“Organizations that aim to be successful in the long term need to maintain a culture of integrity and compliance.” This is theresounding beginning of the introduction to the ISO 19600 standards.
This first line marks a clear distance from what has been named a criminal prevention plan or criminal compliance plan. In fact, generic frameworks of reference in terms of compliance (such as the abovementioned ISO 19600 or the German IDW 980 standards), when indicating how to plan a compliance system, do not imply establishing a crime prevention system, but instead a regulatory compliance system.
There are two types of standards to be met in a company: those imposed by the applicable legal framework (the law) and those which are self-imposed by the organization itself. In order to determine these standards, a thorough understanding of each organization is crucial.
Without prejudice to the foregoing, these are some of the legal areas applicable to many mid-size companies and which establish the IDW Standard 980:
- Anti-trust.
- Money laundering.
- Data protection.
- Environmental regulations.
In this respect, the US Justice Department, too, has recently become an advisory body in compliance. In the declarations made recently on November 2nd 2015, the Assistant Attorney General Leslie R. Caldwell discussed some of the parameters that would be used to measure the effectiveness of compliance models. Crime prevention is not mentioned at all, although, regulatory compliance and the involvement of the management in said compliance are referred to.
Compliance is not merely a system of crime prevention, but the consequence of an organization that meets its obligations. It is necessary to generate a system of compliance based on regulatory risks considered as relevant, and not just those of a criminal nature.
Vilá Abogados
For more information, please contact:
27th November 2015