Scribd Logo
Upload

Welcome to Scribd!

  • 48 views

    002 Icei2021 w1c Huwyler

    Uploaded by

    RUDI
    The document summarizes key points from a presentation on the new ISO 37301 standard for compliance management systems. It discusses implications of the new standard, including implementing a central compliance register, embedding compliance responsibilities in policies and job roles, expanding objective-centric risk assessments, and assessing compliance training effectiveness. The standard defines compliance as meeting obligations from regulations, laws, contracts and commitments.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    002 Icei2021 w1c Huwyler

    Uploaded by

    RUDI
    48 views27 pages
    The document summarizes key points from a presentation on the new ISO 37301 standard for compliance management systems. It discusses implications of the new standard, including implementing a central compliance register, embedding compliance responsibilities in policies and job roles, expanding objective-centric risk assessments, and assessing compliance training effectiveness. The standard defines compliance as meeting obligations from regulations, laws, contracts and commitments.

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document summarizes key points from a presentation on the new ISO 37301 standard for compliance management systems. It discusses implications of the new standard, including implementing a central compliance register, embedding compliance responsibilities in policies and job roles, expanding objective-centric risk assessments, and assessing compliance training effectiveness. The standard defines compliance as meeting obligations from regulations, laws, contracts and commitments.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    48 views27 pages

    002 Icei2021 w1c Huwyler

    Uploaded by

    RUDI
    The document summarizes key points from a presentation on the new ISO 37301 standard for compliance management systems. It discusses implications of the new standard, including implementing a central compliance register, embedding compliance responsibilities in policies and job roles, expanding objective-centric risk assessments, and assessing compliance training effectiveness. The standard defines compliance as meeting obligations from regulations, laws, contracts and commitments.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 27

    3/12/2021

    9TH ANNUAL
    EUROPEAN COMPLIANCE &
    ETHICS INSTITUTE

    NEW ISO 37301


    Prof. Hernan Huwyler
    @hewyler #SCCEecei

    /in/hernanwyler/
    hewyler

    1
    3/12/2021

    Use

    An international
    certificable standard
    for compliance
    programs
    3

    Use

    Compliance by
    design,
    not by disaster

    2
    3/12/2021

    Use

    It will replace the


    ISO 19600 on anti-
    corruption without
    major changes
    5

    It is starting…

    3
    3/12/2021

    Use

    Strong corporate
    defense to meet
    accountability
    principles
    7

    Use

    Studies show modest


    results in reducing
    regulatory violations
    Coglianese, Cary and Nash, Jennifer, "Compliance Management Systems: Do They Make a Difference?" (2020)

    4
    3/12/2021

    New ISOs for 2021


    37000
    Governance
    37301
    Compliance

    ISO 37002
    Whistleblowing

    Implication

    The ISO 37301 should


    harmonize the
    compliance controls in
    policies and procedures

    10

    5
    3/12/2021

    Use

    The final standard


    will be published in
    May 2021
    @hewyler #SCCEecei

    11

    Scope

    Defines compliance as
    meeting obligations >
    needs and expectations
    of interested parties

    12

    6
    3/12/2021

    Scope
    Regulations
    Mandatory Laws
    Contracts

    Compliance
    obligations
    Commitments
    Voluntary Values

    13

    Implication

    Implement and update


    a central compliance
    register to compile
    obligations

    14

    7
    3/12/2021

    Implication

    Embed responsibilities
    for compliance
    obligations into policies
    and job definitions

    15

    Implication

    Ensure that performance


    appraisals and
    incentives cover embed
    responsibilities in roles

    16

    8
    3/12/2021

    Implication

    Implement a compliance
    control matrix linking
    objectives, obligations,
    risks and policies

    17

    Scope

    Then, not meeting


    obligations creates
    compliance risks
    @hewyler #SCCEecei

    18

    9
    3/12/2021

    Context

    19

    Implication

    Expand the scope for


    objective-centric and
    data-driven compliance
    risk assessments

    20

    10
    3/12/2021

    Risk process
    • Periodically
    Objectives Scope
    • Material
    changes

    Activities

    assessment
    Compliance
    obligations

    Corrective
    actions
    Risk
    Products

    Services

    21

    Implication

    Ensure managers
    communicate
    compliance risks to
    affected and interested
    parties
    22

