The very thought of a compliance framework can be enough to make a SME owner sigh.
Regulations are written to cover all sizes of entities, and it can be difficult to work out how they can be applied to a company with very few staff and no departments.
Nevertheless, regardless of size, every regulated entity must be compliant and able to evidence its compliance.
This needn’t be intimidating or difficult. Take anti money laundering, for example.
1. Have a policy. Write down what you are going to do and why. There is always guidance available and advice can be sought from trade associations as well as consultants.
2. Do a Risk Assessment. Work out where you business is at risk of being used for money laundering. Think about your products, your customers and your geography.
3. On the basis of your policy and risk assessment, write procedures. If the policy is ‘what?’ and ‘why?’, then the procedures are ‘how?’. How will your business manage and mitigate its risk?
4. Now you have a policy, a risk assessment and a set of procedures. Tell your staff about them. Train them. Make sure that they understand the policy. Make sure that they understand their responsibilities. At the end of the training, give them a test to check their understanding. Document the training and the test.
5. Every year, or if there is a significant change in your business, or the regulations, review everything from point 1 onwards, and document that you have done so.
All this documenting is your protection. If a regulator or a law enforcement agent is inspecting you, this is what makes them feel better.
Documenting evidence that you have real, living policies and procedures that are risk-based, that are understood by everyone in your business and that you review regularly.
Compliance doesn’t need to be complicated, difficult or intimidating.
If you want to talk through Compliance Frameworks and how to implement them, drop us an email, or give us a call for a confidential, free and, no obligation chat.
We’re happy to give free advice, or more if you want hands-on support.