Mid-sized companies’ structure differs greatly from their larger or multinational counterparts. Multinationals, as listed companies, are obliged to have at the headquarters level, resources and processes necessary to secure compliance with regulations that apply to listed companies. These companies have been respecting other international requirements for years so do not see the addition of an investment in compliance as an excessive burden.
The situation is different for mid-sized companies for four main reasons:
- Often beginning as a family business, mid-sized companies tend to believe that so long as the ethical values of the company’s founders are respected, the company does not need to go any further on compliance issues.
- Mid-sized companies are often in an extended period of expansion and use their resources to ensure that growth and development continue. It is not a priority to invest in issues of compliance;
- Often organized like a conglomerate of independent structures, mid-sized companies manage their subsidiaries with a minimal amount of involvement from the corporate headquarters. Compliance, in such instances, is not appropriate at the corporate level and subsidiaries are too small to maintain a compliance function;
- Mid-sized companies working at a national level can fully appreciate the potential risks of their local market; however, as they broaden into global markets they inadvertently expose themselves to previously unidentified corruption risks. In these cases, compliance is simply not part of the equation for those managers who are trying to grow the business internationally using the same business methods that were applied at a national level.
The importance of compliance in mid-sized companies cannot be underestimated
Judges will not consider the size of a company when prosecuting or convicting suspected acts of corruption. Recently, companies with just several hundred employees have been sanctioned. Whereas the sanctions were not as high as they have been with certain multinationals, given the relative turnover of these mid-sized companies, the fines are significant. In addition, directors have been arrested and sentenced to prison terms.
These sanctions aside, mid-sized companies are encountering new challenges. As they work alongside or as subcontractors of larger groups, they learn that multinationals expect mid-sized companies to have their own corruption prevention measures in place. It is no longer sufficient for them to sign a Code of Ethics or include an anti-corruption clause in each contract.
Consequently, it is in the interest of mid-sized companies to design and implement appropriate anti-corruption compliance procedures for both legal and business reasons. The procedures must be appropriate to the company’s specific size, structure and risk. This is even more important for mid-sized companies than it is for their multinational counterparts.
Four principles of anti-corruption compliance adapted to mid-sized companies
Principle n°1: a compliance function identified within the company organigram
Although obvious to some, it is still necessary to appoint a compliance officer at a high level on the company’s organigram. His responsibility: to develop an anti-corruption compliance program adequate for the company and capable of ongoing improvement as the landscape of compliance evolves. If the function is not a full-time post, which is often the case, it cannot be associated to either an operations or sales function. The Compliance Officer must be able to demonstrate a total lack of conflict of interest between his compliance function and his primary responsibility. The primary role can be one in the legal department, or one in that of human resources, administration, finance, communications, etc.… In addition, it is vital for the Compliance Officer to have a direct line of communication to the CEO.
Principle n°2: Corruption risk mapping to define compliance needs
Compliance only makes sense if it is adapted to the risks it is designed to meet. In a mid-sized company, risk-mapping - using external resources if needed - must determine the resources necessary to meet the identified risks as appropriately as possible. Even more important than it is in a larger company, in which the hierarchy follows a rigid structure complete with regular controls, it is imperative that the staff of mid-sized companies respect compliance obligations fully. And this will only be possible if the compliance program is logical and staff have understood and are convinced that the risks as well as the tools for prevention are relevant. Dissemination of the results of risk mapping will help secure this acceptance and ensure that it permeates throughout the company.
Principle n°3: convince and involve managers at the local level
In most mid-sized companies, operational managers or subsidiary directors enjoy a high level of autonomy and a wide range of responsibilities. Mid-sized companies owe their success to their managers’ ability to combine all aspects of the business; from the management of human resources to that of client follow-up as well as to their timely decision-making in both operational and financial issues. Their ability to solve problems with acuity is the driving force behind a mid-sized company’s growth. Any arbitrary constraints on their activity would impede a manager’s ability to react decisively and thus damage the company. Hence, the third principle activity of the Compliance Officer is to convince managers of the importance of corruption prevention and compliance. Compliance officers must persuade managers that not only are they responsible for the company’s growth, but that they are also in charge of carrying out business activities in a compliant manner. Since managers already know how to expand the business while avoiding workplace accidents, and since those procedures are more difficult to implement than those necessary for corruption-free development, swaying managers into abiding by anti-corruption norms should be relatively easy!
Principle n°4: detecting corruption
The rarer the resources available for corruption prevention, the more important it is to focus on its detection. Making this strategy of detection known throughout the company is already a good start to prevent corruption. This is undoubtedly the most difficult principle to put into practice due to the strong relationships of confidence and loyalty that exist between managers and headquarters in mid-sized companies. It is a fundamental practice however, without which the three previous principles will be of little use. Fortunately, new techniques using data mining allow for external controls that are often carried out remotely. By conveying controls and transactional testing to an external service provider the Compliance Officer can avoid carrying out investigations himself. In addition, this approach incorporates forensic investigations into the business and thus contributes to similar activities’ acceptance, such as that of external audits, for example. The confidence enjoyed by managers will not be at risk by these activities as they, having carried out investigations at their own level, understand the necessity of ex post controls.
When a mid-sized company implements these four principles it is easy to demonstrate that the CEO is giving the appropriate ‘tone at the top’, which is not only a requirement of numerous jurisdictions but is also an essential element to the effective implementation of an anti-corruption compliance program.