Seven steps to compliance for your company

Expertentipp Compliance

Find out how to make your company complaint in just seven steps.

A few years ago, when a former Siemens boss was ordered in court to pay €15 million in compensation because it was found that he had failed to ensure a working compliance management system (CMS), it became very clear, even to the most unsuspecting among us, that compliance was not just a 'nice-to-have' matter.

That's because simply adhering to rules, laws and regulations to the best of your knowledge and belief is no longer enough now that companies are confronted with new, more drastic criminal offences and growing risks due to the a globalised and digitised economy. The vast maze of regulations is making it increasingly difficult to keep a clear overview, not to mention generate and store the most important documents. Compliance has become a complex matter that goes way beyond simple law abidance. Customers too are increasingly watching out for fair products and sustainable business so that compliance with a voluntary codex offers an edge over competitors. Software tools can help to meet with these very complex requirements. Nicole Kemper, expert at Bundesdruckerei GmbH, explains how to set up a sound solution.

Step 1: Make a firm decision to introduce compliance

What's important is to make staff aware of compliance requirements so that they can be reliably implemented in day-to-day business. This signal needs to come from the top because it is the top managers who decide to introduce the CMS and who act accordingly. They are role models, they set an example and in doing so create acceptance for the compliance management system.

Step 2: Define a set of values for your company

Values and principles of conduct are the foundation for a functioning CMS. These values and principles clearly specify what is and what is not acceptable. That's why a code of conduct and a code of ethics should be defined and communicated.

Step 3: Identify and put a name to risks

No two companies are the same and risks differ from one industry to the next. This means that risks must be identified and evaluated, measures that are already in place must be recorded in order to gear the CMS precisely to this situation. The spectrum is huge: data protection, anti-corruption, breach of trust, financial loss, anti-trust law, money laundering, product liability, anti-discrimination, protection of intellectual property. Industrial standards and the company's own internal rules must also be considered. The intuitive-to-use compliance risk analysis tool developed by Bundesdruckerei can help to identify and capture all risks. The resultant degree of maturity identified is automatically generated as a report ready for presentation. This also includes a clearly arranged risk map, something that no other solution can offer.

Step 4: Use a strong compliance risk analysis tool

An effective compliance risk analysis tool supports the identification, presentation, documentation and control of compliance risks as well as risk-minimising measures. Bundesdruckerei's tool has been developed on the basis of practical experience for practical application: Bundesdruckerei's experts are familiar with all of the risks possible and in all of their facets, they know the measures that need to be triggered, and all of this knowledge is already stored in the software. The tool provides specific proposals for measures and the user names the priorities. The software maps all of the activities and processes carried out at the company so that staff are aware of compliance with rules and a code of conduct and can act according to them. This is the only way a company can prevent rules from being broken and damage to its reputation.

Step 5: Analyse the as-is situation at your company

During the first consultancy meeting, the analysis tool identifies existing risks. Although most companies will know something about compliance, because they – either knowingly or unknowingly – work compliantly, it does make sense to first find out just how "compliant" your company is in a maturity analysis. This analysis will show you what needs to be done in order to set up a CMS tailored to your needs. The tool also helps to quickly achieve an auditable status for your organisation.

Step 6: Implement measures and train your staff

In most cases, organisational rather than technical measures are taken in order to ensure compliance with rules. This point is about designing a confidential communication channel for information regarding internal violations, defining responsibilities and assigning signatory powers. Finally, it is important that all employees, executives and external parties are informed about changes in the organisation. Ideally, this is carried out in training sessions that are regularly repeated and updated.

Step 7: Check success and ensure quality

The aim of any CMS is to ensure that breaches of defined obligations are avoided and that any violations can be quickly detected. This means monitoring, measuring and analysing. The organisation should undergo regular auditing in order to identify whether or not risks have been minimised with the CMS. This can be carried out in a new compliance risk analysis.

This may all sound very expensive, but that is not the case. This software, which the customer adapts individually, does not constitute a huge investment for SMEs. It quickly shows what works well and not so well in an organisation, paving the way for a sound CMS. By the way, Bundesdruckerei itself has been using this tool for years.

Digital work

How to replace your handwritten signature in just four steps

Digital work

Outstanding security with a smartcard and biometrics

Talking to Jörg Neubert, we hear about how the card is used, the benefits it offers and about the data protection and security level that can be achieved.

Digitale Transformation

Expert tip: How to master the digital transformation

In six short video clips, we will show you how Bundesdruckerei successfully mastered its own digitisation.