SW1_35 Compliance Management System PDF

I. Introduction I. Introduction I. introduction...

I. Introduction I. Introduction I. introduction I. introduction Compliance – you can't do without it anymore Definition compliance Following the rules or regulations that apply to a company or Laws are increasing: New regulations keep coming organization ▪ Legislative activity is constantly increasing (e.g. up ▪ So far no legal definition corporate criminal law, whistleblowing legislation,Authorities are becoming stricter and conducting supply chain regulations, etc.) more checks and failing to ▪ Compliance in the strict sense= conformity to the rules ▪ comply can lead to fines, Increased investigative activity by the authorities lawsuits, or reputation ▪ Increased risks damage ▪ Compliance iw S.= Compliance Management System (CMS), which now ▪ Without compliance possible exclusion from the goes far beyond the responsibility for one's own company supply chain meaning they could be excluded from working with other businesses (like ensuring ethical practices with partners or suppliers ▪ Relevance for companies of all sizes goes out! - In short, compliance is about adhering to rules and promoting a culture of ethical behavior, which is a key responsibility of leadership 5 6 I. Introduction: main purposes of a CMS I. Introduction: Despite... risk minimization Reduce the chances of employees reduction of risks, that employees & “business or business partners violating laws associates” transgressions commit. or rules...constant flow from bad news Despite efforts to enforce compliance, scandals transparency increase the probability, that, if something goes Ensure management is informed and unethical practices continue to emerge in businesses worldwide, which harm public trust wrong, the management gets informed when something goes wrong and reputations reaction...always higher fines and prison sentences increase the probability, that the organization(alleged / Governments are responding to compliance failures by imposing Increase the likelihood that the company real) treats transgressions responsible. responsibly handles issues stricter penalties, both financial and legal securing and maintenance of an ethical integrity management and the reputation as responsible...nearly unchanged TI corruption perception index "Transparency International Corruption Perception Index" meaning corruption company Maintain ethical management practices and build a reputation as a responsible remains a major problem in many regions and industries company damage reduction reduction the sanctions through authorities/courts...many (expensive) efforts many things to do Lower penalties or sanctions from authorities and courts Companies are investing significant resources (time, money, and manpower) into compliance programs This purposes should be reached through ongoing judgement and reduction the legal, ethical and further compliance risks of the company (→ work in progress) It's a proactive approach—companies must work continuously to identify and address vulnerabilities to avoid violations through implementation and maintenance of a culture, that appreciates ethical decision Note: The need for action is and remains gigantic! making as well as a non-retaliatory reporting of Compliance “concerns”. 7 8 Employees and managers should feel encouraged to report compliance concerns (e.g., unethical behavior or violations) without fear of retaliation I. Introduction I. Introduction: initial position Risk-Landscape sanctions / Solution External consequences increasing Further risks of insufficient compliance regulation Fines A CMS helps companies proactively more intense official address risks, avoid sanctions, and foster a cooperation Skimming responsible, ethical work environment ▪ higher pursuit-intensity of authorities Regulatory authorities are becoming more aggressive in pursuing more efficient proceedings Damages non-compliance cases harder sanctions Reputation loss COMPLIANCE ▪ stronger pursuit interest leniency incentives MANAGEMENT Blacklisting ▪ authorities have upgraded(e.g. top lawyers in the Federal Cartel whistleblower (“Whistleblower”)- Prison sentences SYSTEM incentives Office) Non-compliance can severely harm a company’s reputation, leading to loss of trust from “bad News spread itself always Extraditions ▪ reputational damage customers, partners, and stakeholders more quickly" → digitalization / IT Security Loss Job Based of A poor compliance track record makes the company less appealing to ▪ less attractive employer potential employees who value ethical workplaces Ban Corporat ▪ no partner for private equity Investors and private equity firms often avoid Internal...But e companies with compliance risks, as they could Culture, values, guide also: ▪ exclusion from public orders lose money or face reputational harm by association pressure to perform Higher fluctuation culture Companies with compliance violations may be barred from economic position values missing cconsciousness/unfamiliarity Reduced productivity participating in government or public sector contracts good guidence with others cultures Consultant costs fluctuations Share price reduction Lack of willingness to implement Note: necessary requirements: values + focus + enforcement 12 13 I. Introduction: starting point II. Legal basis + best practice: Compliance: Compliance as a legal duty Sensible planning of a CMS The Board of directors is responsible (Compliance is leadership task!): OR Art. 716 a Evaluate existing documents and processes related to Liability for violations of the law compliance to understand the starting point from subordinate persons Review interactions with other systems like internal controls to identify overlaps and gaps because of Art. 716a OR, if