The Working Group (WG) on compliance management systems and ISO standards is co-chaired by Daniel L. Bühr and Dominique Casutt. It started its activities in 2015 and counts ca. 30 members.

The WG aims at discussing the establishment, implementation, maintenance and continual improvement of best practice compliance management systems. It focuses on the recent ISO Standard 19600 – Compliance Management Systems and other standards (audit standards, risk and anti-bribery management standards etc.).

The WG also follows related matters such as independent auditing and certification of compliance management systems.

Regular lunch meetings, presentations and conference calls shall promote the exchange of know-how and the discussion of important developments and further networking among all those who share an interest in best practice compliance management based on transparent and auditable compliance management system standards.

Registration WG CMS/ISO

Participation in the ECS Working Group is open to all ECS Members. If you are interested in joining the WG please register.

NEWS

Meeting of the WG on Thursday, 24 August 2017

The WG meeting was attended by 14 ECS members and guests.

Against the background that more and more companies are becoming certified under compliance management system standards (for instance Alstom Group, which became certified under the anti-bribery management system Standard ISO 37001), Daniel Bühr shared his experience from independent compliance management system audits. In his experience, companies take such reviews and audits seriously and they see them as an opportunity to get an independent and unbiased feedback on the maturity of their compliance management system. Often such reviews and audits are the basis to address key governance, organizational and procedural questions.

Following this short introduction, Matthias Kiener, Partner, Advisory Forensic with KPMG, Zurich, introduced the participants to CMS audits under IDW Audit Standard 980 and the recent works on a Swiss CMS audit standard SAS 980 which is currently beeing established by expertSuisse. In his presentation, Matthias explained the ISO 19600 and the IDW Audit Standard 980 approach and the differences between them. Matthias then explained the three assessment typs under the IDW Audit Standard and the audit objectives and the key elements of a systematic best practice CMS. The discussion focused on the question how audits on non-mature organizations shall be conducted and how auditors can help organizations in the proper design and an effective implementation of a CMS. Also, the increased enforcement of the corporate criminal offense under Article 102 of the Swiss Criminal Code was discussed. The participants agreed that the exposure of companies that may have a bribery or money laundering risk, has significantly increased as a result of soaring SAR reports by banks. The discussion also touched on the critical role of senior management, which should not only take the risks of their companies in case of organisational compliance weaknesses but also their personal exposure into account. After expressing sincere thanks to Matthias Kiener for his interesting presentation, a “best practice” apéro took place.

Dominique Casutt and Daniel Bühr, Co-Chairs ECS Working Group CMS/ISO Standards

 

WG Compliance Management Systems/ISO – Event of 28 June 2016 on best practice risk management

With the catchy title “Is compliance a risk? How risk management can help you make risk-based compliance decisions” Stéphane Martin, founder and CEO of Smart Risk Consulting, held a presentation at the event of the ECS Working Group CMS/ISO on 28 June 2016.

Risk assessment and management is one of the key elements of any compliance management system and therefore subject to ISO 19600 on Compliance Management Systems. The section on risk management in ISO 19600 is, however, quite short. Therefore, it may prove very helpful to consider the specific ISO standard on Risk Management for further reference.

Stéphane provided in his well-structured and focused presentation not only a good overview of the key principles of the ISO 31000 standard on Risk Management but also shared his practical experience in risk management in a very hands-on and interactive manner. He elaborated on what may be considered a compliance-risk and in particular stressed the need to differentiate between its constituent elements cause, source, event and consequence – in order for risk management to be effective it is crucial to have a control in place for each cause.

The presentation was followed by a lively discussion on this hot topic and rounded off with some cold drinks.

ECS WG CMS/ISO discussed the ISO 19600 Principles of Good Governance

On 30 June the Working Group CMS/ISO met for the second time in Zürich and discussed the principles of good governance as set out in ISO 19600, in particular direct access to the governing body, independence of the compliance function, appropriate authority and adequate resources. After an introductory presentation the participants had a lively discussion on the subject matter followed by specific questions raised by Working Group members regarding ISO 19600.

It was agreed that the next meeting will take place in September. The first part of the meeting will be used to discuss the purpose of the Working Group and its envisaged output going forward; for the second part it is planned to invite a Chief Compliance Officer from an organisation which has already been certified according to ISO 19600 to share first-hand insights regarding the certification process. Date and agenda of the meeting will be announced in due time.

 

WG CMS/ISO 19600 plans second meeting on 30 June in Zurich

The Working Group CMS/ISO has scheduled its second in-person meeting for 30 June 17.00 to 19.00h in Zurich. The meeting agenda will be made available in due time. Suggestions from Working Group members or other interested parties are highly welcome.

Building on the first in-person meeting on 16 March which served the purpose of bringing interested members “up to speed” with regard to the new ISO 19600 standard on compliance management systems, the second meeting now aims at addressing specific areas of interest and possible queries.

Other ECS members or external individuals who are interested in attending the event are kindly requested to sign up for the Working Group (and a membership with ECS, if not yet a member). The Working Group has by now increased to more than 15 members.

First face to face meeting in Zurich on 16 March 2015

Basel, 24 March 2015. At the meeting of 16 March 2015 in Zurich, the ISO Standard 19600 and the certification concept of Austrian Standards were presented to the members of the WG (12 participants attending, 3 excused). The participants discussed the Standard and independent audits of Organizations with regard to their Compliance Management Systems. The participants agreed that ISO 19600 may become a benchmark because it is the first global standard on compliance management systems. Questions focused on the best approach to implement a compliance management system, in particular on how to secure Board and Top Management attention, buy-in and support. Also, the concept and benefits of certification were discussed.

The Working Group decided that it wants to act as the ECS point of contact for Compliance Management Systems and that it intends to meet bi-annually in person to further discuss CMS and ISO topics of common interest. A next meeting will be scheduled for the second half of June.