Losing trust due to a compliance breach? How good communication will protect your reputation

Compliance breaches can come in many forms: For example, a shareholder may enrich themselves by mixing private and business expenses; a supplier may violate ethical rules on a large scale; a senior employee may be abusive; a founder may bypass the foundation; a buyer may allow themselves to be bribed; and personal data may be found openly on the intranet. The list goes on and on.

This can initially have considerable financial and legal consequences. For example, a company can be fined up to 20 million euros or 4% of its global annual turnover for data protection violations in accordance with the EU General Data Protection Regulation (GDPR). In addition to fines, corruption offences can also result in exclusion from public contracts and criminal prosecution of responsible managers. Last but not least, claims for damages from aggrieved business partners or class action lawsuits from customers can lead to a high level of stress.

The lasting loss of trust and reputation among business partners and customers is almost impossible to quantify. Reputational damage often leads to a loss of business relationships, falling share prices or the withdrawal of important investors. Especially in an increasingly transparent and networked business world, negative information spreads rapidly. Controlled, targeted communication thus becomes an entrepreneurial duty.

First of all, legal requirements that oblige companies to report certain incidents must be complied with – for example, the GDPR, the Whistleblower Protection Act (Whistleblower Directive), the Act on Regulatory Offences (OWiG) on violations of competition or antitrust law, the Act on the Tracing of Profits from Serious Crimes (Money Laundering Act – GwG) or the laws on insider trading and market manipulation in share transactions.

Such requirements ensure that serious violations are not simply swept under the carpet, but are made transparent and can be investigated by the authorities. Proper communication therefore also includes compliance with statutory reporting channels and deadlines, both to the authorities and to those affected. Failure to provide information or providing incorrect information can lead to severe penalties and present the company with greater challenges than the original offence.

One of the key reasons for open communication is to build and maintain trust. Companies that deal openly with compliance violations are signalling responsibility and a willingness to learn from mistakes. This creates a culture of openness and honesty. If employees, business partners or customers have the feeling that problems are being covered up, mistrust quickly arises, which can fundamentally damage the corporate culture. Transparency signals that the company accepts its responsibility and is actively working on improvements.

Successful communication in the event of compliance violations is never spontaneous, but follows clear principles and processes. Ideally, crisis and communication plans are part of a functioning compliance management system. These include the definition of communication channels, responsibilities, language rules and escalation levels. A clear strategy protects against impulsive action and ensures that all relevant information is communicated carefully and appropriately.

Mistakes cannot always be prevented, but how a company deals with them has a significant influence on how it is perceived and evaluated. Through proactive communication, companies can prevent rumours, speculation or misinformation. By communicating information clearly, promptly and completely, organisations retain control over the power of interpretation. This helps to avoid escalation and significantly reduces the risk of legal or media damage. In general, the right communication takes into account the respective interests, explains the background to the incident, provides information about the measures taken and thus creates understanding for the (necessary) measures taken by the organisation.

Depending on the type and extent of the incident, it is essential to inform external stakeholders. These include

• Supervisory authorities and regulatory bodies – also through reporting obligations to authorities such as BaFin, data protection officers or environmental authorities,
• business partners, suppliers and customers – if the breach has an impact on existing business relationships or the safety of products and services,
• shareholders and investors – who react very sensitively to breaches and even more sensitively to their concealment,
• insurance companies – to avoid losing insurance cover and, last but not least,
• the public and media – to avoid rumours and maintain the power of interpretation.

External communication is often the focus of compliance violations, but dialogue with your team is just as important. Open, respectful communication helps to reduce uncertainty and strengthen a sense of community. It promotes a willingness to talk about mistakes and thus supports a continuous improvement process. It also helps to protect the company’s reputation in the eyes of potential new colleagues. Cultivating an open error culture is attractive to qualified employees.

The internal target groups are

• Employees – often directly affected by the consequences,
• Executives and management – require comprehensive information in order to take the necessary measures, manage communication and act as a role model in responding to the incident,
• Works council or staff representatives – important sparring partners for personnel issues
• Compliance and legal department – largely responsible for clarification, compliance with legal reporting channels and the development of preventive measures,
• Supervisory board or advisory board – often responsible for monitoring management, especially in the event of serious violations.

The right time to inform about compliance violations depends on the individual case. It is generally advisable to communicate internally as early as possible, ideally as soon as there is a suspicion and initial facts are being checked. Key individuals or groups in particular, such as managers, affected departments and employees with customer contact, should be involved at an early stage in order to prevent uncertainty and be able to react in a targeted manner.

External communication should take place as soon as the most important facts have been clarified and initial measures have been initiated. On the one hand, the law requires immediate notification to authorities or affected parties in certain cases. On the other hand, external stakeholders should only be informed once reliable information is available and a consistent message can be communicated. The sequence is also important here: key customers and particularly affected external partners should be approached individually and in advance before broad communication takes place via the media. It is always crucial to maintain a balance between transparency, legal requirements and the protection of the company’s interests.

Not only the information about the incident itself, but also the willingness to self-criticise and change are crucial for credibility. Companies that are open about mistakes, analyse the causes and consistently take measures to prevent them are perceived as having integrity. Communication should therefore always show what lessons have been learnt from the incident and how improvements are being implemented.

Open and result-orientated communication in compliance cases has an impact far beyond the individual incident. It strengthens the organisation’s resilience to crises, promotes innovation and a willingness to learn and ensures that the company is perceived as a reliable partner even in difficult times.

The right communication in the event of a compliance breach is not a burden, but an investment in the future of a company. It not only protects against legal and financial risks, but is also a basic prerequisite for trust, credibility and sustainable success. At a time when information is available more and more quickly and transparency is demanded from all sides, the way in which a company communicates determines its reputation. Those who take on this responsibility will benefit in the long term from a stable corporate culture and strong relationships with all stakeholders.