Experts and entrepreneurs alike agree that compliance has become a must. At the same time, it is clear that compliance is subject to constant change and that companies must continuously adapt their compliance management systems to new requirements. It is therefore important to know what challenges lie ahead in terms of compliance and what trends can be expected in the future. 

The year 2017 already included two important core topics of compliance: 

On the one hand, money laundering, which has been addressed by the implementation of the 4th EU Money Laundering Directive. On the other hand, data protection and the associated challenges, particularly for information security. The EU General Data Protection Regulation (GDPR) came into force in May 2018. 

Apart from IT and data security, another focus is the introduction and implementation of business partner checks. "It will be interesting to see to what extent the new ISO 37001 standard can provide impetus for corruption prevention, as well as how the relationship between corporate responsibility, sustainability, and compliance in organizations continues to develop. Ultimately, the measurability of compliance measures will remain important."²⁸

Future compliance must respond more strongly to the expectations of the company's stakeholders. "Customers increasingly want to be able to rely on a clean supply chain. This means that compliance is becoming more important for companies in terms of competitiveness," according to the authors of the study "The Future of Compliance 2017." When asked which stakeholders have the greatest interest in a functioning CMS, customers were mentioned most frequently^, at 62 percent^. 

Against the backdrop of scarce resources—especially in medium-sized companies—the question of an individual, tailor-made CMS is becoming increasingly important. The differences in the respective compliance functions are primarily due to the industry to which the company belongs. Many companies continue to follow IDW PS 980 (auditing standard). This is certainly justified, as it is recognized and also meets the most important requirements for an "effective compliance management system," as required by case law, for example. However, it should be noted that the structure of the IDW auditing standard—especially for companies belonging to a so-called "regulated industry"—must also integrate the requirements of specific regulatory provisions (e.g., Bafin requirements or GMP requirements for pharmaceutical companies). 

In our experience, there are still very different views on what compliance means for a company. Many managers still believe that compliance is limited to meeting regulatory requirements. In our opinion, more intensive information and awareness-raising within companies is needed to convey that compliance is much more than that and can make an important contribution to corporate culture. Against this backdrop, we consider the "promotion of a compliance culture" to be one of the most important topics to be mentioned in the context of the future of compliance. Closely linked to this is the communicative aspect, because establishing a compliance culture in a company requires intensive and targeted communication. 

The fact that many companies also have other management systems in place—such as quality and/or environmental management systems—makes the idea of integrating a CMS into existing management systems particularly appealing. This is all the more so because it can create synergies and save costs. 

²⁸Compliance Trends in 2017, in: Compliance – The Journal for Compliance Officers, February 2017 issue 

²⁹ The Future of Compliance 2017 – Challenges and Trends in Compliance Management, in: https://www2.deloitte.com/de/de/pa-ges/audit/articles/future-of-compliance 

About the author

Eckart Achauer

Studied law and business administration, postgraduate studies leading to a Master of Business Administration (MBA). In-service training to become a European Quality Manager (DGQ), a mediator specializing in business mediation, and a Certified Compliance Manager (TÜV).

Eckart Achauer worked for around 10 years in the international insurance industry in various management positions at a Swiss insurance group (claims department, sales, assistance) before moving into management and management consulting in 1997.

As a consultant and managing director of various consulting firms, Mr. Achauer has specialized in organizational and process optimization as well as the development and implementation of management systems—quality management, risk and compliance management.

Mr. Achauer is responsible for compliance management at HR Consult Group. As part of compliance audits, he analyzes their organizational "compliance fitness," raises awareness and trains management, executives, and employees, and supports companies in setting up and implementing individual compliance management systems. In doing so, he always takes into account the specific risk situation of the companies. Thanks to his many years of experience as a manager and consultant, he is very familiar with the practical challenges of business.