Compliance

The proper functioning of a company in legal transactions is not only about efficient management of employees and lucrative contracts. It is also about exercising due diligence in the context of applicable laws and common commercial practices and customs.

If you want to make sure that your company operates in accordance with current standards (formal and non-formal), consider implementing a service ensuring compliance procedures, otherwise known as compliance.

What is compliance?

Compliance is a broad concept which does not have a legal definition. It is assumed that it consists of a set of actions taken to ensure compliance with

  • hard law,
  • recommendations, pragmatics and policies of the company (so-called soft law).

The compliance service may be provided on an ad hoc basis (e.g. as a preliminary stage to implementing structural changes in the company). An increasing number of companies operating on a large scale also decide to create a separate compliance department or create a specially designed position for this purpose (so-called compliance officer).

The aim of the implemented procedures is to identify potential economic, legal or organisational risks and to develop a strategy for taking countermeasures. They also help in the ongoing monitoring of individual processes carried out in the company in terms of compliance with the adopted standards.

It is assumed that compliance procedures combine the following functions:

  • risk management,
  • control.

It is worth remembering that the organisation of compliance in each company will look slightly different. Therefore, it is worth choosing to work with an auditor who has extensive and practical experience in the application of legal regulations in many areas.

Knowledge of organisational management is also important, as this is the only way to effectively combine the identification of risks with the effective identification of solutions to problems

    The data provided in the form will be processed by the RPMS Law Firm based in Poznań only for the purpose of processing the application and in accordance with the rules contained in Privacy Policy

    Why implement compliance?

    Compliance is a long-term investment, which brings the greatest benefits only in the long term. It is often necessary to wait and test several solutions before adjusting compliance procedures to the company’s operating model. Why is it worth it?

    • Introducing control mechanisms

    Efficient compliance means a smooth flow of processes within the company. Internal control allows for early identification of compliance shortcomings and finding appropriate solutions. Although compliance can sometimes feel like a brake from a business perspective, it provides security for investment and company growth.

    • The ability to consciously manage operational risk

    By properly planning compliance procedures and keeping them up-to-date, operational risks can be managed. This gives the company a real opportunity to limit losses resulting from human error, gaps in IT infrastructure, as well as independent events (machine breakdown, digital attack).

    • Ensuring compliance with applicable regulations

    Compliance procedures make it possible to verify the compliance of individual business areas with the law. Compliance may concern both norms binding for all entrepreneurs (e.g. tax law) and sectoral regulations, which apply to a target group of recipients (e.g. companies from the IT sector or construction companies).

    • Decrease in the number of abuses and violations of regulations

    Companies that decide to implement compliance, very quickly begin to notice a reduction in the number of abuses committed by people in independent positions, responsible for managing the organisation. This is particularly important in companies with a complex structure or capital groups, where responsibility is often dispersed among hundreds of employees.

    • Improvement of financial results

    Properly implemented compliance is not only about supervision, but also about coordinating processes and keeping them at a uniform level and precisely dividing competences. If every employee in the company knows exactly his or her duties and responsibilities, the entire structure works more efficiently, and you can count on increased profits.

    • Increase of the company’s value

    It is worth remembering that the value of a company consists of many factors. These are not only machine parks and qualified specialists, but also compliance standards or ISO standards. If you know that your company is an efficient machine, you have a stronger negotiating position, and in pre-investment due diligence audits you can count on a higher score when assessing the value of your company!

    • You build trust in your brand

    By implementing compliance monitoring in your company, you reassure your contractors that they can trust you and entrust their money or enter into business contracts with you. It is a guarantee that the organisation is acting in accordance with applicable laws and ethical standards.

    On the other hand, compliance procedures mean increased security for employees, who feel confident in the company and are not afraid to report irregularities, because they know they can benefit from fair and objective procedures.

    Do you need to implement compliance procedures in your company?

    ntil recently, setting up a compliance department or conducting a compliance audit was voluntary and was rather associated with improving the company’s image and streamlining its operations.

    However, everything indicates that the new Act on Liability of Collective Entities for Criminal Offences drastically increases the importance of implementing a mechanism for compliance with legal standards, good practices and recommendations.

    The act introduces severe sanctions (including liquidation or dissolution of the entity, forfeiture of property to the State Treasury and a financial penalty of up to PLN 30 million!) if a collective entity commits a prohibited act.

    However, the trader may be exempted from liability if he demonstrates the exercise of due diligence:

    • in the selection of the decision-maker,
    • the management of the entity,
    • supervision over the conducted activity.

