As an entrepreneur, that is your main goal. A good reputation is one of the requirements for this. You act in accordance with all applicable laws, rules and directives: Then you have the security of knowing that your reputation and your values will remain intact and become even better.
I will help you to know the applicable laws. I will promptly inform you of new and ever-changing laws and rules. I will identify and assess the risks they pose to your company with you. I will propose to you the reasonable and appropriate measures which are necessary for the adherence to these requirements and for controlling the risks.
I will help you to implement the measures. I will tailor them to your business processes and integrate those measures into them. Whenever they affect several or all employees, I will implement the measures together with you, e.g. training, provision of information sources, controlling mechanisms and monitoring.
Thus, as your Consultant or your compliance function, I can make essential contributions to your company’s success:
With the efficient and targeted management of the laws and regulations that are applicable to you and the related risks, I will help your company to attain a robust compliance culture.
With a good compliance culture and effective compliance management, you will increase the trust that your customers, suppliers, employees, banks and investors have in you. You will thus improve the reputation and the value of your company. Make use of this competitive advantage.
Even as a small or medium-sized enterprise (SME), you are confronted with countless quickly-changing liability and business risks which can be promptly identified and warded off through corresponding compliance management.
As an external compliance function, I will offer you the concept, the improvement and the introduction of your customised compliance management system and thus help you to improve the security and value of your company.
In particular, some of the following themes could affect you:
Bribing private business partners as well as bribing public officials is punishable under criminal law in Switzerland – as well as in the EU:
As a company, you can be indicted in Switzerland and punished with a fine of up to CHF 5 million if you have not adopted all reasonable and required organisational measures in order to prevent such criminal acts (Art. 102 Swiss Criminal Code).
- Do your employees know what they can exchange with customers, suppliers, public officials and government agency employees without your company running the risk of being held liable for bribery and corruption?
- Do your employees abroad know that Swiss law or the law of an EU country can be applicable there? And that your employees and/or your company can be held liable here?
- Have you undertaken measures to prevent bribery and corruption? Have they been documented? Do you have an overview of them?
As a company, you work with the countless personal data of employees, customers, business partners, etc. Data protection laws demand that personal data be specially protected and contain numerous requirements for the effective protection of personal data.
- Do your employees know what personal data are?
- Do they know the requirements?
- Do you know where you process and store personal data?
- Do you have tools available to you for effectively protecting the personal data?
- Do you know what to do if affected persons or government supervisory authorities demand information?
- Have you designated a Data Protection Officer at your company?
- Do you collect data which must be registered with the Swiss Federal Data Protection and Information Commissioner?
I will help you to identify the requirements for good data protection. I will examine whether your processes for handling personal data fulfil these requirements. In addition, I will recommend to you additional or better measures where they are appropriate.
As your company’s Data Protection Officer (which in certain cases you must have in accordance with Art. 11a Swiss Data Protection Act,) I can independently monitor the in-house adherence to the data protection directives as well as create and maintain a directory of the data collections. This service includes contact with the government data protection authorities at the local and federal levels.
As a company, you operate in a free market and benefit in diverse ways from the economic freedom. The adherence to the rules of competition law and fair market practices will ensure your success in the free market.
- Do your employees know what they must keep in mind when they act in the market?
- Is it clear to them what is permitted and what is forbidden when they meet with your competitors’ representatives?
- Do you know what must be kept in mind when working on joint projects and cooperating with competitors?
- Do you know that the competition law provisions of each country can be applicable to you if your market activities have ramifications for their markets?
Clarity in these areas, for all comprehensible rules of conduct and prompt, clear advice in the individual case promote the implementation of your company’s strategy.
Upon a regular basis, bans are issued or renewed on doing business with certain countries or certain persons. Such trade sanctions are decreed and implemented by, for example, Switzerland, the EU and its member countries or the USA.
- Do you know the trade sanctions which are applicable to your business?
- Are you up-to-date about the on-going changes and supplements to these sanctions?
- Do you and your employees know what they must do if a business deal is discussed which could be affected by trade sanctions?
Is the trading of bonds, securities, energy or raw materials on a stock exchange or outside of a stock exchange part of your business activities? Are your shares listed on a stock exchange?
Do you know the rules and standards of the respective stock exchange and the applicable legal framework?
