains for acceptable environmental and human rights standards.

New regulations for corporate reporting obligations, sustainability and equality are already being rolled out in Europe’s largest economy. Germany published ISO 37301 in April 2021 and it provides a framework with certifiable international standards for a compliance system. Since 2016, the ISO 37001 anti-corruption guideline has defined standards for certifiable corruption prevention in Germany.

Across Europe, legislators are setting new standards for the protection of whistleblowers through the transposition of the EU Whistleblowing Directive. In France, the senate approved new draft legislation on whistleblowing protection in February 2022 that goes beyond the existing Sapin 2 law, introducing measures including diligent follow-up, an integrated reporting procedure as part of internal regulations and an impartial or competent contact person to conduct follow-up on reports.

While the list of EU member states that have transposed the EU Whistleblowing Directive is growing longer, the UK is not under a legal obligation to implement the legislation and it is unlikely to do so. Nevertheless, companies in the UK with EU operations will still be subject to the requirements of the Directive. The UK does have its own national whistleblower protection legislation in the form of PIDA, which is two decades old. Efforts to overhaul the legislation are now underway and it is likely to be modernised under the new Office of the Whistleblower Bill. Among other steps, it would establish an Office of the Whistleblower, maintain a fund to support whistleblowers and regularly report to parliament.

Compliance does not only make sense for an organisation just because a legislator has enforced it. Efficient compliance is actually the best way for organisations to protect themselves from harm. As compliance includes regular risk analyses as well as defined standards for business conduct and monitoring tools, it is indispensable for companies.

Good and functioning compliance benefits organisations on more than one level. First and foremost, it protects the company from violations of laws and the requirements of regulatory authorities while providing protection from prosecution, fines and significant damage to its public image.

At the same time, good compliance improves the company’s reputation, both internally and externally. Through transparency and a commitment to ethical behaviour, the organisation gains the trust of its customers, its business partners and its own employees. This way, good compliance can help to expand the customer base, attract new business partners and recruit the best talent.

Compliance management systems have been proven to be most successful when they are embedded in a well-functioning speak-up culture – a corporate culture in which it is possible to openly address problems without fear of reprisals or disadvantages and where the employee trusts the organisation.

The basic prerequisite for this is that CEOs and management set a good example (“tone from the top”) and credibly exemplify and communicate these values, both internally and externally. This also means that the management proactively raises the issue of compliance again and again, thus promoting and encouraging communication. It needs to be the opposite of a culture of fear, where the employees stay silent regarding mistakes and grievances out of fear. There are plenty of recent examples from the business world that show where such a culture can lead an organisation. The damage is usually far greater than the investment in a value-based and transparent corporate culture.

At first glance, compliance management might seem like a mountain to climb with countless rules and processes. In fact, it is relatively easy to set up a compliance department and a basis for ethical behaviour. For this purpose, a compliance officer is hired or appointed who establishes the processes, trains the employees and carries out the risk analyses.

The foundation for compliance is a Code of Conduct which outlines a set of behavioural rules for all employees at the company, right up to top management level. It is tailored to the organisation’s profile, taking into account any special industry features and remaining easily accessible to employees. We have compiled a guide so that, especially for small and medium-sized companies, establishing a compliance programme should not feel like scaling Mount Everest.

There have been some spectacular whistleblowing cases in recent years. A notable example involved former Theranos employees revealing that the company’s promise of being able to carry out hundreds of blood tests with a single drop of blood was a lie and that the advertised technology delivered faulty results. Theranos was forced to close and its founder, Elizabeth Holmes, was recently found guilty of deceiving investors, business partners and customers.

Criminal prosecution, regulatory intervention and heavy fines are every manager’s top nightmare. Whistleblowing systems are an excellent countermeasure when it comes to preventing such scenarios from playing out. Whistleblowers are given the opportunity to pass on their tips about possible violations within the company instead of turning to the authorities or the public.

Whistleblowing systems therefore enable an organisation to discover problems or misconduct internally at an early stage and to take preventative action before the worst happens. Whistleblowing systems therefore constitute a critical component of compliance management and have long been best practice in companies of all sizes and in all sectors.

A code of conduct, gift acceptance guidelines, avoiding corruption, introducing a whistleblowing system – how do compliance officers keep an eye on all of these various sub-areas? The best way to do this is to utilise software that brings together all the information in a clear and concise manner. The EQS Compliance Platform, for example, is suitable for this purpose. It allows for the most important workflows to be centrally overviewed and managed in a legally compliant manner.

As part of the COCKPIT, the Policy Manager functions as a kind of online library for policies, ensuring that employees can have access at any time and from anywhere. With the help of the Approval Manager, approval requests for gifts or invitations are collected and can be effectively processed. Via Integrity Line, reports from whistleblowers are received (anonymously if desired) which are then efficiently checked for their relevance before being followed up on, if necessary.

Last but not least, the COCKPIT offers compliance officers the possibility to carry out new risk analyses and create reports on the basis of the information received there. If an incident does occur that is investigated by external authorities, the digital documentation trail helps with the investigation and proves that the company took all the necessary measures for ethical compliance management from the outset.