No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Featured

How to Grow Your Compliance Practices as You Scale

SMBs and Risk Management

by Giovanni Gallo
February 4, 2020
in Featured, Risk
businessman hanging by his hands from orange life saver

It’s critical for small business owners to minimize exposure and risk; for SMBs, a single ethical or regulatory violation can be catastrophic financially and reputationally. ComplianceLine’s Giovanni Gallo provides guidance for SMBs on how to minimize those risks.

Many small to medium businesses (SMBs) are tempted to not deal with compliance and risk management until they’re forced to. They don’t choose their battles; they wait to put out fires.

The reason is simple: Smaller and growing companies are very operationally focused; nothing is created until there’s an urgent need. They don’t usually have the deep pockets, resources, expertise or even time to architect infrastructure and processes as they lay their foundations.

A small business CEO or founder of a startup is already wearing so many hats that they’ll often “under scope” their time and resources toward risk management; compliance and ethics often fall on the bottom of the priorities list. This is not due to any lack of concern about being an ethical company; rather, it’s often because they’ve underestimated both the size of the risks and the achievability of mitigating them. “We’ll do it when we get bigger/when we need to,” is a common refrain.

This is like driving without car insurance. You know you need it, but you have somewhere you need to be. You keep driving down the highway, hoping you don’t get caught.

Small companies tend to have a misperception about the value of risk management. While the risks are the same (whether you have 500 employees or 20,000 employees), the impact of a compliance lawsuit will be amplified for small businesses. A single ethics and compliance (E&C) claim can cost considerable time, attention and resources; an E&C claim is more easily absorbed by a large company, but potentially devastating for an SMB.

Start Small. Evaluate Risk. Plant the Seed.

When it comes to risk management, it’s imperative that small business owners act now – even if that means just planting a compliance seed. It’s perfectly acceptable to start now and build later. The difference in ROI between doing nothing at all versus planting a seed is tremendous.

The good news here is that you don’t need an extensive team to create, implement and manage an ethics and compliance program. Even a small investment of time and resources has the potential to deliver big savings in the long run. For example, you may not be able to implement a massive, integrated privacy and security system that monitors and tracks every email in and out of your servers, but you can at least have a firewall and spam filter.

Companies don’t have to rush out and hire someone to build new policies. It’s okay to start by simply giving the subject “mindshare” with your team. It doesn’t take a high-priced lawyer to know that if a manager is being abusive to an employee, you’re looking at up to tens of thousands of dollars in legal fees, not to mention a horrible corporate culture.

Sit down with your top three to five leaders to discuss any issues that have been reported or even whispered about. Get to the bottom of it; create a roadmap for improvements. It’s so much better to be in a position where you’re choosing your battles instead of being reactive, which can introduce inefficiencies, distract you from your priorities and even decrease morale.

If nothing else, take a step by talking to other business leaders and asking how they’ve identified and addressed relevant risks. They can be a great resource. For example, leave, medical and work accommodation standards vary by state. You might look to your professional employer organization (PEO) for advice included in your membership as a start, but even PEOs don’t always have the right answer in every case. Talking to the business owner down the street or on the floor below you is time well spent and can keep you from having to pay your way out of a situation.

These simple, immediate measures are far less expensive – maybe they cost you $1,500 if you meet a few times or need to pay for advice – and far less time-consuming than a $20,000 LexisNexis legal subscription covering every law in the world or a suite of top-tier attorneys. Plus, that small investment has the potential to save tens of thousands of dollars in legal fees, and perhaps even the business itself.

Start small. Plant the seed. Doing something is better than doing nothing.

Establish Your Compliance Pillars

What protocols and systems are ideal for those in the small business community? There are seven common, but vital compliance pillars to follow that can support your company, particularly if you’re involved in highly regulated industries like health care or finance:

  1. Implementing written policies and procedures, so your standards of conduct are known.
  2. Designating a compliance officer and committee, so initiatives are managed properly.
  3. Conducting effective training and education, because an informed workforce mitigates risk.
  4. Developing effective lines of communication, so your staff can voice concerns and management can address them in a healthy manner.
  5. Conducting internal monitoring and auditing, so you can track and prove adherence.
  6. Enforcing standards through well-publicized disciplinary guidelines, so everyone knows you are committed to these initiatives.
  7. Responding promptly to detected offenses and undertaking corrective action, so employees know they’re safe and that you mean business.

