For growing businesses, a single ethical or regulatory violation can be catastrophic financially and destroy a nascent company’s reputation forever.
BY GIOVANNI GALLO
Co-CEO and Chief Development Officer of ComplianceLine
Many leaders are tempted to not deal with compliance and risk management until they’re forced to. They don’t choose their battles; they wait to put out fires. That was probably not ever totally wise, but it’s now more foolish than ever.
The reason is simple: growing companies are very operationally focused; nothing is created until there’s an urgent need; you’re fighting for every inch of growth. They don’t usually have the excess capacity, deep pockets, expertise or even time to architect infrastructure and processes as they lay their foundations.
Startup CEOs are at risk
A CEO or founder of a startup is already wearing so many hats that they’ll often “under scope” their time and resources toward risk management; compliance and ethics often fall on the bottom of the priorities list. But we must realize that most of us are not risk managers. We are wired to see averages well, and get blindsided by tail events (remember COVID, or the Great Recession?). This is not due to any lack of concern about being an ethical company; rather, it’s often because we underestimate both the size of the risks and how achievable it is to mitigate them.
“We’ll do it when we get bigger/when we need to,” is a common refrain. It’s akin to driving without car insurance. You know you should get covered, but you have to GO! You keep driving down the highway, hoping you don’t get caught.
Small companies tend to have a misperception about the value of risk management. Whether you have 500 employees or 20,000 employees, the risks are the same. But think about this: impact of a compliance lawsuit will be amplified for smaller businesses! A single ethics and compliance (E&C) claim can cost considerable time, attention and resources; an E&C claim is more easily absorbed by a large company, but potentially devastating for a smaller, fast growing one.
Start Fast. Measure Risk. Start Now.
In areas of risk mitigation, it’s imperative that business leaders act now. There’s no time like the present – even if that’s just planting a compliance seed. It’s totally fine to start now and build later. There’s a tremendous difference in ROI between doing nothing versus planting a seed.
But there’s good news! You don’t need a massive compliance team to create, implement and manage an ethics and compliance program. Just making a small investment (time, resources) has the potential to deliver big savings in the long run. Even if you can’t implement a massive, integrated privacy and security system that monitors and tracks every email in and out of your servers, you can at least have a firewall and spam filter.
Companies don’t have to rush out and hire someone to build new policies. It’s okay to start by simply giving the subject “mindshare” with your team. It doesn’t take a high-priced lawyer to know that if a manager is being abusive to an employee, you’re looking at up to tens of thousands of dollars in legal fees, not to mention a horrible corporate culture.
Find the issues that are being whispered
Sit down with your top three to five leaders to discuss any issues that have been reported or even whispered about. Get to the bottom of it; create a roadmap for improvements. It’s so much better to be in a position where you’re choosing your battles instead of being reactive, which can introduce inefficiencies, distract you from your priorities and even decrease morale.
If nothing else, take a step by talking to other business leaders and asking how they’ve identified and addressed relevant risks. They can be a great resource. For example, leave, medical and work accommodation standards vary by state. You might look to your professional employer organization (PEO) for advice included in your membership as a start, but even PEOs don’t always have the right answer in every case. Talking to the business owner down the street or on the floor below you is time well spent and can keep you from having to pay your way out of a situation.
Start fast, measure risk
These simple, immediate measures are far less expensive – maybe they cost you $1,500 if you meet a few times or need to pay for advice – and far less time-consuming than a $20,000 LexisNexis legal subscription covering every law in the world or a suite of top-tier attorneys. Plus, that small investment has the potential to save tens of thousands of dollars in legal fees, and perhaps even the business itself.
Start Fast. Measure Risk. Starting now is better than doing nothing.
Establish Your Compliance Pillars
What protocols and systems are ideal for those just getting started? There are seven common, but vital, compliance pillars to follow that can support your company, particularly if you’re involved in highly regulated industries like health care or finance. You can think about how each of these can be translated to your scale of effort:
- Implementing written policies and procedures, so your standards of conduct are known.
- Designating a compliance officer and committee, so initiatives are managed properly.
- Conducting effective training and education, because an informed workforce mitigates risk.
- Developing effective lines of communication, so your staff can voice concerns and management can address them in a healthy manner.
- Conducting internal monitoring and auditing, so you can track and prove adherence.
- Enforcing standards through well-publicized disciplinary guidelines, so everyone knows you are committed to these initiatives.
- Responding promptly to detected offenses and undertaking corrective action, so employees know they’re safe and that you mean business.
- Building a Culture of Ethics Shows That You Care
Truly care about your employees
If you truly care about your people (vs. selfishly making sure they remain silent out of fear of losing their jobs) then you realize these activities make sense. Further, for that ever-present legal consideration, you’ll benefit by being able to prove that you put effort into compliance activities that are reasonable for a company your size. Documenting discipline taken and showing consistency in how you treat exceptions goes a long way.
Building a transparent compliance culture keeps your workplace environment healthy and humane and protects your company’s reputation. Those who pursue growth at all costs, who think their employees are lucky enough to be part of something amazing and need to just suck it up, are in for a rude awakening. If you need examples of companies that got it wrong, think Uber and Theranos. The smaller your business, the more susceptible you are to the sicknesses that plagued these companies.
Employees will tell someone
Whereas employees used to be afraid to speak up about issues in the workplace, today, there’s honor in reporting injustice. Fellow employees, customers and entire communities will rally behind someone trying to right a wrong. Consider implementing a mechanism for employees to raise concerns anonymously and without fear of retaliation.
Companies are getting called out for inappropriate actions that are becoming less acceptable by the day, so it’s not just about regulatory enforcement. There are plenty of journalists, online forums and lawyers outside your team who will happily amplify those voices. You may as well join the audience, welcome the feedback internally, and set a process that protects employees from retaliation.
Set up an actionable culture of transparency – one that extends from the top down and bottom up. Reward those who are honest and step up: Use them as examples and celebrate these best practices. This holds reciprocal reward in terms of recruitment, employee retention, worker effectiveness, increased productivity and more. Building such trust will enable you to better handle particularly thorny issues and, on a more routine basis, allow for more candid feedback in areas such as performance reviews.
Do Your Homework
There are a wealth of online resources growing companies can reference to get a handle on the types of risks they could face before they occur.
There’s a lot of free content out there, as well as organizations and associations, that can help you tackle a lot of this. From your local chamber of commerce and the Society for Corporate Compliance and Ethics to various industry blogs and invaluable publications such as this, all have materials and resources available. Use them.
Compliance isn’t a boring policy that has no business value. The compliance moments you encounter when dealing with potentially thorny issues are where you establish your company culture – for better or worse. Compliance isn’t just about the minutiae of ticking the right boxes and creating paper trails; your culture is defined by what you say “no” to and reject, like abuse and favoritism, and the things that you celebrate and empower, which are hopefully candor and transparency.
Making sure your culture is healthy is essential for your success as a business; it’s not only how you take care of the people who do the work essential to your mission, but also how you express your values to the marketplace. Establishing a strong compliance practice means the potential for building a healthy workplace culture and leveraging your reputation for influence in your field.
Start small and build, but do something. Because there’s simply no ROI in doing nothing.
Giovanni Gallo is Co-CEO and Chief Development Officer at Complianceline , a provider of case management, exclusion screening and whistleblower hotline solutions to give caring leaders visibility and clarity to care for their people.