Compliance
What does compliance mean?
The term compliance comes from "to comply with" or in other words "to follow" or "to meet". In this sense, compliance generally stands for adhering to rules and laws. This specifically means that organisations and their employees adhere to applicable laws – for example competition law – as well as internal regulations regarding ethical standards (such as respectful conduct at the workplace). Using compliance management, companies can ensure that management and employees follow these rules.
What is a compliance management system?
A compliance management system (CMS) includes all aspects in a company which play a role in ensuring that rules and laws are adhered to.Structurally, a CMS is preceded by a risk analysis, which works out which legal guidelines are particularly relevant to the company.
Based on this analysis, guidelines and measures are formulated, e.g. compliance directives and training for employees. The criteria are regularly reviewed, optionally by means of external consultation, examination or internal revision, and, if necessary, modified.
Aspects of compliance management
A qualified compliance management system includes:
- Compliance officer with clearly defined tasks
- Involvement of stakeholders (stakeholder engagement)
- Compliance directives as a guideline for employees
- Regular, compulsory compliance training for employees
- A whistleblowing system, as is defined in ISO 37002, for example
- Improvements, monitoring and control
What have standards got to do with compliance?
Standards provide the basis for how a compliance management system is implemented in the company. The following standards are relevant in this field:
- ÖNORM ISO 37301 generally deals with compliance management systems.
- ISO 37001 deals with setting up an anti-corruption management system in particular. It is particularly important for companies with increased contact with government agencies and public authorities, as the corruption risk here is classified as particularly high.
- In addition, ISO 37002 should be taken into account for whistleblower management systems.
Helping to shape compliance
The topic of compliance is dealt with in Committee 265 "Governance and compliance" at Austrian Standards. The responsible committee manager is Joanna Gajdek.
Five good reasons for a compliance management system
-
1
Offer a framework: Clear compliance guidelines and instructions help to identify and tackle risks such as corruption or data misuse at an early stage.
-
2
Increase awareness of risks: Employees are made aware of and can play a role in preventing claims for damages and further legal consequences.
-
3
Boost efficiency: Time and resources are saved and sources of errors are reduced with standardised processes.
-
4
Strengthen reputation: Lawful, ethical behaviour promotes trust in the company and strengths the reputation.
-
5
Achieve reduced penalties: Documented compliance measures reduce the risk of fines in the event of breaches and reduce penalties in the event of sanctions.
Becoming certified – create trust
A certificate according to ISO 37301 and/or ISO 37001 is independent evidence of the effectiveness of your compliance management system.
Legal basis for compliance
The laws and regulations which are used as the legal basis for compliance depend on the compliance risks identified in the relevant organisation. These are often anti-corruption, competition law, data protection, cybersecurity, money laundering, exceeding working time and occupational health & safety.