Home
Global
Contact
by Wojciech Paryś
10 September 2019
A compliance management system (CMS) or some parts of it are already in place in many Polish companies and more are considering the introduction or extension of the system. The recently published Compliance in Poland report, compiled by Compliance Institute together with Europa-Universität Viadrina, EY and Wolters Kluwer, is a good opportunity to see how Polish businesses fare in this area.
Below we are describing the most interesting conclusions drawn from the report (full version is available at: http://instytutcompliance.pl/wp-content/uploads/2018/02/RaportInstytutCompliance2018.pdf).
The authors examined Polish enterprises of various sizes and turnover, of which 42% were companies hiring up to 500 people. Significantly, the study was conducted among enterprises with both Polish and foreign ownership.
The study delivers a picture of a person who performs the compliance officer function, that is, an individual responsible for implementation and maintenance of the compliance management systems in an enterprise. The name of the position varies from company to company to reflect his or her place in the organisational structure.
In 78% of cases the compliance officer performs a management function. In 22% of companies it is someone at the project manager or team leader level, and in 53% of companies it is a head of department or division.Compliance officers in most companies (82%) have independent positions and report directly to the management. Significantly, compliance officers in 37% of companies report directly to the supervisory board or the internal auditors, which is a good approach in case any malpractices occur at the top management level.
The compliance officer is a new function that requires interdisciplinary skills. No wonder that such individuals usually have less than 5 years of professional experience: 1–2 years: 20%, 3–5 years: 35%, 6–8 years: 24%. For now, universities do not offer degree programmes in compliance, but there are postgraduate studies and training courses on the subject. All this translates into the study findings which indicate that compliance officers are relatively young, below 40 (63%), educated mainly in law and economics.
The compliance officers covered by the study found it difficult to specify concrete hard competences in their position. At the same time, the study revealed that a good compliance officer should have a range of soft skills such as leadership, knowledge of day-to-day business of the organisation, objectivism, openness, trustworthiness and communication skills.
In addition to the image of the Polish compliance officer, the study describes also the implementation degree and functioning of the compliance management system (CMS). It shows clearly that the most popular approach to ensure compliance in Polish companies is an internal audit (84%) while a full-fledged CMS has been implemented and followed in 65% of enterprises examined.
Implementation of a compliance management system is a continuous process. Once implemented, the system should be constantly improved and monitored. Respondents were asked how long it had taken to implement a compliance management system in their organisation (meaning the period necessary to start the real life application). The answers showed no clear pattern. However, it was usually a long period as 17% of respondents said it had taken from 6 months to a year, and as many as 32% said that the process had lasted over a year. Importantly, the second largest group of respondents (35%) stated that they could not answer that question.
Graph 4 presents the implementation costs. Interestingly, 56% of respondents believed that the costs were worth the money and only 4% claimed otherwise. The remaining group (39%) could not answer that question.
The study shows that Poles understand compliance broadly in Poland and not limit it exclusively to compliance with laws. The respondents believed that a CMS should also ensure compliance with ethical standards (90% of answers), non-binding industrial standards, e.g. ISO (72%), and business partners’ requirements (49%). This understanding translates into answers as to which components make up a compliance management system in an organisation.
The risk analysis is key to smooth implementation and functioning of a compliance management system. That is why the authors of the report had a closer look at this aspect. The result: 93% of the companies conducted a risk analysis at least once. In most of them, the risk analysis is done regularly, and in 36% of them more than once a year.
The study’s findings about whistleblowing are also interesting: as many as 92% companies have implemented some kind of a solution in that regard and virtually all of them (94%) have an anonymous reporting system. Whistleblowing in majority of tested companies (66%) is handled by a company employee who answers and responds to tipoffs. Data on the number of notifications show that most companies receive at least one tipoff every year. Of course, not every one is significant, and some are not pursuable.
Among a great deal of statistics, we would like to draw your attention to the growing popularity of two practices. We are talking about compliance training among employees on all levels (practiced in 92% companies), and business partner verification for compliance practices. The approach to such verification varies among companies from due diligence, to contractual provisions which oblige the other party to abide by certain standards or allow audits, to external checks e.g. through business intelligence firms.
The report shows that compliance management systems are already in place among Polish businesses. It also indicates that their importance will be growing. Rödl & Partner’s experts would be glad to answer your additional questions and doubts about implementation and optimisation of compliance procedures in your company.
Monika Behrens
Attorney at law (Poland)
Partner
Send inquiry
Profile
