Compliance management system: advantage and necessity for medium-sized companies too

Regulatory requirements for SMEs are constantly increasing. In some cases, they are imposed "through the supply chain" by (larger) contractual partners; on the other hand, SMEs are also subject to direct legal obligations. There is no relief in sight; on the contrary, national and European legislators are planning further tightening. Violations often result in high fines, personal liability for decision-makers and the loss of existing or future contracts. A compliance management system ensures compliance with such requirements, can minimize risks and offers protection if, despite all measures, unintentional violations occur.

What is meant by "compliance management system"?

A compliance management system ("CMS") refers to the entirety of interrelated processes and structures in a company that ensure compliance with regulations. Compliance can relate to self-imposed, internal company regulations, extend to contractual obligations and/or include statutory obligations as binding law.

What initially sounds abstract and complicated does not necessarily have to be complex for SMEs. In many companies, measures to comply with certain obligations are often already in place (at least to some extent). They can build on existing operational structures. However, these are often individual measures and individual structures. The aim is to establish a coherent system that identifies and evaluates company-specific legal risks and ultimately minimizes risk through internal communication, structures and organizational measures.

Steps towards an effective CMS

The development of a CMS comprises at least the following steps:

  • Legal and risk analysis

  • Commitment and communication of self-imposed standards externally and internally, e.g. via a code of conduct

  • Organizational measures, documentation and implementation

Why is a CMS needed? What are the advantages?

Establishing the legal aspects of a CMS significantly minimizes risk. Even the initial risk analysis helps to avoid critical risk areas in day-to-day business. In addition, certain existing compliance measures are increasingly being demanded by major contractual partners. An established CMS therefore opens up business opportunities in both private sector supply chains and public procurement. According to the case law of the Federal Court of Justice, an existing CMS is taken into account in a mitigating manner when calculating fines, should violations of the law nevertheless occur. Finally, an existing CMS can prevent companies from being excluded from future contract awards if violations have occurred.

If, on the other hand, no CMS is in place, this represents a considerable risk for decision-makers and managing directors. Fines can then also be imposed on the decision-makers personally and there is a risk of claims for damages against the management, and in the worst case - depending on the specific breach of law - also criminal investigations and criminal liability. In individual cases, this can threaten the existence of the company. All of this is considerably less likely - and in certain cases even excluded by law - if an effective CMS was previously established.

Summary

  • A compliance management system ("CMS") is also an underestimated means of minimizing and safeguarding against risk in SMEs.

  • An established, effective CMS can also be achieved in SMEs without extensive effort. It can open up new business opportunities and is taken into account in the mitigation of fines in the event of legal violations.

  • For decision-makers and management, an effective CMS is of considerable interest because it minimizes or completely eliminates personal liability and risks.

We are happy to support you in the development and establishment of a CMS and offer experience and expertise for a wide range of business sectors.

Reference to the judgment of the Federal Court of Justice: BGH, Urt. v. 9.5.2017 - 1 StR 265/16 = NZWiSt 2018, 379

Status: 29.02.2024