By Lorena Cobiella
Ethics & Compliance programs are not anymore just for big multinationals. Small and mid-sized companies are seeing the benefit of implementing compliance programs, not only to comply with regulatory requirements but also as the means to achieve their financial goals and deliver their purpose in line with the company's culture and values.
6 THINGS THAT SMALL AND MID-SIZED COMPANIES SHOULD CONSIDER WHEN IMPLEMENTING ETHICS & COMPLIANCE PROGRAMS
 1 Leadership & Culture |  2 Risk Assessment |
Commitment from top leadership to create and maintain a culture of doing the right thing is crucial. Having integrity and ethics as a part of doing business means the organization operates consistently and honestly in line with its ethical values and applicable regulations. It is about doing good and doing well at the same time. Robust compliance programs enhance credibility and trust with stakeholders and employees and contribute to increased profitability. Leadership teams have a pivotal role to play by leading by example and making Ethics & Compliance part of the organization's day-to-day operations. | Companies, regardless of their size, need to understand and analyze the risks inherent to their business and adopt a risk-based approach to Ethics & Compliance. This involves anticipating and prioritizing risks based on internal and external factors that contribute to designing the risk profile and defining the company's risk appetite. The company should then define its risk management process, including adequate controls to tolerate or mitigate these risks and ongoing updates and monitoring of risks in order to allow for continuous improvement. |
| |
 3 Resources |  4 Policies, Procedures & Standards |
It is essential to have senior management oversight of Ethics & Compliance, whether under the Legal, Finance or other department. Appropriate internal controls are also essential. When small and mid-sized companies do not have the inhouse resources for a full-fledged Ethics & Compliance function, they should consider external resources to support the function. | Companies of all size must develop a Code of Conduct based on company values and culture and implement policies, procedures, and standards of conduct to guide employees in their day-to-day activities. It is vital that these documents are tailored to the organization's needs and size and are based on the risk assessment previously conducted. Policies and procedures must be up to date, be clear, precise, and easy for employees to find, and be subject to ongoing review and continuous improvement. |
 5 Effective Training & Communication |  6 Review, Measurement & Reaction |
Once the company has a Code of Conduct, and necessary policies, and procedures in place, effective training of employees and collaborators is another essential pillar of a strong Ethics & Compliance program. Leadership must schedule regular training, either live or remote, and keep track of training records. Parallel effective communication from leadership flagging the importance of Ethics & Compliance in the company's day-to-day operations is paramount to reinforce that the company's success comes from doing good and doing well at the same time. | Small and mid-sized companies must have in place systems to monitor and measure the effectiveness of their Ethics & Compliance programs and consider external resources to conduct periodic reviews of effectiveness. Companies must be committed to addressing potential misconduct and impose corrective actions if needed. Adequate protection of whistleblowers who raise concerns about potential misconduct happening in the organization is not only a legal requirement in many jurisdictions but also an indicator of robust Ethics & Compliance programs. |
Comments