Experts and entrepreneurs alike are likely to agree that compliance has now become a must. At the same time, it is clear that compliance is subject to constant change and that companies must continuously adapt their compliance management systems to new requirements. For the future, it is therefore important to know what challenges lie ahead in terms of compliance and what trends can be expected.
The year 2017 already included two important core compliance topics:
On the one hand, money laundering, which has become more concrete with the implementation of the 4th EU Money Laundering Directive. On the other hand, data protection and the associated challenges, particularly for information security. The EU General Data Protection Regulation (GDPR) was implemented in May 2018.
Aside from IT and data security, another focus is the introduction and implementation of business partner audits. "The extent to which the new ISO 37001 standard can provide impetus in the prevention of corruption will be just as interesting to observe as the continued development of the relationship between corporate responsibility, sustainability and compliance in organizations. Ultimately, the measurability of compliance measures will continue to be important." 28
Future compliance must increasingly address the expectations of the company's stakeholders. "Customers increasingly want to be able to rely on a clean supply chain. This increases the competitive relevance of compliance for companies," say the authors of the study "The Future of Compliance 2017". When asked which stakeholders have the greatest interest in a functioning CMS, the customer was named most frequently at 62%.29
Against the backdrop of scarce resources - especially in medium-sized companies - the question of an individual, tailor-made CMS is becoming increasingly important. The differences in the respective compliance functions are due in particular to the sector to which the company belongs. Many companies are still guided by the IDW PS 980 (audit standard). This is certainly justified, as it is recognized and also meets the most important requirements for an "effective compliance management system", as required by case law, for example. However, it should be noted that the requirements of specific regulatory requirements (e.g. Bafin requirements or GMP requirements for pharmaceutical companies) must also be integrated into the structure of the IDW audit standard - especially for companies that belong to a so-called "regulated industry".
In our experience, there are still very different views on what compliance means for a company. For example, many managers still believe that compliance is limited to fulfilling regulatory requirements. In order to convey that compliance is much more than this and can make an important contribution to corporate culture, we believe that companies still need to be informed and sensitized more intensively. Against this backdrop, we consider the "promotion of compliance culture" to be one of the most prominent topics to be mentioned in the context of the future of compliance. The communicative aspect is also closely linked to this, as building a compliance culture in the company requires intensive and targeted communication.
The fact that many companies also have other management systems - such as quality and/or environmental management systems - makes the integration of a CMS into existing management systems an important consideration. All the more so as this can create synergies and save costs.
28 Compliance trends in 2017, in: Compliance - The magazine for compliance officers, February 2017 issue
29 The Future of Compliance 2017 - Challenges and trends in compliance management, in: https://www2.deloitte.com/de/de/pa- ges/audit/articles/future-of-compliance
About the author
Studied law and business administration, postgraduate Master of Business Administration (MBA). In-service training as European Quality Manager (DGQ), mediator specializing in business mediation and Certified Compliance Manager (TÜV).
Eckart Achauer worked for around 10 years in the international insurance industry in the management of a Swiss insurance group in various functions (claims department, sales, assistance) before switching to management and business consulting in 1997.
As a consultant and managing director of various consulting companies, Mr. Achauer has specialized in organizational and process optimization as well as in the development and implementation of management systems - quality management, risk and compliance management.
Mr. Achauer is responsible for compliance management at the HR Consult Group. As part of compliance audits, he analyses their organizational "compliance fitness", raises awareness and trains management, executives and employees and supports companies in setting up and implementing individual compliance management systems. In doing so, he always takes into account the specific risk situation of the company. Thanks to his many years of experience as a manager and consultant, he is very familiar with the business challenges faced in practice.
