Experts and entrepreneurs alike probably agree that compliance has become a must. At the same time, it is clear that compliance is subject to constant change and that companies must constantly adapt their compliance management systems to the new requirements. For the future, it is therefore important to know what challenges lie ahead in terms of compliance and what trends can be expected.
The year 2017 already included two important core topics of compliance:
On the one hand, money laundering, which has become more concrete through the implementation of the 4th EU Money Laundering Directive. On the other hand, data protection with the associated challenges, especially for information security. The implementation of the EU General Data Protection Regulation (GDPR) took place in May 2018.
Apart from IT and data security, another focus is the introduction and implementation of business partner audits. "The extent to which the new ISO Standard 37001 can provide impetus in the prevention of corruption will be just as interesting to observe as the development of the relationship between corporate responsibility, sustainability and compliance in organisations. Ultimately, the measurability of compliance measures will continue to be important." 28
Future compliance must increasingly address the expectations of the company's stakeholders. "Customers increasingly want to be able to rely on a clean supply chain. Thus, the competitive relevance of compliance for companies is increasing," according to the authors of the study "The Future of Compliance 2017". When asked which stakeholders have the greatest interest in a functioning CMS, the customer was named most frequently with 62 percent.29
Against the backdrop of scarce resources - especially in medium-sized companies - the question of an individual, customised CMS continues to gain in importance. The differences in the respective compliance functions are due in particular to the industry to which the company is assigned. Many companies still orient themselves to IDW PS 980 (auditing standard). This is certainly justified, as it is recognised and also fulfils the most important requirements of an "effective compliance management system", as also required, for example, by case law. However, it must be taken into account that the structure of the IDW auditing standard - especially for companies that belong to a so-called "regulated industry" - must also integrate the requirements for specific regulatory requirements (e.g. Bafin requirements or GMP requirements for pharmaceutical companies).
In our experience, there are still very different views on the question of what compliance means for a company. Many managers still believe that compliance is limited to the fulfilment of regulatory requirements. In order to convey that compliance is much more and can make an important contribution to the corporate culture, we believe that more intensive information and awareness-raising is still needed in the companies. Against this background, we see the "promotion of the compliance culture" as one of the most prominent topics to be mentioned in the context of the future of compliance. Closely connected to this is also the communicative aspect, because building a compliance culture in the company requires intensive and targeted communication.
The fact that many companies also have other management systems in place - such as quality and/or environmental management systems - makes the consideration of integrating a CMS into existing management systems very important. This is all the more important because synergies can be created and costs saved.
28 Compliance trends in 2017, in: Compliance - Die Zeitschrift für Compliance-Verantwortliche, February 2017 issue
29 The Future of Compliance 2017 - Challenges and Trends in Compliance Management, in: https://www2.deloitte.com/de/de/pa- ges/audit/articles/future-of-compliance
About the author:
Eckart Achauer, studied law and business administration, postgraduate studies to become a Master of Business Administration (MBA). In-service training to become a European Quality Manager (DGQ), a mediator specialising in business mediation and a Certified Compliance Manager (TÜV).
Eckart Achauer worked for about 10 years in the international insurance industry in the management of a Swiss insurance group in various functions (claims department, sales, assistance) before switching to management and business consulting in 1997.
As a consultant and managing director of various consulting companies, Mr Achauer has specialised thematically in organisational and process optimisation as well as in the development and implementation of management systems - quality management, risk and compliance management.
For the HR Consult Group, Mr Achauer is responsible for the area of compliance management. Within the framework of compliance audits, he analyses their organisational "compliance fitness", he sensitises and trains the management, executives and employees and supports the companies in setting up and implementing individual compliance management systems. In doing so, he always takes into account the specific risk situation of the companies. Due to his many years of experience as a manager and consultant, he is very familiar with the entrepreneurial challenges from practice.