Compliance and mid tier

As is well known, the approaches to defining the term "compliance" are extremely complex, multi-faceted and heterogeneous. But no matter which definition you look at - in none of them does the restriction appear that "compliance with laws and rules" (a rather popular compliance definition) should only apply to companies above a certain size. In practice, however, such a limitation of the scope does seem to exist. At the very least, numerous studies have shown (and have been doing so for years now, with disturbing regularity) that the need to catch up in this area is still far more pronounced among small and medium-sized enterprises than among the "global players" of this world. This may be partly explained by the fact that the sheer number of relevant rules and regulations is naturally related to the size of the company: a medium-sized company that sells its products exclusively in the Swabian Jura may not care about the legal regulations on product liability in Patagonia. Nevertheless, it seems reasonable to assume that the obviously rather insufficient engagement with this topic is not only due to a lack of relevance, but much more due to a lack of motivation.

When asked about the reasons for the widespread ignorance of compliance issues, the arguments "too little time" and "too much effort" are usually cited. It is obvious that a company-wide compliance system cannot be had for free. However, the establishment of parallel "shadow organisations" with a multitude of employees and processes, which has been observed in some companies in recent years and which (rightly!) serves as a cautionary tale, is anything but sensible. Instead of maintaining separate compliance and risk management organisations, for example, which work in isolation alongside each other (or in the worst case even against each other) and also use different IT systems and databases, there is considerable potential for synergy in the stronger integration of these two functions.

In addition to this aspect of integration, the SME has another decisive advantage over the large company in the implementation of holistic compliance programmes: "Compliance" begins first and foremost in the minds of the employees. In practically all studies on compliance success factors, the often cited "tone from the top" ranks high. In a typical (often still owner-managed) medium-sized company, however, the boss usually sits very "close" to his employees, serves as an identification figure, role model and "bellwether" in the best sense.

A medium-sized company is likely to benefit from the many advantages of a holistic compliance programme to (at least!) the same extent as its globalised competitors. If the two levers "integration" and "identification" are used correctly, the implementation of such a programme should be much less of a headache.

Prof. Dr Roland Franz Erben is Professor of Business Administration in the degree programme "Business Psychology" at the Stuttgart University of Applied Sciences (HfT). Previously, he worked as a Risk Management Consultant as well as Editor-in-Chief of several trade journalson the topics of "risk management" and "compliance".