Compliance Management

What compliance means

The term compliance, which originates from North America, can be translated as adherence to the law or conformity to rules.

In terms of content, this refers to the duty of the entrepreneur to ensure that binding obligations are met within the company. These include legal norms (laws, directives and regulations from the EU, federal, state and local authorities) as well as official authorisations, requirements and permits. Binding obligations from insurance, rental and service contracts etc. can also play a role, as can customer-specific specifications and requirements from standards (product and system standards).

In total, a 6-digit number of requirements from a wide variety of sources can quickly add up, which the management must be aware of and have implemented in their own organisation with regard to their obligations to act.

The principle applies: ignorance is no defence against punishment

In concrete terms, this means that the management is liable in terms of organisational culpability with its private assets and in its own person if it does not systematically ensure compliance with the binding obligations.

Let's take a look at the German SME sector and the degree of implementation of this very topic, namely the extent to which the management / board of directors of a company systematically deals with the topic of compliance (or not): In our daily practice, we often find that companies do not have a legal and authorisation register, for example. An in-house lawyer is also rarely appointed and external law firms are only consulted very sporadically on compliance. At most, legal assistance is called for in the event of unpleasant situations.

Recognising negative behaviour and implementing appropriate internal sanctions within the company is often decisive (in terms of liability).

Prevention is the guiding principle in compliance.

We support you

And this is where we support your company! Our team of permanently employed lawyers will accompany you on the path to (legal) compliance.

We attach particular importance to taking a pragmatic approach on the one hand and exercising the necessary diligence on the other, without drifting into legal advice in the legal sense. This is because legal advice can only be provided by a practising lawyer or an in-house lawyer for the company for which he/she is appointed.

Legal and authorisation register

Our services start with the topic of the legal and authorisation register.

The focus is initially on the topics:

• environment
• energy
• occupational health and safety
• data protection
• information security
• sustainability

as the classic consulting fields of msa-b GmbH and DIE TOP BERATER. If required, we can expand the topics to be considered almost at will. The requirements for rail transport can be applied as well as, for example, medical law, the food sector and professional sport.

Implementation of (legal) compliance audits

Knowing the applicable binding obligations and being aware of the resulting duties to act is one thing. The other is to randomly check actual compliance.

The transfer of company obligations and responsibilities (resulting from the binding obligations) includes not only the assignment of measures, deadlines and responsibilities, but also the verification of whether the instructed tasks are actually implemented.

One tool for this are compliance audits, which we carry out systematically and recurrently as an independent and objective body and which are documented in detailed reports. We are also happy to support you as a team with the planning and follow-up.

Only when the compliance audits are completed with positive results can the noose around the management's neck with regard to personal liability be loosened.

Compliance management system (CMS) in accordance with ISO 37301:2021

Legal compliance and conformity with regulations must be ensured on an ongoing basis.
Stakeholders (advisory board, supervisory board, BaFin, shareholders, etc.) make further demands on the company's compliance, and not only in the case of larger corporations. Without a functioning management system that specifically and systematically recognises, evaluates and implements the compliance requirements, the hurdles to implementing compliance throughout the company can hardly be overcome.

Compliance is often understood as the totality of all operational measures that are intended to ensure the compliant behaviour of all employees. A functioning compliance management system in accordance with ISO 37301:2021 can prevent violations.

In case law, the Federal Court of Justice initiated a development some time ago that takes the installation of a functioning compliance management system into account when assessing fines (BGH 1 StR 265/16 - judgement of 9 May 2017).

The basics of ISO 37301:2021 become interesting here

ISO 37301 follows the so-called high-level structure and is therefore standardised in terms of nomenclature with standards such as ISO 9001, ISO 14001, etc. In other words, standards that are already traditionally used in companies. These are standards that are already traditionally used in companies. ‘Plan - Do - Check - Act’ is therefore also striking for compliance management.

Integration into existing management systems is easy to realise and since we have been implementing and maintaining integrated management systems as a service provider for almost 40 years, we are also a good partner in the area of compliance management systems in conjunction with our own legal department with a certified compliance officer/compliance manager. Compliance certification in accordance with ISO 37301:2021 is the final step on the road to (legal) compliance.