Compliance: awareness very good - implementation poor

The topic of compliance has a steadily increasing importance in the business activities of companies. This is because companies, including SMEs, expressly want to avoid the media attention that compliance violations by established companies with a formerly good reputation have brought in the recent past. While the recent scandals have clearly raised awareness of the presence and explosive nature of compliance, implementation is nevertheless still in need of improvement in some areas, as the current study on compliance in SMEs shows.

A current study by Kerkhoff Risk & Compliance has also been dedicated to the topic of compliance in medium-sized businesses. The study, which on the one hand focuses on the comparison between the standards ISO 19600 and IDW PS 980 and on the other hand on the stocktaking in the area of compliance in German medium-sized businesses, confirms that the awareness for compliance has increased and compliance has developed into a tone-at-the-top topic. After all, 93.94 percent of the companies state that they at least deal with compliance in the company.

On this basis, however, it is all the more surprising that the need to catch up with regard to the compliance management system is nevertheless high. One possible reason for this lies in the misjudgement of risks that arise in connection with non-compliance. The survey of the study shows that the risk of dangers such as fraud, corruption, theft, etc. for the own company is only assessed as medium to low. In comparison, however, the actual probability of occurrence is significantly higher.

Insufficient compliance

This misjudgement of the assessment of risks could be one reason why still every third company has not established a compliance management system, as the study by Kerkhoff Risk & Compliance shows. However, there is also a need to catch up in those companies which have already established a Compliance Management System. Thus, 40.62 percent of them do not record any changes in the law in their Compliance Management System. This can quickly have considerable consequences because only a Compliance Management System adapted to the current circumstances can protect companies and managing directors from possible liability risks.

Therefore, a regular risk analysis is also particularly important, but 15.62 percent of the companies surveyed that have implemented a compliance management system forgo this as well. Even half of the companies conduct neither internal nor external audits of their compliance management system.

Further deficits

The study also reveals many other deficits in the inconsistency between compliance strategy and corporate strategy, compliance reporting, the whistle-blowing system, the escalation process and the communication of compliance activities. There is also a need for action in business partner compliance, particularly in the review of existing business relationships. There is also room for improvement: Around 70 percent of the companies state that they have not defined any indicators to measure the performance of the compliance management system.

SMEs are approaching the topic of "compliance" and are thus taking the important steps in the right direction. However, in order to effectively protect themselves against the consequences of a compliance violation, i.e. to avoid fines, penalties and claims for damages as well as the threat of loss of reputation, the existing efforts are for the most part not yet sufficient. This requires a constantly updated compliance management system that takes into account not only legal regulations but also company-specific circumstances.

On June 15, 2016, Kerkhoff Risk & Compliance GmbH will publish the study "Compliance pulse in medium-sized companies - A comparison: ISO 19600 and IDW PS 980". The study can be here can be requested.