Learning & Best Practices of a Compliance Management ...€¦ · European Data Protection...
Transcript of Learning & Best Practices of a Compliance Management ...€¦ · European Data Protection...
![Page 1: Learning & Best Practices of a Compliance Management ...€¦ · European Data Protection Regulation replaced Federal German Act for Data Protection. KERNTEAM Which Compliance guidelines](https://reader036.fdocuments.in/reader036/viewer/2022062607/605b3032beb76723cc128a1d/html5/thumbnails/1.jpg)
Partner der Haufe Gruppe in Compliance Fragen
Learning & Best Practices
of a Compliance Management System
Haufe Group Compliance Mindset
Internal 20th September 2018, Institut Risk & Compliance, Paris
![Page 2: Learning & Best Practices of a Compliance Management ...€¦ · European Data Protection Regulation replaced Federal German Act for Data Protection. KERNTEAM Which Compliance guidelines](https://reader036.fdocuments.in/reader036/viewer/2022062607/605b3032beb76723cc128a1d/html5/thumbnails/2.jpg)
AGENDA
Welcoming
09h15-10h30 Fundamentals
Beyond the theory
Lessons learned
10h30 - 10h45 Coffee and networking break
10h45 - 11h45 Integrity Now!© game
11h45 - 12h00 Wrap-up and closing
![Page 3: Learning & Best Practices of a Compliance Management ...€¦ · European Data Protection Regulation replaced Federal German Act for Data Protection. KERNTEAM Which Compliance guidelines](https://reader036.fdocuments.in/reader036/viewer/2022062607/605b3032beb76723cc128a1d/html5/thumbnails/3.jpg)
COO & CEO Haufe Group
Birte Hackenjos and Markus Reithwiesner
HAUFE GROUP
![Page 4: Learning & Best Practices of a Compliance Management ...€¦ · European Data Protection Regulation replaced Federal German Act for Data Protection. KERNTEAM Which Compliance guidelines](https://reader036.fdocuments.in/reader036/viewer/2022062607/605b3032beb76723cc128a1d/html5/thumbnails/4.jpg)
ISO 19600:2014
Quelle: https://www.iso.org/obp/ui/#iso:std:iso:19600:ed-1:v1:en
![Page 5: Learning & Best Practices of a Compliance Management ...€¦ · European Data Protection Regulation replaced Federal German Act for Data Protection. KERNTEAM Which Compliance guidelines](https://reader036.fdocuments.in/reader036/viewer/2022062607/605b3032beb76723cc128a1d/html5/thumbnails/5.jpg)
Anti-
CorruptionAntitrust
Data
Protection
IT Security Governance
CSR
1. Risk
Assessment
2. Awareness
& Prevention
3. Monitoring
4. Response
THEORY PLAN-DO-CHECK-ACT DEMING CYCLE
![Page 6: Learning & Best Practices of a Compliance Management ...€¦ · European Data Protection Regulation replaced Federal German Act for Data Protection. KERNTEAM Which Compliance guidelines](https://reader036.fdocuments.in/reader036/viewer/2022062607/605b3032beb76723cc128a1d/html5/thumbnails/6.jpg)
LEGAL STATUS OF COMPLIANCE IN GERMANY
DIFFERENT LEGAL PROVISIONS
❖ Corporate Risk & Compliance Management
German Stock Corporation
Sections 30 and 130 German Act on Regulatory Offences (OWiG)
❖ Bribe
German Penal Code applies to individuals
OWiG applies to companies, fines up to 10 million EUR
❖ Whistleblowing system
German Civil Code failed
German case law (§138 of the German Penal Code)
❖ Data Protection
European Data Protection Regulation replaced Federal German Act for Data Protection
![Page 7: Learning & Best Practices of a Compliance Management ...€¦ · European Data Protection Regulation replaced Federal German Act for Data Protection. KERNTEAM Which Compliance guidelines](https://reader036.fdocuments.in/reader036/viewer/2022062607/605b3032beb76723cc128a1d/html5/thumbnails/7.jpg)
KERNTEAM COMPLIANCEWhich Compliance guidelines
are binding for me?
I haven‘t found the guidelines on the
sharepoint
Some rules are not
consistent with
guidelines from other
departments
Where can I find the
Compliance guidelines?
