When a compliance incident occurs within a company in today's business world, a company's business may be at risk. A compliance incident may lead to a civil and/or criminal violation, financial loss, or damaged reputation.

In order to minimise these risks, it is recommended for companies to have a robust compliance program in place which prevents and detects any compliance incidents. In the cases where a compliance incident occurs and a company or its senior management or employees face investigations by a prosecutorial authority, a compliance program can be a valuable tool to show that the company has taken appropriate steps to prevent compliance incidents. Thus, a robust compliance program may help to avoid or mitigate potential liabilities.

Companies should consider the following key points when designing and implementing an effective compliance program:

▪    Conduct a thorough risk assessment about the risks the company faces.

▪    Establish appropriate policies and procedures that reflect these risks.

▪    "Tone at the Top" and support for senior management.

▪    Third party due diligence

▪    Communication and training

▪    Monitoring and review

Sometimes the key points "Tone at the Top" and "Communication and training of the employees" do not have such a high priority as the others. Thus, below is a list of Do's and Don'ts in these crucial areas.


DO: Senior management and 'tone at the top' are of utmost importance for a well working compliance program. The senior management's statement of support of the compliance program should be made accessible to all employees and should be published on the company's website. A member of the senior management team should be responsible to oversee the compliance program and ensure that the company's compliance program is robust.

DON’T: Create and support a culture within the company that ignores compliance.


DO: Set up written policies which are easily understandable for all employees.

DON’T: Create policies consisting of hundreds of pages with legal texts in a very sophisticated language that will not serve any purpose.

DO: Communicate to the staff that every employee is responsible for compliance within the company and that compliance is a joint effort within the organisation.

DON'T: Create the impression that compliance is a minor program which is only taken care of in the compliance department by people who don't matter at all.

DO: Set up tailored training sessions for the senior management, all employees and (if necessary) external parties which address real life scenarios.

DON'T: Set up a training session according to the "one size fits all principle" to save time and money.

DO: The training interval should be repeated regularly.

DON’T: Perform a training interval once every five years.