5 reasons why small and mid-size companies need compliance programs

Most large companies worldwide (those with 5,000+ employees) have ethics and compliance programs that include training, policies, codes of conduct, and other elements focused on helping employees make ethical decisions in their day-to-day work. These companies understand that investing in compliance makes sense, as E&C programs identify risks, train employees, and protect companies from major fines, penalties, disbarment, and bad publicity if misconduct occurs.  

On the other end of the spectrum, small to mid-size companies sometimes think that E&C programs are a luxury they can’t afford. That couldn’t be further from the truth. As noted in LRN’s 2023 Ethics & Compliance Program Effectiveness Report, recent changes by regulators like the US Department of Justice (DOJ) and Securities and Exchange Commission (SEC), plus the explosion of sanctions and trade regulations in the wake of the Ukraine war, highlight the need for companies of all sizes to have E&C programs that work effectively in practice (not just on paper), embrace accountability, and reflect regulators’ expectations. 

Let’s look at the facts around why small and mid-size companies need ethics and compliance programs. 

Small companies that lack E&C programs make up the bulk of companies actually sentenced for misconduct 

Having an ethics and compliance program is crucial in helping smaller organizations mitigate risk, and data from the United States Sentencing Commission proves it. Of the nearly 5,000 organizations that have been sentenced for federal crimes since 1991, 70% had fewer than 50 employees. The overwhelming majority of organizational offenders—nearly 90%—did not have an E&C program in place.  

Small and mid-size companies face greater risks than large ones without proper compliance 

Sanctions and trade controls often affect everyone’s supply chain, regardless of size. Effective compliance requires training and an E&C program that identifies and mitigates risks. Take e.l.f Beauty, a mid-size beauty products company based in California, for example. In 2019, the company paid a $1 million fine to settle an enforcement action by the Office of Foreign Assets Control (OFAC) of the US Treasury. E.l.f. imported 156 shipments of false eyelash kits from Chinese suppliers that sourced some of their materials from North Korea. Imagine the social media storm if Academy Award nominees found out they were wearing North Korean eyelashes. The company self-reported the sanctions violations after an internal audit and reportedly paid a lesser fine as a result.

Ignorance is no excuse when it comes to ethics and compliance 

Effective ethics and compliance programs are impactful when it matters. According to the 2023 E&C Program Effectiveness Report, over half ethics and compliance professionals stated that E&C factors and risks led to their organization substantially modifying or abandoning a business initiative. And high-performing E&C programs were 30% or more likely than those ranked as less effective to impact important business decisions, relevance, and continuous evaluation and improvement. 

Conversely, ignorance of what constitutes ethical and compliant behavior does not excuse organizations. In 2014, Smith & Wesson paid $2 million (plus other penalties) to settle bribery charges with the SEC. The company had no compliance program, and employees were not aware that offering gifts to foreign officials to get business violated the law. Training employees on what they can and can’t do is essential. 

Everyone can be a whistleblower, but effective compliance training can help with speaking up 

Since 2010, whistleblowers who spot misconduct that a company hasn’t remediated are eligible for an award when they voluntarily provide the SEC with information that leads to a successful enforcement action. Awards can range from 10% to 30% of the money collected in an investigation. In 2021, total awards to whistleblowers exceeded $1 billion.  

Compliance programs are the best defense to whistleblower claims because, when implemented effectively, they encourage employees to speak up about misconduct and help the organization take steps to address it. In fact, LRN research shows that more than three-quarters of effective compliance programs (77%) list speaking out data as useful information in evaluating program impact and identifying areas of improvement.

Compliance programs reduce fines and penalties 

Given the emphasis by regulators on personal accountability and new, complex risks, organizations would be well advised to ensure that their ethics and compliance program is resourced and supported. Compliance programs help prevent misconduct and, when and if it occurs, result in reduced fines and penalties. In 2022, GOL, a Brazilian airline, received a 25% “discount” in fines and penalties for bribery violations from the SEC and DOJ for redesigning its anti-corruption compliance program. 

The key takeaway 

For small and mid-size companies, ethics and compliance programs are essential to protect against ever-changing risks, prevent whistleblowers, and reduce fines if misconduct occurs. To learn more about creating and maintaining a strong E&C program, download a copy of LRN’s 2023 E&C Program Effectiveness Report.

This article originally ran on The Compliance & Ethics Blog.