Increasing regulation from a wide array of sources is applicable to such trading activities. Some key words: Swiss Stock Exchange Act (SESTA), Swiss Financial Market Infrastructure Act (FMIA), draft of the Swiss Financial Services Act] (FinSA), draft of the Swiss Financial Institution Act (FinIA), EU Directives on Markets for Financial Instruments (MiFID II), EU Directive 2014/91/EU (UCITS), European Regulations on Derivative Financial Instruments (EMIR) or on the Integrity and Transparency of the Energy Wholesale Market (REMIT).
If you are listed on the stock exchange, do you have an overview of the requirements of the stock exchange (listing rules), the stock exchange supervisory board and the financial market supervisory authority Finma? Are you familiar with the accounting and corporate governance guidelines?
Have you introduced measures for preventing insider trading and market abuse by employees and third parties who possess relevant information about your products traded on the stock exchanges or your own listed company? Have you introduced processes for fulfillment of the notification obligations?
Not only financial service providers, but also companies in other industries are exposed to these risks.
- Have you and your employees been informed of the risks in this area?
- Do you have the tools at hand to control these risks?
A good compliance culture, targeted controlling measures and additional tools will help you to prevent internal fraud and other internal crimes.
Are you sure that your business records are being properly retained and stored? Is your document storage and document management process efficient? Have you introduced the required measures so that no essential documents are lost or deleted?
Are you or your employees able to delete or destroy documents which are non-essential, unnecessary and no longer require retention so that no unnecessary information is stored and you can spare your storage and archiving resources?
As an entrepreneur, it is in your own vested interest that your business decisions are made in your own company’s interests and are devoid of third-party interests. It is only by so doing that you ensure that these decisions create the desired added value.
- Do you know about the committed interests of the decision-makers at your company?
- Are you able to correctly handle conflicts?
- Can you prevent third-party interests from improperly influencing your decision-making?
Many industries and business activities are subject to special government supervisory authorities. Some general supervisory authorities such as industry commissions and labour commissions, price monitors, data protection authorities and SUVA, the Swiss Federal Accident Insurance can monitor and sanction companies.
- Do you have an inventory on hand of the supervisory authorities which are competent for your company?
- Have you designated a responsible contact person at your company to deal with these government authorities?
Many government authorities can surprise you by conducting a search and/or an inspection of your company’s premises upon short notice and/or which has not even been announced at all.
- Have you already planned for the correct handling of a search of your company’s premises?
- Has it been ensured that all relevant employees know how they should conduct themselves?
- Have you undertaken preventative measures so that the correct persons are promptly informed and mobilised if a government authority comes knocking on your door?
Transparency is increasing in importance in all business segments – particularly with regards to the pricing and commissioning of intermediaries and brokers. In this regard, consumers and government supervisory authorities are becoming more and more demanding. I will help you to analyse your related practices, identify gaps and recommend improvement measures to you.
Public Bidding Procedures
- Do you participate in public bidding procedures? Then it is often beneficial to document what you are doing, and have done, for compliance.
Clear and clean documentation of your activities, your compliance program, compliance reports and additional information will benefit you in this regard.
I will advise you during the compilation of the relevant information and documents and can thus contribute to your success in such proceedings.
Compliance Due Diligence for Private Business Relationships
- As is the case with public bidding procedures, with private business relationships, concrete data and documentation with regards to compliance themes are being demanded ever more often.
- You as well also have a need to demand that your suppliers and service providers render corresponding assurances and documentation.
- I will support you in both cases.
If you want to ensure that the laws and regulations are taken seriously at your company and are also followed, then you need a good compliance culture. This can only occur if it is embraced at the highest level upon a daily basis and underscored with concrete actions.
- Are you sure that a good compliance culture prevails at your company?
- What have you done recently to promote the compliance culture?
- Do your employees see you as a role model when it concerns respecting and following the regulations?
As an outsider, I can assess your compliance culture and recommend actions and behaviours to you which promote a good compliance culture.
The core element of a functioning compliance culture is the Code of Conduct.
So you have no Code of Conduct at your company?
- Indeed, you most certainly have numerous internal ethical expectations and conduct standards in your employment agreements, internal directives and other documents.
- I will help you to consolidate these standards and centrally document them. I will point out gaps to you and help you to develop a Code of Conduct that is attractive and tailored to your company.