EMPLOYEES OFTEN LOST IN COMPLIANCE
![Page 8: Learning & Best Practices of a Compliance Management ...€¦ · European Data Protection Regulation replaced Federal German Act for Data Protection. KERNTEAM Which Compliance guidelines](https://reader036.fdocuments.in/reader036/viewer/2022062607/605b3032beb76723cc128a1d/html5/thumbnails/8.jpg)
COMPLIANCE ORGANIZATIONAL STRUCTURE
& REPORTING LINES
Advisory Board
Board ofDirectors
Legal + Compliance
Legal ComplianceData
Protection
HR Project
ManagementBusiness Services
TEAM
Compliance Office
Risk Management
![Page 9: Learning & Best Practices of a Compliance Management ...€¦ · European Data Protection Regulation replaced Federal German Act for Data Protection. KERNTEAM Which Compliance guidelines](https://reader036.fdocuments.in/reader036/viewer/2022062607/605b3032beb76723cc128a1d/html5/thumbnails/9.jpg)
CREATING A COMPLIANCE MINDSET PROGRAM
CMS
Internal
Ambassadors
External
Ambassadors
Operational
Compliance
Compliance
Tool› Compliance
Communication
› Whistleblowing
portal
![Page 10: Learning & Best Practices of a Compliance Management ...€¦ · European Data Protection Regulation replaced Federal German Act for Data Protection. KERNTEAM Which Compliance guidelines](https://reader036.fdocuments.in/reader036/viewer/2022062607/605b3032beb76723cc128a1d/html5/thumbnails/10.jpg)
OUR COMPLIANCE PATH IN PRACTISE
1. Compliance RULES
Easy and understandable guidelines
i.e. Employee/Supplier Code of Conduct, Anti-Corruption guideline
2. Compliance TONE FROM THE TOP
Role model, responsibility and Compliance statement from the Top Management
Endorsement through the workers council
3. Compliance AWARENESS
Blended learning, in person trainings, workshops
Compliance champions, Compliance day
Welcoming day for newcomers
4. Compliance PROMOTION
Company Website
Whistleblowing portal
![Page 11: Learning & Best Practices of a Compliance Management ...€¦ · European Data Protection Regulation replaced Federal German Act for Data Protection. KERNTEAM Which Compliance guidelines](https://reader036.fdocuments.in/reader036/viewer/2022062607/605b3032beb76723cc128a1d/html5/thumbnails/11.jpg)
COMPLIANCE MINDSET GOES DIGITAL
❖ Risk Assessment
❖ Guideline Management
❖ Anti-Corruption Documentation
❖ Case Management
❖ Whistleblowing System
❖ Internal Control
NOT ONLY PROCESS Management!
▪ Automatized Workflow
▪ Data Intelligence
▪ Documentation
▪ Reporting
HOW? Compliance TOOL
![Page 12: Learning & Best Practices of a Compliance Management ...€¦ · European Data Protection Regulation replaced Federal German Act for Data Protection. KERNTEAM Which Compliance guidelines](https://reader036.fdocuments.in/reader036/viewer/2022062607/605b3032beb76723cc128a1d/html5/thumbnails/12.jpg)
COMPLIANCE MINDSET COMMUNICATION
➢ Guidelines only lays out the rules
➢ Applying the rules in the daily work is the task of each employee no
matter the hierarchical level
➢ Easy to say, more difficult to establish in an organization
CHANGE MENTALITY PROCESS
with the internal/external ambassadors!
▪ Corporate culture
▪ Trust
▪ Speak up https://whistleblowerportal.haufegroup.com/
▪ Strategy & business
▪ Compliance compass
![Page 13: Learning & Best Practices of a Compliance Management ...€¦ · European Data Protection Regulation replaced Federal German Act for Data Protection. KERNTEAM Which Compliance guidelines](https://reader036.fdocuments.in/reader036/viewer/2022062607/605b3032beb76723cc128a1d/html5/thumbnails/13.jpg)
➢ DOCUMENTATION
➢ TRANSPARENCY
➢ SEGREGATION
➢ ADEQUACY
TO ENSURE COMPLIANCE SELF CHECK FROM THE EMPLOYEES!!!!
COMPLIANCE COMPASS
![Page 14: Learning & Best Practices of a Compliance Management ...€¦ · European Data Protection Regulation replaced Federal German Act for Data Protection. KERNTEAM Which Compliance guidelines](https://reader036.fdocuments.in/reader036/viewer/2022062607/605b3032beb76723cc128a1d/html5/thumbnails/14.jpg)
14
![Page 15: Learning & Best Practices of a Compliance Management ...€¦ · European Data Protection Regulation replaced Federal German Act for Data Protection. KERNTEAM Which Compliance guidelines](https://reader036.fdocuments.in/reader036/viewer/2022062607/605b3032beb76723cc128a1d/html5/thumbnails/15.jpg)
INTEGRITY NOW! LET’S PLAY
Katharina Miller Corporate Compliance & Human Rights Lawyer and Partner,
3C Compliance, Madrid Spain
![Page 16: Learning & Best Practices of a Compliance Management ...€¦ · European Data Protection Regulation replaced Federal German Act for Data Protection. KERNTEAM Which Compliance guidelines](https://reader036.fdocuments.in/reader036/viewer/2022062607/605b3032beb76723cc128a1d/html5/thumbnails/16.jpg)
MERCI! VIELEN DANK!
Contact: Colline Jux [email protected], Chloé Saby chloe.saby@haufe-
lexware.com, Katharina Miller [email protected]