    11
    3/12/2021

    Implication

    Collect data on
    materialized compliance
    risks in fraud losses,
    complains and claims
    bases
    23

    Implication

    Implement a root-
    cause analysis of
    compliance violations

    24

    12
    3/12/2021

    Implication

    Validate quality and


    availability of compliance
    documentation and its
    security controls to prevent
    changes and destruction

    25

    Implication

    Adjust the compliance


    management systems
    to address the risk
    management plans and
    evaluate their effectiveness

    26

    13
    3/12/2021

    Compliance Mgmt System

    27

    Compliance Mgmt System

    Purposes

    Policies and
    Procedures
    Processes

    28

    14
    3/12/2021

    Compliance Mgmt System

    Purposes

    Policies and
    Procedures
    Processes

    29

    Compliance Mgmt System

    Board and
    senior mgmt
    Internal and 3P
    documentation
    External experts

    30

    15
    3/12/2021

    Compliance Mgmt System

    Values

    Leadership

    Culture

    31

    Implication

    Update principles in the


    compliance policy to
    externally and internally
    communicate changes

    32

    16
    3/12/2021

    Implication

    Update compliance KPIs


    and targets in monitoring
    trends and reporting to
    upper management

    33

    Implication
    Assess the effectiveness
    of compliance training
    and awareness for
    employees and 3Ps
    acting on their behalf
    34

    17
    3/12/2021

    Changes

    Due diligence required


    for hiring and
    promotion > no
    transfers or continuous

    35

    Changes

    Disciplinary actions
    required for non-
    compliance > no
    grievances and appeals

    36

    18
    3/12/2021

    Implication

    Assess competences to
    meet compliance
    obligations in employee
    due diligence

    37

    Implication
    Baseline Enhanced
    • Identity • Legal demands
    • Career • Social media
    • Right to work • Registered assets
    • Education • Family and
    • Licenses household
    • Credit
    • Criminal

    38

    19
    3/12/2021

    Implication

    Add the consequences


    of non-compliances the
    compliance policy and
    train employees and
    new hires
    39

    Implication

    Validate the data


    consistency and accuracy
    for compliance
    communication in the non-
    financial reporting

    40

    20
    3/12/2021

    Changes

    Protection for
    whistleblowing > no
    incentives
    @hewyler #SCCEecei

    41

    Implication

    Include anti-retaliation
    controls in the
    whistleblowing policy

    42

    21
    3/12/2021

    Anti-retaliation controls
    • Implement a leniency program
    • Have an independent investigative
    team
    • Prevent risks in the complaint
    ramifications
    • Monitor peer pressure, bullying and
    exclusion

    43

    Anti-retaliation controls
    • Approve changes in work conditions
    • Include the impact on family members
    • Provide financial and emotional
    support
    • Protect whistleblowers from 3 to 5
    years

    44

    22
    3/12/2021

    Whistleblowing
    Accessible to all
    employees

    Anonymous or not

    ISO 37002
    Whistleblowing

    45

    Changes

    Environmental
    obligations for strategic
    planning

    46

    23
    3/12/2021

    Nice-to-have

    Audit compliance
    controls and third-
    parties

    47

    Nice-to-have

    Separate
    accountabilities and
    responsibilities in the
    performance of
    compliance controls
    48

    24
    3/12/2021

    Nice-to-have

    Include high risk


    scenarios of compliance
    breaches in the crisis
    protocols

    49

    Nice-to-have

    Expand due diligence


    to partnerships,
    mergers and
    aquisitions

    50

    25
    3/12/2021

    Nice-to-have

    Adjust the approvals and


    escalation procedures for
    decisions and processes
    posing high risks

    51

    Nice-to-have

    Balance roles for the


    compliance mgmt
    system with the 3 lines
    model

    52

    26
    3/12/2021

    Let´s connect
    /in/hernanwyler
    hewyler

    53

    27

    You might also like