Building a Compliance Culture Shows That You Care

If you truly care about your people and are not just trying to make sure they remain silent out of fear of losing their jobs, then you know these activities make sense. Further, for legal consideration, you need to be able to prove that you put effort into compliance activities that are reasonable for a company of your size. That also means documenting discipline taken and showing consistency in how you treat exceptions.

Building a transparent compliance culture keeps your workplace environment healthy and humane and protects your company’s reputation. Those who pursue growth at all costs, who think their employees are lucky enough to be part of something amazing and need to just suck it up, are in for a rude awakening. If you need examples of companies that got it wrong, think Uber and Theranos. The smaller your business, the more susceptible you are to the sicknesses that plagued these companies.

To that end, consider implementing a mechanism for employees to voice concerns anonymously and without fear of retaliation. Whereas employees used to be afraid to speak up about issues in the workplace, today, there’s honor in reporting injustice. Fellow employees, customers and entire communities will rally behind someone trying to right a wrong. It’s not just about regulators; companies are getting called out for inappropriate actions that are becoming less acceptable by the day. There are plenty of journalists, online forums and lawyers outside your team who will happily listen to and amplify those voices. You may as well join the audience and welcome the feedback internally with a process that protects employees from retaliation.

Set up an actionable culture of transparency – one that extends from the top down and bottom up. Reward those who are honest and step up: Use them as examples and celebrate these best practices. This holds reciprocal reward in terms of recruitment, employee retention, worker effectiveness, increased productivity and more. Building such trust will enable you to better handle particularly thorny issues and, on a more routine basis, allow for more candid feedback in areas such as performance reviews.

Get the Shake of It — Read Up and Do Your Homework

There are a wealth of online resources growing companies can reference to get a handle on the types of risks they could face before they occur.

There’s a lot of free content out there, as well as organizations and associations, that can help you tackle a lot of this. From your local chamber of commerce and the Society for Corporate Compliance and Ethics to various industry blogs and invaluable publications such as this, all have materials and resources available. Use them.

Compliance isn’t a boring policy that has no business value. The compliance moments you encounter when dealing with potentially thorny issues are where you establish your company culture – for better or worse. Compliance isn’t just about the minutiae of ticking the right boxes and creating paper trails; your culture is defined by what you say “no” to and reject, like abuse and favoritism, and the things that you celebrate and empower, which are hopefully candor and transparency.

Making sure your culture is healthy is essential for your success as a business; it’s not only how you take care of the people who do the work essential to your mission, but also how you express your values to the marketplace. Establishing a strong compliance practice means the potential for building a healthy workplace culture and leveraging your reputation for influence in your field.

Start small and build, but do something. Because there’s simply no ROI in doing nothing.


Tags: Reputation Risk
Previous Post

Trustworthy AI: A New Frontier in Ethics for Risk and Compliance Leaders

Next Post

Certifying Third-Party FCPA Compliance Under New SEC/DOJ Requirements

Giovanni Gallo

Giovanni Gallo

Giovanni Gallo is co-CEO of Ethico, a provider of compliance hotline services, sanction and license monitoring and workforce eLearning software and services.

Related Posts

cfpb building sign

What Does Weakened CFPB Mean for FinServ Compliance?

by Carrie Pallardy
April 30, 2025

State-level enforcement, private rights of action & public perception all call for staying the course

turbulent waters

Compliance in Transition: Navigating Political & Regulatory Turbulence

by Anna Romberg and Julia Haglind
February 14, 2025

Returning to core values — not chasing regulatory or political shifts — is the key to sustainable compliance

following the leader

A Behavioral Economics Approach to Privacy by Design

by Vivek Agarwal
November 12, 2024

Consumer trust is everything in our increasingly digital age

trump harris commemorative magazines in rack

The Liar’s Dividend & What Corporate Leaders Can Learn From GenAI’s Impact on Election Day

by Joshua Tucker, Paul Connolly and George Vlasto
November 4, 2024

How artificial intelligence is making it harder for companies to defend themselves against false claims

Next Post
illustration of two hands holding an FCPA document

Certifying Third-Party FCPA Compliance Under New SEC/DOJ Requirements

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights