EXPECTATIONS OF COMPLIANCE RISK MANAGEMENT – ANALYSIS OF RELEVANT GUIDANCE

With the increasing number of requirements for internal compliance programmes, governmental agencies and international organisations have published a range of guides on how these systems can or should be set up, such as ISO 19600 and 37001 on compliance and anti-bribery management, the US Department of Justice (DOJ) guide on the ‘Evaluation of Corporate Compliance Programs’, UK Bribery Act guidance, French anti-corruption agency guidelines or the Australian Standard AS 3806—2006 compliance programmes. The basis for such a system is its risk management, which covers the identification, evaluation and mitigation of risks.

Just as the setup of an adequate compliance risk management system is important, it is essential that the compliance system remains adequate and in line with developing risks. This text outlines the most relevant points for this purpose based on the most important and detailed guides and standards for compliance risk management. In any event, it is important to keep in mind that an adequate risk management system is highly dependent on the characteristics of the organisation itself.

Assuming the existence of a compliance management system, the foremost task of the risk management system is monitoring changes in the risk landscape. Following this, the compliance management system must be evaluated taking into account the changed risk, and mitigation measures of the system must be redeveloped and implemented. In sum, compliance risk management requires the following three steps to be taken to ensure that it is effective: (i) monitoring the risk landscape; (ii) evaluating the compliance system; and (iii) readjusting mitigation measures.

Apr-Jun 2020 Issue

Siemens AG

Join our free mailing list to read the full article