Compliance is a broad field, and yet it concerns everyone. Anyone who does not want to get into conflict with the legislator must ensure compliance with applicable laws and regulations and establish suitable control mechanisms. Fraud and corruption in particular are traditionally among the most well-known compliance risks for companies and top the list of popular compliance violations and scandals – also in Germany. One remembers the legendary corruption scandal at Siemens in 2006, which resulted in a record fine of around 1 billion dollars in total and is still one of the largest and most expensive corruption cases in post-war history. 

This example of compliance violations highlight their potential consequences. The crux of the matter for companies often lies in the details. In order to be able to master the complexity of the applicable laws and regulations, which you have to take into account in your business practice, and to punish violations of compliance, an integrated and documented compliance management system, CMS for short, is required. After all, legislators, but also customers, suppliers and business partners, are constantly making new requirements on companies. Some of these requirements also affect risk and compliance management itself. But what will companies have to pay attention to in the future when it comes to compliance and governance risks? And which trends can be identified in this regard?

A tightrope walk: The right way to deal with whistle-blowers

Since Edward Snowden, everyone knows about the special importance of whistle-blowers. Those who disclose grievances or misconduct form an important component of every CMS. At the same time, they also harbour the risk of defamation and false information motivated in other ways. It is therefore hardly surprising that the appropriate handling of whistle-blowers has always posed challenges, but at the same time is of particular importance for a comprehensive CMS. The so-called EU Whistle-blower Directive, which came into force on 16 December 2019 and had to be transferred into national law by the EU member states by 17 December 2021, has addressed this problem and the associated governance risk. The aim of this new guideline is to establish common minimum standards in order to adequately protect people who report compliance violations.

But the implementation of this directive in Germany was bumpy: according to a survey, only every seventh company in Germany has so far met the new EU requirements. And the German legislature also seems to be struggling with transposition into national law. The so-called Whistle-blower Protection Act (HinSchG), which is intended to implement the EU directive into national law, was worked on for a long time. However, after Germany was unable to introduce the law by the deadline of 17 December 2021, the EU Commission has now initiated infringement proceedings against Germany. A draft by the Ministry of Justice is currently being discussed – it is expected that the new law will come into force at the end of 2022. The effects should be significant: According to a survey, around 92% of organizations will have a whistle-blower system in the future. The vast majority also relies on anonymous reporting options. To meet the new requirements, 42% of organizations state that they are revising their internal policies.

The trend: human rights and sustainability

Another law that is currently causing headaches for those responsible for compliance is the Supply Chain Due Diligence Act (LkSG), which was passed by the German Bundestag on June 11, 2021 and will come into force on 01 January 2023. This wants to better protect human rights in globalized supply chains and makes companies responsible for this. It calls for a comprehensive risk analysis to be carried out in order to identify human rights and environmental risks along the supply chain and to tackle them accordingly. A complaints procedure must also be established in the company, via which whistle-blowers can draw attention to potential risks or compliance violations. It thus bridges the gap to the Whistle-blower Protection Act already mentioned.

Topics such as human rights and sustainability are the trends of our time and will continue to be one of the main drivers of corporate compliance in the future. As many as 42% of those responsible for compliance state that they are strongly or very strongly involved in the topic of sustainability. The biggest challenges here are promoting an appropriate compliance culture and effective communication. This means that these and related topics are compliance risks, which those responsible for compliance and company decision-makers must take particular account of in the future so that they do not have to fear penalties for a compliance violation.