Updated 31 May 2022
Industry regulators are constantly updating regulations and legal obligations – and it can be a real challenge for SMEs to keep up. Here’s the heads up on the key areas you need to focus on to ensure your small business meets compliance rules and regulations.
In business terms, compliance is about ensuring companies of all sizes and their employees comply with existing national and international laws. The Companies Act 2006 is the main legislation that forms the primary source of UK company law.
The main objective of compliance is to avoid or swiftly identify criminal behaviour and react appropriately to it. And, while making sure every aspect of your operation is being run compliantly may seem a daunting task if you’re running or starting a small business, it’s worth the effort. Compliance regulations have been put in place to protect you, your company, your employees, and your property.
Along with meeting legal requirements, there’s also an ethical aspect of compliance to consider. Essentially, a compliant company demonstrates that it’s a reputable business that respects the interests of its stakeholders – such as customers, employees and residents (for example, if you have a factory) – by operating responsibly. This can have a positive effect on your small business’s credibility and reputation.
If you’re setting up a company, some of the most important compliance considerations include:
The EU’s 2018 General Data Protection Regulation (GDPR) governs how organisations process and use personal data to provide consumers with greater protection. GDPR impacts every aspect of a business – from how you build your customer database to the way you market your business. Non-compliance can result in a hefty fine – up to €20 million (about £18 million) or 4% of annual global turnover – whichever is greater. There are some exceptions for businesses with fewer than 250 employees.
Since Brexit, GDPR has been incorporated into UK data protection law as the ‘UK GDPR’. This iteration, which came into force on 1 January 2021, is largely similar in its data protection principles and obligations. Under GDPR, every organisation that handles personal data needs to be able to:
To make sure your business is compliant, you should regularly review and update all your legal documentation, including agreements, contracts, forms, letters, policies, and procedures. This applies across the board and covers everything from employment and business law to tax and health and safety. As an employer, the documentation you need includes:
Employment law: This ensures each employee is protected by specified employment terms, which is a legal requirement and demonstrates that you have the correct policies in place:
Business law: All documentation that registers your business, relates to tenancy and financial arrangements, or protects your business, products and services:
Tax: Retain any information which is provided for tax purposes:
Health and safety: Ensure you regularly complete risk assessments and have procedures in place to log incidents:
Poor business compliance is simply not worth the risk. You should adopt appropriate internal controls to make sure you’re abiding by the regulations related to your company’s operations.
If your company is investigated and found to be non-compliant, you could be punished with sanctions such as fines, profit skimming, or even imprisonment.
Some other consequences and costs may be incurred, such as claims for damages by customers and business partners. What’s more, these sanctions are not limited to a single company but can affect the entire parent company. In these cases, business insurance does not offer any protection. There’s also the loss of reputation and trust among business partners and customers to consider, which may be impossible to come back from.
The regulations are ever-changing, with new rules and updates coming into place all the time – and there’s no doubt that it’s a huge challenge for small businesses to keep up, but it’s important that you do.
One example is a recent change in a piece of tax-avoidance legislation. From April 2021, private sector employers have to follow the same rules as the public sector concerning IR35 – also known as the ‘off-payroll working rules’. This means that private-sector employers now face a tricky choice: continue to treat contractors as contractors and risk a hefty fine if HMRC takes a different view or treat them as employees with the additional costs and responsibilities this involves. However, by taking the appropriate steps, both contractors and businesses can ensure that they do not fall foul of IR35.
To minimise your chances of being non-compliant, adopt internal controls such as appropriate organisational policies and procedures, regular risk assessments, internal audits and independent statuary audits and process updates, keeping all the associated documentation as proof of your compliance.