How to Grow Your Compliance Practices as You Scale

Many small to medium businesses (SMBs) are tempted to not deal with compliance and risk management until they’re forced to. They don’t choose their battles; they wait to put out fires.

The reason is simple: Smaller and growing companies are very operationally focused; nothing is created until there’s an urgent need. They don’t usually have the deep pockets, resources, expertise or even time to architect infrastructure and processes as they lay their foundations.

A small business CEO or founder of a startup is already wearing so many hats that they’ll often “under scope” their time and resources toward risk management; compliance and ethics often fall on the bottom of the priorities list. This is not due to any lack of concern about being an ethical company; rather, it’s often because they’ve underestimated both the size of the risks and the achievability of mitigating them. “We’ll do it when we get bigger/when we need to,” is a common refrain.

This is like driving without car insurance. You know you need it, but you have somewhere you need to be. You keep driving down the highway, hoping you don’t get caught.

Small companies tend to have a misperception about the value of risk management. While the risks are the same (whether you have 500 employees or 20,000 employees), the impact of a compliance lawsuit will be amplified for small businesses. A single ethics and compliance (E&C) claim can cost considerable time, attention and resources; an E&C claim is more easily absorbed by a large company, but potentially devastating for an SMB.

Start Small. Evaluate Risk. Plant the Seed.

When it comes to risk management, it’s imperative that small business owners act now – even if that means just planting a compliance seed. It’s perfectly acceptable to start now and build later. The difference in ROI between doing nothing at all versus planting a seed is tremendous.

The good news here is that you don’t need an extensive team to create, implement and manage an ethics and compliance program. Even a small investment of time and resources has the potential to deliver big savings in the long run. For example, you may not be able to implement a massive, integrated privacy and security system that monitors and tracks every email in and out of your servers, but you can at least have a firewall and spam filter.

Companies don’t have to rush out and hire someone to build new policies. It’s okay to start by simply giving the subject “mindshare” with your team. It doesn’t take a high-priced lawyer to know that if a manager is being abusive to an employee, you’re looking at up to tens of thousands of dollars in legal fees, not to mention a horrible corporate culture.

Sit down with your top three to five leaders to discuss any issues that have been reported or even whispered about. Get to the bottom of it; create a roadmap for improvements. It’s so much better to be in a position where you’re choosing your battles instead of being reactive, which can introduce inefficiencies, distract you from your priorities and even decrease morale.

If nothing else, take a step by talking to other business leaders and asking how they’ve identified and addressed relevant risks. They can be a great resource. For example, leave, medical and work accommodation standards vary by state. You might look to your professional employer organization (PEO) for advice included in your membership as a start, but even PEOs don’t always have the right answer in every case. Talking to the business owner down the street or on the floor below you is time well spent and can keep you from having to pay your way out of a situation.

These simple, immediate measures are far less expensive – maybe they cost you $1,500 if you meet a few times or need to pay for advice – and far less time-consuming than a $20,000 LexisNexis legal subscription covering every law in the world or a suite of top-tier attorneys. Plus, that small investment has the potential to save tens of thousands of dollars in legal fees, and perhaps even the business itself.

Start small. Plant the seed. Doing something is better than doing nothing.

Establish Your Compliance Pillars

What protocols and systems are ideal for those in the small business community? There are seven common, but vital compliance pillars to follow that can support your company, particularly if you’re involved in highly regulated industries like health care or finance:

1. Implementing written policies and procedures, so your standards of conduct are known.
2. Designating a compliance officer and committee, so initiatives are managed properly.
3. Conducting effective training and education, because an informed workforce mitigates risk.
4. Developing effective lines of communication, so your staff can voice concerns and management can address them in a healthy manner.
5. Conducting internal monitoring and auditing, so you can track and prove adherence.
6. Enforcing standards through well-publicized disciplinary guidelines, so everyone knows you are committed to these initiatives.
7. Responding promptly to detected offenses and undertaking corrective action, so employees know they’re safe and that you mean business.

Building a Compliance Culture Shows That You Care

If you truly care about your people and are not just trying to make sure they remain silent out of fear of losing their jobs, then you know these activities make sense. Further, for legal consideration, you need to be able to prove that you put effort into compliance activities that are reasonable for a company of your size. That also means documenting discipline taken and showing consistency in how you treat exceptions.

Building a transparent compliance culture keeps your workplace environment healthy and humane and protects your company’s reputation. Those who pursue growth at all costs, who think their employees are lucky enough to be part of something amazing and need to just suck it up, are in for a rude awakening. If you need examples of companies that got it wrong, think Uber and Theranos. The smaller your business, the more susceptible you are to the sicknesses that plagued these companies.

To that end, consider implementing a mechanism for employees to voice concerns anonymously and without fear of retaliation. Whereas employees used to be afraid to speak up about issues in the workplace, today, there’s honor in reporting injustice. Fellow employees, customers and entire communities will rally behind someone trying to right a wrong. It’s not just about regulators; companies are getting called out for inappropriate actions that are becoming less acceptable by the day. There are plenty of journalists, online forums and lawyers outside your team who will happily listen to and amplify those voices. You may as well join the audience and welcome the feedback internally with a process that protects employees from retaliation.

Set up an actionable culture of transparency – one that extends from the top down and bottom up. Reward those who are honest and step up: Use them as examples and celebrate these best practices. This holds reciprocal reward in terms of recruitment, employee retention, worker effectiveness, increased productivity and more. Building such trust will enable you to better handle particularly thorny issues and, on a more routine basis, allow for more candid feedback in areas such as performance reviews.

Get the Shake of It — Read Up and Do Your Homework

There are a wealth of online resources growing companies can reference to get a handle on the types of risks they could face before they occur.

There’s a lot of free content out there, as well as organizations and associations, that can help you tackle a lot of this. From your local chamber of commerce and the Society for Corporate Compliance and Ethics to various industry blogs and invaluable publications such as this, all have materials and resources available. Use them.

Compliance isn’t a boring policy that has no business value. The compliance moments you encounter when dealing with potentially thorny issues are where you establish your company culture – for better or worse. Compliance isn’t just about the minutiae of ticking the right boxes and creating paper trails; your culture is defined by what you say “no” to and reject, like abuse and favoritism, and the things that you celebrate and empower, which are hopefully candor and transparency.

Making sure your culture is healthy is essential for your success as a business; it’s not only how you take care of the people who do the work essential to your mission, but also how you express your values to the marketplace. Establishing a strong compliance practice means the potential for building a healthy workplace culture and leveraging your reputation for influence in your field.

Start small and build, but do something. Because there’s simply no ROI in doing nothing.