compliance tasks are not Conduct a thorough analysis to identify key compliance risks the organization faces fulfiled: Define clear compliance objectives in collaboration at missing, insufficient or with top management to ensure alignment unsuitable compliance efforts insufficient implementation of tailored to the company's needs the compliance and lack Create or revise the Code of Conduct to establish control clear ethical and compliance expectations for lack of enforcement at employees Create or revise the Code of Conduct to establish violations against compliance clear ethical and compliance expectations for system employees Inform and educate employees about compliance measures and their responsibilities CCO provides regular updates and advice to top management to maintain focus on compliance CCO ensures the supervisory board is kept informed and guided on compliance matters OR Art. 717 The plan emphasizes clear steps like assessment, risk analysis, policy development, and employee engagement, 14 16 II. Legal basis + best practice:Compliance: Compliance as II. Legal basis + best practice: Principles of Liability a legal duty The Board of directors is responsible (Compliance is leadership task!): Civil law: OR (The Code of Obligations) Art. 716 a OR Art. 55 please refer also OR Art. 722 and OR kind 754: personal liability to the Liability for violations of the law company for damage from subordinate persons through the breach of because of Art. 716a OR, if duty (also through compliance tasks are not omission) fulfiled: at missing, insufficient or unsuitable compliance efforts insufficient implementation of the compliance and lack Criminal: control lack of enforcement at StGB Art. 102 violations against compliance system Ensuring the company operates in accordance with laws, statutes, regulations, and instructions. Overseeing management and ensuring lawful and ethical conduct OR Art. 717 Board members and management must carry out their responsibilities with due diligence and in the best interests of the company ("in good faith"). 17 II. Legal basis + best practice: Principles of Liability II. Legal basis + best practice: integrity: Also not really a new concept Civil law: ZGB Art. 2 (Swiss Civil Code) OR Art. 55 please refer also OR Art. 722 and OR kind 754: personal liability to the company for damage through the breach of duty (also through omission) Criminal: StGB Art. 102 If a crime (felony or misdemeanor) occurs in a company’s operations and cannot be Under Civil Law: attributed to a specific individual, the company as a whole can be held liable - Employers must prove they took all necessary precautions to avoid liability for damages caused by employees. − Despite it: until 1990s years ruled in many places a "everything whatis - Negligence or failure to act can lead to personal liability not forbidden, is permitted”-approach [unfortunately also partly still so Under Criminal Law: today] - Companies can be penalized if they don’t have sufficient organizational measures to prevent criminal acts. Liability applies if the company failed to implement proper organizational measures to prevent such crimes Note: introduction of a CMS is not one question of "If",rather of "How, Who, What, When, …» Implementing a CMS is a necessity, not an option 20 II. Legal Framework + Best Practice II. Legal Framework + Best Practice Soft law refers to guidelines, codes of conduct, and other non-legally binding standards Specifications by "soft law" and (non-binding) standards (national) Specifications by "soft law" and (non-binding) standards (national) - It is an international standard that provides guidelines for establishing, developing, and maintaining an effective Compliance Management System (CMS) - It represents a "soft law" approach: These are non-binding standards that set global best practices for compliance - It helps organizations align with national and international compliance expectations, reducing risks of legal or regulatory violations - But ISO 37301 is not legally binding The Compliance House provides a clear, structured approach for building an effective compliance system, emphasizing leadership commitment, strong structures and processes, and mechanisms for accountability and improvement commitment and responsibility of the board of directors Leadership sets the tone for compliance ISO-37301: Compliance Management Systems Involves monitoring, auditing, and continuously improving the compliance system Defines the organizational Focuses on the structures required procedures for for compliance. implementing compliance "This document specifies requirements and provides guidelines for establishing, developing, implementing, evaluating, maintaining and motivations for compliance and consequences for measures. improving an effective compliance management system within an organization.All requirements specified in this document that refer to a violations governing body apply to top management in cases where an organization does not have a governing body as a separate function" https://www.economiesuisse.ch/sites/default/files/p ublications/compliance_e_web.pdf 22 23 II. Legal basis + best practice II. Legal basis + Best Practice Legal requirements - international Best practice – empirical values from practice ▪ United States: FCPA (1977) Focuses on preventing bribery of foreign officials and ensuring accurate accounting records ▪ Legal areas with the highest risk are to be identified in a company-specific risk profile Covers both domestic and international bribery ▪ These areas of law (e.g. anti-corruption or anti-trust law) must then be further ▪ GB: UK briberyAct (01.07.2011) Holds companies liable not only for committing bribery but also for failing to prevent it examined for legal developments and