Depending upon the person in which you’re having the conversation, the compliance definition can mean different things, but for most environmental, health and safety professionals, the compliance definition means “the act of being in accordance with established standards, guidelines, or legislation.
The term “compliance”, which is frequently used in business administration and law, originated in the US financial system, but is now used in practically all industries and economic sectors. It’s basically about companies and their employees complying with the rules. In the past, this primarily meant complying with laws.
Today, however, the concept of compliance has long been much more broadly defined: In addition to maintaining ity, the concept now also includes recognizing standards and guidelines customary in the industry. Even more important, however, is committing to its own set of values, with which a company imposes strict ethical rules on its internal and external conduct.
Firstly: Avoiding criminal proceedings
Secondly: Assumption of social responsibility
A compliance management system (CMS) is needed to implement and enforce compliance within the company. This system ensures compliance with all guidelines and enables rule violations to be quickly detected. The aim of this CMS is to implement and maintain a transparent, unambiguous, and clearly understandable compliance culture.
Due to the variety of topics and areas of interest that the concept of compliance can affect, however, developing a CMS is not an easy undertaking. Even medium-sized companies often lack the necessary know-how for a project like this. Depending on the industry, company size, and type as well as the organizational structure, there will be individual requirements for the implementation, so therefore there is no generally applicable procedure. Nevertheless, the following is a rough explanation of the most important steps.
Every CMS starts with company management committing to compliance and defining a term that is individually tailored to the company. This is the only way to ensure that all those responsible pull together and avoid misunderstandings about the nature and scope of the project. How serious the management team is about this commitment can already be seen from how much personnel capacity and budget they are prepared to spare. An effective compliance team should consist of experts from all departments of a company (e.g. personnel management, financial administration, department). Only in this way is it possible to identify and cover all conceivable areas of interest and risk in the company.
Additional external expertise can be obtained from lawyers, tax consultants, and management consultants. It is also ly necessary and advisable to involve the works council in all decision-making processes. For example, it needs to be decided whether existing employment contracts or operating agreements need to be changed. A realistic timetable and a clearly defined distribution of roles (including a competent team leader) can help to keep costs manageable and achieve a timely result.
The team’s main task is to carry out an analysis of the current situation. It could be that the company already has (at least rudimentary) compliance structures, in the form of “unwritten rules” that apply among employees. On the basis of this pre-evaluation, the target state is then defined: Which measures and mechanisms must be supplemented, modified, or completely recreated in order to do justice to the company’s compliance concept? It is worthwhile identifying the civil society interfaces that the company has to deal with in its day-to-day business.
It could even be worthwhile to hire a compliance solutions company, which could coordinate procedures and activities according to the current compliance regulations and requirements. These companies work together with employees and teach them how to insert compliance into the internal workplace culture and also come with these benefits:
And even more.
There are numerous compliance patterns on the internet, but there is no general requirement for the content and structure. Instead, it is recommended to adapt all rules exactly to the individual needs and circumstances in the enterprise.
One possible structure could be the following:
Once completed, the compliance guidelines must be openly communicated throughout the company. This is done by means of newsletters, publications on the intranet, and informational events. Regular training sessions must be held to sensitize all those involved in the company (including contractual partners and suppliers) to the new compliance culture. It is also essential for all employees to be bound by their employment contracts by means of appropriate supplementary clauses.
Many companies also decide to place a reduced version of their compliance on their website in the form of a “Code of Conduct” or “Mission Statement“. Being so transparent can strengthen the trust of customers and business partners and attract applicants in the context of employer branding. The most important thing, however, is that managers always set a good example and exemplify the compliance culture both internally and externally.
Although the main responsibility and full liability for compliance lies with the company management, this responsibility can be given to a single chief compliance officer, an entire compliance team, or a compliance solutions company can take over the work (as mentioned above).
These are then responsible for the following tasks, among others:
Such a complex task requires competent and assertive personnel, which is why particular care is required in recruiting. The compliance officer does not necessarily have to be at the highest management level, but should have a direct, consistent and the shortest possible communication connection in order to be able to work effectively. This is the only way to ensure that compliance efforts are fruitful in the end.