What compliance risks are SMEs exposed to?
It is a misconception that small to medium-sized enterprises (“SMEs”) do not face the same compliance risks as larger enterprises. In reality, the risks are quite similar. The differences between the risks faced by a large enterprise and an SME are: (1) the scale of the risk; and (2) the tools available to mitigate such risks.
In general, an SME’s compliance risk is first determined by the Federal Sentencing Guidelines. An effective compliance and ethics program is the benchmark requirement under the Federal Sentencing Guidelines, U.S. Sentencing Commission, Guidelines Manual, Ch. 8, Pt. B2.1. The Guidelines state an organization shall (1) exercise due diligence to prevent and detect criminal conduct; and (2) otherwise promise an organizational culture that encourages ethical conduct and compliance with the law, to develop an effective compliance and ethics program. The Guidelines proceed to identify a number of components critical to an effective compliance program. Thus, an SME’s first layer of compliance risk is failing to develop an effective program as required under the Federal Sentencing Guidelines.
A final layer of compliance risk is determined by an SME’s marketplace.
Another layer of an SME’s compliance risk is determined by the laws and regulations that govern the SME’s industry. For example, if an SME is active in the financial services industry, the compliance risks faced by that SME will be determined by the relevant laws, regulations, and licensing restrictions that regulate the provision of financial services. It is critical for an SME to understand the laws and regulations that govern its activities, and remain aware of any changes to that legal and regulatory environment.
The next layer of compliance risk for an SME is generally determined by an SME’s geographic footprint. For example, data privacy and cyber-security regulations are frequently determined by geography rather than industry, such as the General Data Protection Regulation. An SME must be constantly aware of the locations in which it conducts business and markets its products and services.
A final layer of compliance risk is determined by an SME’s marketplace. If there are opportunities within a competitive market, the SME will need to determine whether it should exploit those opportunities. An SME’s decision will likely be determined by the efforts of its competitors, a shifting legal/regulatory framework, and existing uncertainty within the current framework. If an SME chooses to exploit an opportunity within its market, they will also want to consider how the exploitation of that opportunity will be perceived by the SME’s stakeholders, competitors and public at large.
Once an effective program has been established, a business can utilize its compliance program to better position itself in the legal/regulatory environment.
In what ways can compliance programs reduce risk and increase market share?
To reduce risk and increase market share a compliance program must first be effective. The aforementioned guidelines listed under the Federal Sentencing Guidelines will help develop an effective compliance and ethics program. If a program fails to achieve those goals then the program will not be effective, and the business will not be able to reduce risk and increase market share.
Once an effective program has been established, a business can utilize its compliance program to better position itself in the legal/regulatory environment. For example, by implementing an effective compliance program, the business may become more comfortable with its legal/regulatory environment and choose to undertake new business opportunities it did not initially perceive to be worthwhile. Conversely, a business may choose to forego a business opportunity it would have otherwise taken based on its increased compliance awareness. In either instance, the decisions made by the business would not have been possible without implementing a compliance program that effectively manages a business’ compliance and ethics risks.
Another way in which a business can reduce risk and increase market share is by leveraging opportunities in the competitive marketplace. For example, once a business has implemented its program, it will be better positioned to complete a qualitative evaluation of the market. By analyzing the compliance efforts of a competitor, a business may become aware of new opportunities to differentiate itself with new products, services, or marketing. Again, those opportunities would not be evident unless the business has developed and implemented an effective program that increases institutional awareness about compliance risk.
A final way to develop an effective compliance strategy is to ensure that a business develops meaningful partnerships with its third parties.
What are your top three tips in ensuring a compliance strategy works well for the company?
For a compliance program to work well for a business, it must be effective. This requires a business to remain committed to the compliance initiative, which starts with the “tone from the top” strategy. The leaders in the business must remain diligent and committed to the development and enhancement of the compliance strategy to ensure buy-in from the stakeholders in the company. This also requires the leaders of a business to align the company’s objectives with the compliance programming and enforce the programs in the company’s decisions.
Another way to develop an effective compliance strategy is to ensure the compliance strategy is consistent with the company’s values. A strategy that is not consistent with the values of a company will not become ingrained in the company’s culture. To develop a culture of compliance, a business should prioritize its compliance programming and leverage its existing strengths to address the most critical compliance risks.
A final way to develop an effective compliance strategy is to ensure that a business develops meaningful partnerships with its third parties. These third parties should include trade associations, outside legal counsel, and others to ensure that a business’ compliance programs are relevant, prudent and properly distributed throughout the business. Utilizing sophisticated third parties helps a company harmonize its business, legal and compliance concerns into a unified objective.
BRYAN R. FELDHAUS
As a shareholder at Lommen Abdo, P.A., Bryan Feldhaus provides clients practical, business-savvy legal advice in three areas: he helps clients develop litigation and compliance strategies to mitigate their business risks; he advises clients on legal, regulatory and compliance interests; and he manages and advocates for clients in litigation and related proceedings.