    The legislation does not define the concept of due diligence. However, it follows from the legislative justification and the general wording of the act (which imposes an obligation to establish a compliance department or employ a compliance officer and implement solutions for whistleblowers) that the possibility of exemption from liability will be determined by the proper implementation of compliance procedures.

    Thus, in practice, it turns out that compliance (although still not mandatory) will enable or facilitate avoidance of punishment in the event of commencement of proceedings under the Act on Liability of Collective Entities.

    The solutions apply to all companies that are collective entities as defined by the act (regardless of annual turnover!).\

    A company may demonstrate that it exercised due diligence if it

    • implemented risk management mechanisms.
    • has implemented procedures which make it possible to identify the person responsible for the breach.
    • has mechanisms in place to supervise the actions of those acting on behalf of the entity (e.g. employees, proxies) and those cooperating with it (e.g. independent specialists, suppliers, subcontractors).

    Do you want to make sure that your company has properly implemented compliance procedures and that they are up to date? Contact a law firm with many years of experience in optimising the functioning of organisations.

    Steps in the implementation of compliance

    The implementation of remedial procedures should take place in a planned and systematic manner. Only in this way can the majority of risks be anticipated and ready-made algorithms of action prepared for them. How to implement compliance in a company step by step?

    The Deming cycle, well-known to all managers, proves to be helpful.

    • Risk analysis

    The first stage consists in finding weak points in the way the company operates. The examination includes, among other things, the adopted business model, the industry environment and customer profiles in terms of the solutions used to date. The more gaps are identified at this stage, the better, as it is easier to prevent potential damage from occurring.

    Risk analysis aims to lay the foundation for further work and is often the most important stage of the entire compliance implementation, so it needs to be well planned. Once well established, the company’s profile will serve as a reference point in the future.

    It is worth noting that risk analysis looks slightly different in every industry. Marketing agencies or shipping companies are exposed to different risks.

    • Design of controls

    Compliance procedures can be more or less restrictive. The former are implemented in areas where operational risk is greatest. On the other hand, in areas where the potential damage will not have far-reaching consequences, more relaxed regulations can be implemented. This diversification of solutions makes the whole mechanism flexible, but at the same time maintains full effectiveness in the most important areas.

    All procedures created in the company should be in writing (e.g. in the form of board resolutions and their appendices) and easily accessible to the relevant persons so that their application does not pose a problem. What counts is not only a synthetic description of the procedure itself, but even the indication of a specific path of conduct and the competences of specific persons.

    In this way, behavioural algorithms are created which guarantee that a uniform level of action is maintained by all the units of the organisation.

    • Test of the designed system

    No control system will remain effective if the procedures created are not regularly tested. Depending on the company’s structure, a compliance audit may be carried out by an internal department or an external company. This service is also often provided by law firms.

    The frequency of the review of procedures should depend on the size of the business and its risks. The larger the company is and it is engaged in an industry prone to the appearance of irregularities, the more frequently the test of procedures should be carried out. It is assumed that a compliance audit should be conducted once every 1-2 years (in the case of risky activities) and once every 3-4 years (in the case of a standard risk profile).

    • Improvement of practices

    Each compliance audit should lead to improvements in the overall system. These may be completely new procedures or the improvement of already applied algorithms.

    Only in this way are you able to keep your solutions up to date and minimise your company’s business risks.

    Types of compliance management in an organisation

    Compliance procedures are an extremely broad concept, which is why different types of compliance are distinguished in practice. This makes it possible to better tailor the service to the client’s needs and save time without multiplying expenses at the same time. You will most often encounter compliance:

    • legal (e.g. compliance of the company’s policy with RODO, implementation of anti-money laundering procedures, anti-mobbing and whistleblowing procedures),
    • tax (e.g. tax interpretations, precautionary opinions, advance pricing agreements, reporting of tax schemes)
    • sectoral (serves to check compliance with regulations governing a given sector, e.g. pharmaceutical, IT, construction, medical)
    • external (consists in the implementation of a code of good practice, development of guidelines for cooperation with counterparties and public authorities).

    The right selection of the scope of the compliance implementation service guarantees that the changes in your company will be implemented as quickly and smoothly as possible!

    By taking care of up-to-date compliance management procedures, you not only build a vision of your brand as an aware and responsible contractor. It is also an investment which pays off in the form of fewer irregularities, effective resolution of potential problems and greater profits.

    If you are planning to implement compliance procedures in your organisation or want to improve your existing operating algorithms, enlist the help of experienced lawyers and gain a huge competitive advantage.

    Zaufali nam

    Zobacz wszystkie
    RPMS Law Office
    Staniszewski & Partners

    St. Polska 114
    Poznań 60-401