UPDATED REGULATORY COMPLIANCE GUIDANCE FOR SMES

Publication Date: 26/10/2015

To minimise the risk of damage to an SME, all stakeholders, employees and employers need to be kept up to date with regulatory requirements.

Over the past few years, the business world has seen various ­ financial crises, corporate collapses, scandals and an increase in regulatory activities, followed by a barrage of new legislation. These important drivers led to a heightened interest in formalised frameworks and codes relating to corporate governance, risk management and compliance, albeit mainly focused on large corporations or listed entities. However, the expectation is that SMEs should also be managed and operated on good business practice and ethical principles corresponding with their larger counterparts. Having said that, it is commonly acknowledged that the implementation of these principles may be difficult, cumbersome and costly for an SME. Compliance should then be tailored to the SME’s particular circumstances.

 

Existing frameworks and leading practice

Some of the current leading practice frameworks from which SMEs could take guidance are:

  • King Code of Governance Principles and the King Report on Governance (King III) – a non-legislative code on principles and practices by which organisations are controlled and directed.
  • Generally Accepted Compliance Practice framework of the Compliance Institute Southern Africa, which sets out a risk- based approach to compliance.
  • ISO standards (the world’s largest developer of international standards).
  • ISO 9001 – Quality Management Systems.
  • ISO 19 600 – Compliance Management Systems.
  • ISO 31 000 – Standard on Risk Management

Common challenges

The above frameworks are an overkill for many SMEs, but SMEs are subject to the same laws and regulations as similar larger companies. Ignorance of the law is no excuse for breaking it. Penalties and other sanctions (such as imprisonment) for non-compliance have an adverse effect on the SME. SMEs may have acute shortages of knowledge, experience and capabilities in governance, risk and compliance management practices. Employees are typically required to perform a range of tasks, including looking after governance, risk and compliance, which leads to a loss of independence, but it is almost impossible to keep up to date with legislation and to ensure compliance thereof. Additionally, while risk management may be embedded in day-to-day processes, it is often informal and unstructured. SMEs also often lack transparency and frequently do not disclose ­ financial and tax information. The knowledge of accounting procedures, accountability and responsibility may also be very limited

Benefits of a structured compliance programme

Implementing a risk and compliance programme protects directors against personal liability and helps the SME to comply with legislation. Good business practices, such as formalisation of governance and compliance, lead to employee, client, regulator and other stakeholders’ satisfaction, and make SMEs more ‘bankable’ and credible. Good business practice also allows SMEs to strengthen their marketing pitch – customers know and understand that the SME is working to high standards, providing quality products and services.

How banks and financial institutions can assist

Financial institutions can incentivise customers’ adoption of corporate governance principles by making it a condition for ­ financial support and linking transactions and risk-adjusted pricing to such principles. They can also educate SME customers on accounting standards to ensure transparency and the availability of ­ financial statements, and develop awareness programmes regarding their compliance responsibilities.

What SMEs can do

SMEs need to create a culture where governance, risk and compliance are all-important. The next step is to identify and prioritise risk. Compile a risk register highlighting the top 10 risks facing the SME. Once identified, SMEs need to manage these top risks, build risk-management capacity in employees and add it to their performance contracts. SMEs should also report on risk by ensuring the top risks are a standing item at senior management meetings, and allocate sufficient time for discussion and review.
Download and subscribe to the Banker Magazine.