This website uses cookies so that we can provide you with the best user experience possible. Our Cookie Notice is part of our Privacy Policy and explains in detail how and why we use cookies. To take full advantage of our website, we recommend that you click on “Accept All”. You can change these settings at any time via the button “Update Cookie Preferences” in our Cookie Notice.
Technical cookies are required for the site to function properly, to be legally compliant and secure. Session cookies only last for the duration of your visit and are deleted from your device when you close your internet browser. Persistent cookies, however, remain and continue functioning on repeat visits.
CMS does not use any cookie based Analytics or tracking on our websites; see details here.
Personalisation cookies collect information about your website browsing habits and offer you a personalised user experience based on past visits, your location or browser settings. They also allow you to log in to personalised areas and to access third party tools that may be embedded in our website. Some functionality will not work if you don’t accept these cookies.
It’s not uncommon for multiple compliance risks to be identified during due diligence when acquiring a company. An institutionalised compliance costs money, an institutionalised compliance does not evolve by itself, the company has grown quickly, and “has always managed fine without it” – those are just four of the many reasons why German SMEs in particular struggle in this area.
Like in the case we are describing here. We identified policies that were not state-of-the-art for a compliance management system. We found out that employees were not sensitised to compliance-related issues. We saw organisational and governance structures that lacked clarity around how, and by whom, compliance measures should be developed, implemented and applied.
The acquiring company considered this a problem, having itself a rather different compliance culture. They consider a professional compliance management system as the market standard and part of proper corporate governance. The lack of this type of system at the target company worked in its favour during the price negotiations, however, the company would now like to implement appropriate compliance structures in the acquired company. The purchaser considered it essential to urgently reduce liability risks that could arise for both the company and its management as a result of inadequate structures (in a worst-case scenario, fines of up to EUR 10 million could be imposed). Another aim is to ensure compliant conduct on the part of all company employees.
The directors of the acquired company and its employees are not exactly enthusiastic about this approach. They voice various concerns, citing unnecessary costs, unnecessary work and unnecessary expenditure on external consultants. Managers fear that compliance would hinder their day-to-day work. “Compliance requirements take up too much time, you don’t get anything else done.” There were mutterings among employees about a “surveillance state” in which you are no longer allowed to do anything. And the knock-down argument raised by the directors, managers, employees and works council is that there was nothing wrong in the first place, so why not just carry on as usual?
In situations such as this, where two wholly different viewpoints collide, the key is to engage in dialogue. A functioning compliance system must not just be aligned with a company’s size, international scope, industry specifics and risk areas, but also with its corporate culture. In addition to managers, it is particularly important to address the concerns of the employees, who ultimately have to put the compliance culture into practice. You need to explain the benefits of compliance to them and involve them in designing the compliance management system. It’s also necessary to find practical solutions that are genuinely tailored to the needs of the specific company. Compliance should not be a burden, but should protect the company, its management and the employees, and ideally simplify their everyday work by providing clear rules on dos and don’ts.
Grudgingly, the company began to tackle the project. We came in as external advisors, starting with workshops in which we talked to the company about key aspects and concerns. This was followed by quick compliance checks on specific areas to get an idea of where loopholes might be found. We conducted interviews with key stakeholders from the core areas and used our dedicated tool to analyse documents efficiently.
Not so surprising to us, but certainly to the company management, that alongside identifying weaknesses we uncovered embarrassing compliance-related incidents, some of which were financially detrimental to the company. Employees from the Business Development department regularly received invitations from business partners, including a week-long stay in Bangkok for a trade association meeting. Christmas presents in Sales exceeded the appropriate value. In the Purchasing department, contracts were regularly awarded to a construction company whose managing director just happened to be the brother of our client’s purchasing manager. In the Finance department, reminders were simply thrown away and duplicate payments made, possibly due to the lack of an appropriate IT system. The HR department told us about people being off sick due to workplace bullying. These incidents went unreported because there was too little awareness of whistleblower protection or the Whistleblower Protection Act (Hinweisgeberschutzgesetz). A Legal department that had never heard of the Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz – LkSG) insisted that sustainability was leftist nonsense, and that you could not be held liable for things in the supply chain anyway.
The picture that gradually emerged was very different from the view of compliance held by company management and many employees. There was a clear need for action on several fronts. Accordingly, with the evidence in our favour, we set about establishing a compliance organisation (and in particular appointing a Compliance Officer). A code of conduct was drawn up together with policies on corruption and on conflicts of interest. A system for screening business partners was also introduced, along with a signature policy including a documentation/filing system and a reporting system. We took various steps to ensure compliance with the Supply Chain Due Diligence Act and developed a modern training programme. This was designed to make employees more aware of compliance issues going forward, with attendance being documented.
Shortly before Christmas, we received something in the mail. It was from the company’s senior management team, with whom we had worked closely over the course of a year to help introduce a compliance management system. It turned out to be a nice bottle of wine – which is deemed completely appropriate from a compliance perspective in such a context. But we remember the card much more, which thanked us for our work and said they were looking forward to more projects in the coming year. No trace of a grudging attitude now. More a sense of gratitude, in fact, since our project had eliminated several personal liability risks compared to the original situation.
We provide a full range of advisory services around compliance management systems, including
Write us a message and we will get in contact.
Thank you for contacting us. We will get back to you soon.
%20(3).jpg?v=3)
Social Media cookies collect information about you sharing information from our website via social media tools, or analytics to understand your browsing between social media tools or our Social Media campaigns and our own websites. We do this to optimise the mix of channels to provide you with our content. Details concerning the tools in use are in our privacy policy.