When Corporate Policies Can Backfire

Businesses and organizations rely on internal and external policies and procedures to document the way they do certain things. But if not written carefully, they can actually add risk.

Many of these are compliance based. In other words, they set out how in practice the business will deal with various legal obligations. Depending on the nature and size of the business, they could deal with things like privacy, anti-spam, workplace safety, money laundering, and the list goes on.

Having these policies can help reduce legal risk, and help ensure that employees do the right thing.

Sometimes businesses create policies and procedures that impose obligations on themselves more onerous than needed to comply with the law. There are a number of reasons for doing that. Perhaps the business feels a moral obligation to do better on the environment, for example. Or perhaps there is a strong corporate culture around customer service that goes far beyond consumer protection laws.

But perhaps the business does not really understand the laws in the area and the actual obligations they impose.

No matter what the reason, the risk is that by creating a more onerous policy / procedure than necessary, the business can increase its legal obligations. Sort of like writing its own more onerous laws.

That increased obligation may become the standard or promise to which the business is judged by customers, by regulators, and by courts.

That’s fine if it is a conscious decision, but not if it is an unintended consequence of misunderstanding the laws they must comply with.

Comments

  1. In my experience, there’s a third reason which is even more common.

    A business operating in multiple jurisdictions will write corporate-wide policies that comply with the most onerous laws that they have to follow. They’ve determined that its simpler to write a single policy which in some places exceeds legal requirements but its simpler to have a single policy than ten or more policies. And they’re more likely to comply with a single, simple policy than if they have to constantly remember which of a number of policies applies.

Leave a Reply

(Your email address will not be published or distributed)