By

The article below appeared in the May/June 2019 Upsize Minnesota magazine.

Small-to-midsize businesses (SMBs) are not immune to compliance risks. To manage those risks, businesses must develop compliance programs that are specific and effective. That can be done by analyzing the five Ws (and one H).

  • What: A business must first address the purpose of a compliance program. This includes the business history, its assets, and the compliance risks affecting the business.
  • Why: Utilizing resources for compliance instead of sales and marketing is frequently a concern. But this is the wrong focus. Compliance programs can strengthen culture, reduce risk, and increase market share.
  • Who: A compliance program for a SMB must have employee buy-in to be effective. Business leadership must provide the proper tone and reiterate the value provided by compliance programming.
  • When: There is no time like the present, particularly when a compliance program can provide immediate value to a company’s culture and bottom-line.
  • Where: Compliance risk is determined by location, industry, customers and vendors. It is helpful to partner with counsel to address the risks associated with a geographic profile.
  • How: An effective compliance program should include a risk assessment, formal policies, employee training, and regular auditing and enforcement. These elements can often be integrated into existing structures with minimal costs.