Companies and the people that run them are subject to an increasing array of local and international regulations. Running afoul of these regulations can lead to corporate scandals that hurt a firm’s reputation and cause lasting damage. A compliance and ethics program can help ensure that an organization operates within the law and stays true to its own ethical principles that are important to the company’s business and identity. And just as significantly, a compliance program can demonstrate to a company’s employees and the community that the organization is committed to doing business the right way. For these reasons, companies doing business in Thailand can greatly benefit from having an effective compliance and ethics program.

Since compliance departments do not generate revenue, it can be tempting to dismiss compliance as a back-office drain on costs. This would be short-sighted. A compliance breach has the potential to do significant damage, or in worst case scenarios, even destroy a company (as famously happened to Enron Corporation). Reputations that may have taken decades to cultivate can be destroyed with a single headline (the Volkswagen emissions scandal being an example). Recovering from these failures costs organizations time and money. And in many cases, the long-term damage is far more costly than the resources necessary to fund and operate an effective compliance program.

One common compliance area is anti-corruption. The U.S. government is actively pursuing companies and individuals for violations of the Foreign Corrupt Practices Act (FCPA). The FCPA, among other things, penalizes the bribing of non-U.S. government officials. The United States is not the only country pursuing anti-corruption cases. The United Kingdom has its own prohibition on bribing foreign officials, and similar legislation is also being considered in other countries. Organizations that are subject to the FCPA and the U.K. Bribery Act and operate without an effective compliance program do so at their peril.

Thailand also has its own stringent anti-corruption laws. Under last year’s amendments to the Organic Act on Counter-Corruption (OACC), a company can be held criminally liable for the corrupt activities of its employees, agents, consultants, and other people associated with the company. Importantly, the OACC also contains a provision stating that a company’s criminal liability can depend on whether it failed to implement “proper internal measures” to prevent the bribe. While the law does not state what internal measures would be acceptable to limit or exclude liability, it is presumed that a robust compliance program would reduce the likelihood of liability.

Other common compliance areas include antitrust, money laundering, environmental considerations, labor, human rights, and computer crime–related issues. Indeed, a central component in any compliance program is to address the right risks. For example, an apparel company with an extensive supply chain may face risks associated with labor rights abuses, while a bank will be more focused on money laundering.

The first step for any compliance program is for the company to actually want it. No compliance program can effectively function without the full and sincere commitment of the organization’s leadership. Engagement by the board of directors and senior management will set the tone for the rest of the organization. In short, if the leaders do not care about compliance, neither will the employees.

The second step is for the organization to prepare a written set of policies and procedures, including a code of conduct. These internal rules should apply to every member of the organization, from the cleaners to the CEO. Discriminatory application of the company code will render the most well-written code ineffective. An effective code will also apply to the organization’s partners, such as vendors, suppliers, and contractors. The code should be easy to read and understand. It should also be specifically tailored to the organization, its industry, and its corporate identity.

After the code of conduct is prepared, it should be communicated effectively to the organization. The best way to achieve this is by training. The training should establish that the company’s standards are not just theoretical—they should be integrated into daily work. Just having the code is not good enough. It has to be followed for it to work.

Training should not be viewed as a single exercise. It should be regularly provided so it never becomes stale. Additionally, everyone in the organization should be required to attend the training, including senior management. With this in mind, the training should be tailored for different employees. The risks confronting a sales manager will be different from those encountered by a CEO.

In conclusion, regulatory and reputational risks are a part of doing business. How an organization handles those risks can mean the difference between success and failure. In some cases, it can even mean the difference between prison and freedom. Compliance programs help an organization prevent the problem from occurring in the first place. And just as important, they can enable a company to instill an ethical culture within the organization. The positive effects of having honest employees go far beyond compliance.