top of page


By Lorena Cobiella

Ethics & Compliance programs are not anymore just for big multinationals. Small and mid-sized companies are seeing the benefit of implementing compliance programs, not only to comply with regulatory requirements but also as the means to achieve their financial goals and deliver their purpose in line with the company's culture and values.


1 Leadership & Culture

2 Risk Assessment

​Commitment from top leadership to create and maintain a culture of doing the right thing is crucial. Having integrity and ethics as a part of doing business means the organization operates consistently and honestly in line with its ethical values and applicable regulations. It is about doing good and doing well at the same time. Robust compliance programs enhance credibility and trust with stakeholders and employees and contribute to increased profitability. Leadership teams have a pivotal role to play by leading by example and making Ethics & Compliance part of the organization's day-to-day operations.

Companies, regardless of their size, need to

understand and analyze the risks inherent to

their business and adopt a risk-based

approach to Ethics & Compliance. This

involves anticipating and prioritizing risks

based on internal and external factors that

contribute to designing the risk profile and

defining the company's risk appetite. The

company should then define its risk

management process, including adequate

controls to tolerate or mitigate these risks

and ongoing updates and monitoring of risks

in order to allow for continuous


3 Resources

4 Policies, Procedures & Standards

​It is essential to have senior management

oversight of Ethics & Compliance, whether

under the Legal, Finance or other

department. Appropriate internal controls

are also essential. When small and mid-sized

companies do not have the inhouse

resources for a full-fledged Ethics &

Compliance function, they should consider

external resources to support the function.

​Companies of all size must develop a Code of

Conduct based on company values and

culture and implement policies, procedures,

and standards of conduct to guide

employees in their day-to-day activities. It is

vital that these documents are tailored to the

organization's needs and size and are based

on the risk assessment previously conducted.

Policies and procedures must be up to date,

be clear, precise, and easy for employees to

find, and be subject to ongoing review and

continuous improvement.

5 Effective Training & Communication

6 Review, Measurement

& Reaction

Once the company has a Code of Conduct,

and necessary policies, and procedures in

place, effective training of employees and

collaborators is another essential pillar of a

strong Ethics & Compliance program.

Leadership must schedule regular training,

either live or remote, and keep track of

training records. Parallel effective

communication from leadership flagging the

importance of Ethics & Compliance in the

company's day-to-day operations is

paramount to reinforce that the company's

success comes from doing good and doing well

at the same time.

Small and mid-sized companies must have in

place systems to monitor and measure the

effectiveness of their Ethics & Compliance

programs and consider external resources to

conduct periodic reviews of effectiveness.

Companies must be committed to addressing

potential misconduct and impose corrective

actions if needed. Adequate protection of

whistleblowers who raise concerns about

potential misconduct happening in the

organization is not only a legal requirement

in many jurisdictions but also an indicator of

robust Ethics & Compliance programs.


Small Title

Heading 1

bottom of page