Out of sight

Mark Hazelwood, MD at Q3 Services warns of the dangers of overlooking compliance gaps in your workplace and why any oversights can increase the level of risk

Walk into any modern office or facility and it’s easy to assume things are all in order. The fire doors are clearly marked, the lift is operational, and the lights switch on when they should. On the surface, it all works. But that smooth running environment can mask the slow turning of a blind eye to compliance. Something no one notices until it becomes a serious problem.

The reality is that many businesses are unknowingly exposed to regulatory and compliance risks. It’s not due to active negligence, but rather a slow drift of responsibility and the mistaken belief that someone, somewhere, is on top of it. A fire safety inspection accidentally missed by a month. An insurance certificate expired without anyone realising. A water hygiene test that never made it into this year’s budget. On the surface these aren’t dramatic failures, but they are the sort that of thing that quietly accumulate until the oversight is no longer invisible – and no longer ignorable.

CHALLENGES OF STAYING COMPLIANT

The most striking part of hidden compliance risks is how deceptively normal and every day they appear. They don’t announce themselves. They live in folders no one checks and in processes that exist only on paper. Often, they’re buried in the assumption that “it’s probably fine”.

As one of the few functions with visibility across a business’ entire activity FM is essential in ensuring workplace safety and operational continuity. In practice, it’s FM’s who know whether the fire alarms have been tested, whether the gas checks were carried out, and whether the latest building works triggered the need for a reassessment.

Yet even within FM, things can be missed. This is particularly true in organisations where compliance is fragmented by being split between operations, HR and site managers. When departments work in silos it can be the case that no one is quite sure who owns what. That’s when risk creeps in. When the assumption that someone else has “probably sorted it” replaces confirmation and compliance.

THE COST OF NON-COMPLIANCE

The consequences of these lapses are not abstract. Regulatory bodies do not accept “we didn’t know” as a defence, nor do they distinguish between oversights and intentional non-compliance. Beyond enforcement action or fines, the implications for insurance validity, business continuity, and public reputation can be severe.

A 2024 survey of 2,000 UK businesses in sectors such as utilities, transport, and healthcare found that almost 70 per cent admitted they would likely fail an unannounced Health and Safety Executive (HSE) inspection due to poor asset management visibility, an indicator of just how widespread these hidden risks are.

Even more telling, 17 per cent of those surveyed had already faced enforcement action, and more than one in 10 reported being fined for non-compliance. These aren’t isolated incidents – they’re signals of a systemic issue. One where facilities oversight is often assumed to be under control but rarely examined closely enough to reveal where the gaps lie. And for businesses in regulated sectors, even the most minor of compliance breaches can be enough to trigger contract reviews or site shutdowns.

TAKING RESPONSIBILITY

When teams talk openly about compliance and share the responsibilities, risk diminishes. It becomes easier to catch issues early and to fix problems before they escalate.

Even with the right culture and intentions however, capacity is often the limiting factor, especially for organisations without a dedicated compliance or FM team. In these cases, the ability to tap into external expertise when needed – flexibly and without long-term contracts – can make a huge difference. On-demand support models are increasingly being used to plug these gaps, whether it’s bringing in qualified professionals for one-off compliance audits, routine inspections, or documentation reviews.

This kind of flexible resourcing has quietly become a lifeline for businesses looking to stay compliant without the burden of building in-house capability for every requirement. It gives organisations access to the right knowledge and people at the right moment, which is particularly useful when internal teams are a bit stretched.

More importantly, it shifts compliance from reactive firefighting to proactive assurance. Instead of waiting for something to go wrong, or scrambling after a failed inspection, businesses can identify issues early and correct them before they become liabilities.

The businesses that get this right tend to have one thing in common: they see compliance as part of doing business well, not just a regulatory necessity. It’s not a box to be ticked at year-end, but an ongoing measure of integrity and professionalism. Let’s be honest – FM isn’t just about keeping the lights on. It’s about ensuring the business can stand up to scrutiny, keeping people safe, and avoiding the potential fallout that comes from simply not knowing what’s been missed.

PROACTIVE COMPLIANCE MAKES BUSINESS SENSE

In the end, compliance failures rarely come from malice. They come from comfort. From assuming because nothing has gone wrong, everything must be right. But risk doesn’t always knock before it enters. And in today’s environment, it’s not what’s visible that poses the greatest threat, it’s what’s hidden in plain sight.