9. July 2019

Effective compliance is contingent on the knowledge of the applicable rules. But is that all?

Prof. Dr. Bruno Mascello speaks about the successful implementation of compliance. But what exactly does this mean? What do we have to bear in mind, and how do I communicate the provisions and rules to my employees?

We often hear that no entrepreneurial activities can be conceived without compliance any longer. But is this really true, and what does compliance mean? Let’s have a look to some views.

  • Compliance only concerns adherence to laws, doesn’t it? This statement is bound to be too narrow, for adherence to rules covers all applicable regulations, i.e. generally valid statutory and regulatory rules, specific industrial directives and also very special provisions which are only applicable to individual companies!
  • But compliance only concerns big corporations, doesn’t it? No, it doesn’t; the media’s concentration on big corporations blinds us to the fact that SMEs and sole proprietorships have always had to comply with the rules as well and will of course have to do so in the future!
  • The media show it quite clearly: compliance only concerns banks and the financial world, doesn’t it? This opinion, too, is erroneous, for correct rule behaviour is also expected from industrial and service companies!
  • When all is said and done, compliance really only concerns the compliance department, which has to ensure appropriate conduct for everyone, right? No, this statement is not correct, either! Correct behaviour is not merely expected of the CEO or the compliance officer, but from each and every employee at all levels of the hierarchy right down to the most junior employee.

Interim result: by now, compliance has arrived in all the reference groups in the economy. But how can we actually ensure the compliance that is demanded of us?

Executive School Programmes:
Law & Management

Compliance Management

Learn the safe handling of rules and the topic of compliance

When we speak of companies which implement compliance successfully, then they satisfy the relevant requirements in all three areas:

(1) First of all, they must always have an up-to-date overview of the laws and regulations that are relevant to them and of any other applicable rules. Thus they do not only understand what specific laws are relevant to their industry and must be enforced; rather, they are also aware of what other general statutory and regulatory provisions are applicable to them.

(2) In addition, they know how to convey this knowledge to all their employees in an easily comprehensible way with practical implementation measures. The goal is to ensure that employees do not merely understand the rules but are actually able to implement them. This is often achieved by information sent by e-mail, but sometimes digital tools must be used, and in certain cases, training sessions in small groups or hierarchy-specific instructions are required.

(3) Awareness of the law and communicating it properly is not sufficient, if we fail to “reach” employees. Only when a company is able to convince its employees that it is the best thing for the company and its image to comply with the said rules, i.e. when each employee wants to adhere to the rules voluntarily, only then will a company also develop a positive compliance culture which will make adherence to the rules sustainable.

Result: the point of departure is the knowledge of the relevant provisions and rules, and this is applicable to all hierarchic levels of a company.

About the author
Prof. Dr. Bruno Mascello Vice Director of the Executive School of Management, Technology and Law at the University of St.Gallen, Director of the executive programme for lawyers “Management for the Legal Profession (MLP-HSG)”, attorney at law, lecturer and author dealing with various topics at the intersection of law and management.