What is a compliance management solution

Compliance & Law

Compliance describes the requirement for companies to behave in accordance with the law and honesty. This means, on the one hand, the strict avoidance of legal violations and rules. On the other hand, compliance also aims to adhere to self-chosen guidelines and values ​​to which an organization is voluntarily committed and which are mostly derived from general ethical guidelines.

Business partners and the public may punish breaches of laws, ordinances and self-imposed codes and rules with a loss of reputation. Breach of the law is also often prosecuted.

Compliance is more than just abiding by the law

Values ​​such as reliability, continuity and trust in an organization can only exist if a company is clearly committed to compliance, the implementation of specific measures is successful and compliance with the rules is also ensured on a permanent basis. Lived compliance culture is therefore a central prerequisite for sustainable success.

Requirements for a successful implementation

In addition to a clear, company-related definition of compliance and the clear commitment of the management, a company must first create a comprehensive risk analysis.

The first thing to do is to systematically identify and record compliance fields of action. This includes recognizing possible risks, such as corruption, antitrust violations and, above all, the complex processes and requirements for protecting data and internal information.

In a next step, relevant laws must be identified, such as the legally regulated retention periods for commercial and tax documents. In this area in particular, there are already a large number of software systems that support compliance.


The risks in companies depend on their size, the sales market and the organizational structure. Some industries, such as public administrations, food and pharmaceutical production or hospitals, are also subject to separate regulations for the archiving of documents. The most important risk areas include

  • Commercial and tax law,

  • Employment Law,

  • Corporate law,

  • IT law,

  • Public law,

  • Antitrust and competition law as well

  • P law (industrial property rights and copyright).

Other fields of action usually result from the individual guidelines and standards that a company voluntarily imposes on itself.

A compliance management system can provide support

Companies should find their individual, golden mean between excessive control and laissez-faire. A compliance management system (CMS) can support this, which has positive effects on all business processes and should still be within a reasonable cost-benefit framework.

In practice, there are often internal control systems that are usually an interplay of organizational security measures, controls and audits. A modern compliance management system integrates existing control systems and supplements them with other important fields of action. The compliance management standard ISO 19600, published in 2014, offers good guidelines for companies and organizations, the recommendations of which are scalable regardless of the size of the company.

Successful implementation of a CMS

By identifying the risk areas, already existing control systems are brought together, at the same time the theoretical basic work must be transferred to a pragmatic and efficient regular operation. Depending on the size of the company, a compliance team is set up or a compliance officer is appointed to deal with the organization of the necessary processes. In the course of this, precise resource planning should also be carried out and responsibilities and authorities should be clarified.

A major challenge for companies is undoubtedly the organization and establishment of mechanisms for the control and documentation of rule violations. After all, it is here that legal regulations have to be converted into specific tasks. They usually include a code of conduct, process descriptions and instructions and should be designed specifically with regard to individual compliance risks.

In practice, compliance officers work closely with colleagues from quality management. In addition, it should be determined in advance how compliance violations will be dealt with internally and what consequences or sanctions will result from them.
It is undisputed that serious rule and law violations can have far-reaching economic consequences. In the event of compliance violations, there is often a risk of loss of insurance cover; in the absence of a CMS, liability claims against the management can arise in some cases.

The communication of compliance requirements within the company is also important. Not every rule violation is intentional, that is, clarification, training and education measures for employees are often indispensable in order to establish a compliance culture in the company. However, communication is also necessary in the opposite direction: regular reports to the management or to the management board and the supervisory board must be planned.

Monitoring and regular analysis of the CMS

A compliance management system will never be completed. Rather, it is a process that requires constant observation and adjustment. Our fast-paced business world requires continuous and regular monitoring and analysis:

  • Have new risk areas emerged in the meantime?

  • Have there been any changes in the law or other new circumstances in the company's environment?

  • Has anything changed in the internal guidelines?

Just because of new, legally binding requirements and regulations, CMS rules have to be adapted and updated again and again. Monitoring and internal audits help to stay on the ball. In the event of rule violations, there are defined reactions, such as documentation, corrective measures and action, which are intended to prevent another incident in the future.