Utopian yesterday, a must today!
Violetta Weber, Senior Business Consulting at The Quality Group GmbH
Published in: DiALOG - THE MAGAZINE FOR ENTERPRISE INFORMATION MANAGEMENT | 2020
Although German companies have never been as well positioned in terms of compliance as they are today, last year German companies had the most compliance cases compared to other countries. According to the international ‘Whistleblowing Report 2019’, German companies were the most likely to experience compliance problems (43%), followed by British companies (40%), French companies (38%) and Swiss companies (35%). Compliance is not difficult at all: don't just strive for compliance, strive for compliance excellence!
Theory is a must In general terms, compliance means adherence to rules. Compliance describes the adherence to rules by companies that undertake to comply with laws, guidelines and voluntary codes, e.g. codes of conduct. In practice, however, simply setting up and establishing rules does not necessarily mean that they are actually adhered to and followed. Rather, it is necessary for a corresponding culture of values to be established and practised within the company. This culture is made up of various elements, consisting of organisation, objectives, communication, monitoring, improvement, risk analysis and programme.
Employee-friendly and recipient-orientated
Always bear in mind who your target audience is when it comes to compliance and organise compliance topics accordingly in an employee-friendly and recipient-oriented manner. Time is a precious commodity these days, and every employee has (too) little of it. So instead of writing a 30-page guideline in prose, it may be a good idea to write a one- to two-page, clearly designed brief overview. On the one hand, this increases the likelihood that the document will be noticed at all, and on the other hand, you increase the acceptance of a moderately popular topic. It is also worth giving some thought to the question of ‘how’ the topic is communicated. It may be possible to simplify complex content or explain it in small ‘chunks’. It should also be borne in mind that not every employee needs the same or even all of the information. It can be enormously helpful for acceptance if the information is ‘filtered’ for the different addressees, i.e. while the employee in Purchasing, for example, receives information on behaviour regarding invitations, gifts or dealing with competitors, the employee from HR is more likely to be informed on the subject of data protection.
Teamwork
If you work in a company where there is a compliance officer, his or her role should not be understood to mean that all compliance issues should or even must be dealt with by this employee. Compliance is not a matter for a few ‘selected’ employees within a company. Rather, compliance is a matter that concerns every individual. Responsibility for compliance lies with the operational areas. The compliance officer should ‘only’ provide the necessary technical support.
‘Compliance is not difficult at all. Don't just strive for compliance, strive for compliance excellence.’
GMV is your compliance guaranteeGMV stands for common sense. Despite all the fuss surrounding the topic of compliance, it is important to approach the project with common sense. Not everything that can be regulated must be regulated. Every company should take its individual characteristics into account. Each measure can also be examined more closely from the perspective of what is known as proportionality. What makes sense for one company may be of little or no benefit to another. As a guide, the greater the likelihood of imminent (serious) damage, the more urgent the need for action. Or to put it another way: don't shoot sparrows with cannons.
Sharing is caring
‘Sharing is caring’ or in other words: there's no need to reinvent the wheel. Share your knowledge or the knowledge of your employees. Make sure that (good) ideas and approaches to your compliance work are shared/disseminated/published. Everyone can benefit from this. Be it because issues are repeated or because complex topics are put up for discussion. This not only saves time that may have been invested twice or three times, but also increases the efficiency of the resources used.
Communication
Compliance is communication. In other words, effective compliance is not possible without communication. In this context, communication means not only the exchange of information, but also the communication of defined internal rules and guidelines. Compliance activities can only be effective if they are communicated to employees. Anything that increases the level of awareness of compliance is permitted. Furthermore, it is more effective in the long term if rules or obligations can be understood. Ideally, a compliance campaign should be designed in such a way that employees identify with the behavioural guidelines that have been introduced.
Transparency & documentation
In principle, compliance violations should remain hidden, but conversely it follows that processes lose their explosiveness if they are made transparent and documented. Document enquiries, processes and indications of compliance-relevant behaviour and the results of the investigation. The information obtained can subsequently provide a solid basis for analyses and reports to the management or serve as an information platform for other employees. In addition, proper documentation makes it possible to keep statistics on issues and other concerns. Proper and thorough documentation can be of enormous importance, especially in the event of a liability claim. The better processes and procedures are documented, the easier it is to exculpate oneself, i.e. to exonerate oneself from accusations. This in turn has an impact on the scope of liability. The principle applies that the burden of proof lies with the party asserting claims of any kind. However, there are exceptions to this, resulting in the so-called reversal of the burden of proof. This means that the other party now bears the burden of proof for something and no longer the party making the claim. If the other party fails to provide evidence, they are liable. In such a case, careful documentation can be the ‘exonerating’ evidence.
‘Despite all the fuss surrounding the topic of compliance, it is important to approach the project with common sense.’
Living and (further) developing compliance
Compliance is alive. This is how the topic must also be treated within a company - it must evolve and be constantly developed. In this context, it is particularly important that managers act as moral role models and ‘company improvers’ and exemplify their (positive) attitude towards compliance in everyday life. Experience has shown that the popularity of compliance increases over the years in line with corporate values that are put into practice.
Compliance & CMS
Whether a compliance management system (CMS) is also required for the implementation of compliance is a question that each company can answer and decide for itself. In the age of digitalisation, fast pace and interconnectedness, a digital solution is the obvious choice, if not the only adequate option. In practice, standards for CMS such as IDW PS 980 or ISO 19600 are helpful as a guide. Ultimately, it is important to establish a system that suits the company, i.e. to take into account the specific corporate culture, the industry and the size of the company, etc. when choosing a CMS.
Even though there is no corporate criminal law in Germany, financial sanctions can be imposed on the company concerned in the context of the so-called association fine (Section 30 of the German Administrative Offences Act (Ordnungswidrigkeitengesetz - OWiG)) in the event of criminal offences committed by company executives. More than two years ago, the Federal Court of Justice announced in a judgement (judgement of 09.05.2017 - 1 StR 265/16) that an existing CMS should be taken into account to reduce fines when committing compliance violations. This is therefore just another argument in favour of a CMS.
Compliance excellence - because good is the enemy of excellent
Within an organisation and a company, it is essential that defined processes are adhered to. They must be up-to-date, accessible and understandable for employees. As a company manager, you have three key duties:
- duty of legality
- duty of diligent corporate governance
- general duty of supervision.
Compliance Excellence supports all managers, compliance officers and employees in the definition, execution, documentation and follow-up of compliance-relevant processes such as
- Management processes
- Incident management
- contract management
- policy management
- Due diligence Personnel selection
- Incentive and sanction mechanisms
- Sourcing processes (supplier selection)
- Recruiting processes
- Invoicing processes
- Compliance with data protection processes.
The outstanding feature of Compliance Excellence is the elegant combination of structured data, documents, business processes and reporting in one product - the perfect symbiosis of systematised information in digital files. All of this is complemented by integrated resubmission, deadline and training management as well as helpful analysis and reporting functions.
Employees in the areas of legal, purchasing, sales, finance, HR etc. are supported in their tasks through the use of rule-compliant business processes in accordance with the latest BPMN 2.0 standards and the provision of up-to-date compliance knowledge and follow the instructions of internally defined reporting mechanisms. Internationally active groups in particular benefit from this, as it enables the effective integration and control of employees in subsidiaries at home and abroad.