So you already have a Code of Conduct?
- Is it up-to-date and complete?
- Does it cover all the needs of your company as well as of your stakeholders
- Is your Code of Conduct available to all employees?
- Are your employees familiar with the Code of Conduct?
- What have you done in the last year in order to ensure that your employees have a comprehensive understanding of it?
The Compliance Program includes the review and updating of the Code of Conduct upon a regular basis. Part of a good compliance culture namely comprises having documented activities upon a regular basis in order to promote the Code of Conduct. This includes particularly the “tone at and from the top.”
I will support you as the Managing Director in this area and help you to recognise, understand and fulfil your responsibility for the compliance culture.
From an external perspective, I can give you the certainty that you will do what is necessary for a good compliance culture and provide you with tips and advice for making improvements.
A good compliance culture encourages employees to point out risks, potential violations of laws and regulations and breaches of laws and regulations which have already occurred as well as to report them. In addition, a climate should prevail at your company in which such reports are taken seriously and handled correctly.
- Do you have a climate at your company in which the employees feel comfortable to point out violations of regulations and rules?
- Do your employees have the opportunity to report to an independent authority?
- Can your employees make anonymous notifications?
- Do you have a process, which ensures that employees reporting concerns or breaches do not suffer retaliation or other detrimental ramifications?
I will evaluate and assess your existing culture and infrastructure in this area. I will advise you during the introduction of a reporting system and can also provide you with an external contact point to whom your employees can report violations. In addition, I will conduct examinations for you if breaches or deviations are reported while taking the interests of all stakeholders into consideration.
Have you been informed about the compliance risks (the risks that laws or regulations are being violated at your company)? Do you have them under control?
The identification and controlling of the risks is a core responsibility of the executive management and the Administrative Board (economiesuisse, Swiss Code of Best Practices Clauses 20 and 21). The compliance risks are part of the strategic business risks of your company.
I will help you to identify, document and evaluate the compliance risks at your company. The same also applies to any control mechanisms. In addition, I can help you to design a risk management process for these risks as well as for the rest of the business risks. If a risk management process is already in place, I will recommend to you how to integrate the compliance risks and controls into your existing risk management processes and help you to do so.
- Do you have an overview of the laws, directives and regulations that are applicable to your company?
- Are you being promptly informed of new laws and regulations as well as changes?
I will compile a catalogue for you of the laws, directives and regulations that are applicable to you and keep you informed of any changes upon a regular basis.
The measures which you implement will be clearly documented by me and will form your annual compliance program. Thus, you can document that you are also taking your obligations seriously in this area. The individual compliance activities will be agreed and implemented based upon the program.
Indeed, you most certainly have quality management systems and internal controls as well as ISO and other certificates. As a rule, they require a risk management system, an inventory of laws, an overview of the controls as well as additional documents and activities.
- Have you standardised the activities and documents for the various systems?
- Have your processes been consolidated in this area so that they can be implemented as efficiently and easily as possible?
- Are the relevant requirements and controls comprehensible to the affected employees and interlinked with your business processes?
I will coordinate and standardise all of your company’s activities for your diverse certificates and standards. This eliminates cost-intensive bureaucracy and redundancies. At the same time, consolidation and simplification promote the employees’ acceptance of the activities.
Transparency creates trust and increases your company’s value. By reporting concrete information about your compliance activities externally to the media, investors or customers upon a regular basis, you will create transparency sustainably and credibly. I will help you to compile the relevant information for your business report, or separate internal or external reports, and formulate the corresponding texts, graphics and overviews.
If compliance risks arise, laws, internal rules or measures are broken or flouted, I will conduct the examinations and clarifications for you. I will submit the corresponding reports and recommend to you the suitable mitigation and improvement measures.
So you already have a compliance function?
As an independent external Consultant, I will give you an objective perspective of your compliance function as well as the compliance program at your company. As a sparring partner and service provider, I can implement individual projects for your compliance function or work together with you to jointly develop and implement ideas, suggestions and tools for the dynamic and efficient implementation of the compliance program.
So you have no compliance function?
As your independent external compliance function, while working in close consultation with you, I will develop the annual compliance program. My work activities for you will be derived from your business’s needs and requirements which are formulated therein. I will provide you with all herein-described services.