case law in a sector-specific manner ▪ France: Loi Sapin II (09.12.2016) ▪ International assessments are difficult due to a lack of legal expertise, hence the shift Aims to combat corruption through mandatory compliance programs for ▪... large companies to national companies ▪ Laws are to be translated into understandable internal guidelines and the like, and to be communicated and trained in detail problem of extraterritorial reach of foreign norms, ▪ The above points must be sufficiently documented so that they can be used as a Applicability to Swiss companies defense in the event of a trial These laws often apply beyond the borders of their home countries Companies should create a risk profile to identify areas of law that pose the highest risk to their operations. - The FCPA can affect non-U.S. companies if they conduct business with U.S. High-risk areas need ongoing analysis to stay updated on legal changes and case law. companies or use U.S. financial systems. Global operations make legal assessments harder due to differing laws and a lack of local expertise. - The UK Bribery Act applies to any company conducting business in the UK, regardless Legal obligations must be turned into clear, actionable internal policies. of its origin. All compliance efforts (e.g., risk assessments, training, policy updates) must be well-documented. - Swiss companies operating globally may be subject to these foreign laws even if the alleged violation occurs outside the respective country - This creates an added layer of compliance complexity, as they must navigate not only 27 28 Swiss laws but also international regulations II. Legal basis + Best Practice III. The Compliance Officer Discussion Key role of the Compliance Officer ▪ What are your thoughts on the topic? ▪ So far no uniform designation ▪ What do they see as problematic? ▪ How international is the topic ▪ "Chief Compliance Officer“ = ▪ Further thoughts? leader in upper management as central head of the compliance function The topic of compliance is critical for modern organizations as regulations and enforcement have become stricter globally ▪ "Compliance Officer or similar designation“ = However, challenges include the extraterritorial reach of laws like the FCPA and UK Bribery Act and the complexity of navigating multi- jurisdictional regulations All other employees with compliance tasks Compliance is inherently international, as global trade and cross-border operations expose companies to diverse legal frameworks. Extraterritorial laws and international standards like ISO 37301 highlight the need for universal compliance practices Compliance is not just a legal obligation but also a leadership responsibility (Art. 716a OR) 29 31 III. The Compliance Officer III. The Compliance Officer III. The Compliance Officer III. The Compliance Officer Delegation + assignment of the compliance function Delegation + assignment of the compliance function ▪ Assignment of the compliance function ▪ Delegation - Scope and Limits ▪ Reporting line directly to the board/management ▪ Core area of management responsibility always with company management ▪ Separation of operational units of the company ▪ Delegation of preparatory/executive measures permitted, ▪ Differentiation from / cooperation with other functions provided compliance with diligence in selection, diligence in instruction and diligence (risk management, auditing, legal department) in monitoring ▪ scope of tasks compliance unclear, ▪ If the compliance task is not (effectively) delegated, Necessity of "interface management" remains with company‘s top management ▪ Strict separation between monitor and monitored necessary ▪ Exact scope/characteristics of delegated duties? The compliance function must report directly to management or the board and remain separate from operational units to ▪ Ineffective delegation due to lack of organization due to insufficient resources? ensure independence The responsibility for compliance always lies with top management, but specific tasks can be delegated if there’s proper diligence in It should work cooperatively yet distinctly from other functions like risk management, auditing, and legal selecting, instructing, and monitoring those handling the tasks. Clear task definitions and proper "interface management" are necessary to prevent overlap or gaps If delegation isn’t effective or clear, the responsibility reverts to management. A strict separation between those monitoring and those being monitored is essential to maintain objectivity and effectiveness. Poor delegation, due to lack of organization or resources, increases compliance risks. 32 33 Proper oversight and clear roles are crucial III. The Compliance Officer III. The Compliance Officer III. The Compliance Officer III. The Compliance Officer Tasks, rights + liability risks for compliance officers Tasks, rights + liability risks for compliance officers ▪ Rights (1/2): ▪ Rights (2/2): ▪ No legal rights ▪ Therefore to be contractually agreed: ▪ intervention and veto rights, (disputed) whether also to supervisory ▪ Therefore to be contractually agreed: body ▪ right to reasonable personnel and equipment ▪ Protection rights for the compliance officer - suggestions ▪ right for effective function perception − Extraordinary termination only − Information rights − D & O insurance plus, if applicable, separate pecuniary loss liability − rights of access − Participation rights − Access rights + access rights 34 35 III. The Compliance Officer III. The Compliance Officer requirement profile Legal Expertise Expertise Expertise Expertise Integrity expertise in concept in in sector on and and processes products reliability planning von CMS 36

SW1_35 Compliance Management System PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue