With you for the past 10 years, committed to compliance and integrity!

THEY WANT TO LAY THE FOUNDATIONS FOR THE BUSINESS COMPLIANCE FUNCTION

The profession in the field of business compliance in Slovenia is still in its infancy, so the knowledge of this field is still weak in many companies. Recent events have reminded me of this again.

An acquaintance who performs a function in the management of one of the largest Slovenian companies came to see me. They face a challenge. Due to the complexity of their business, the increasingly complex legal environment, and the few scandals in which they were involved, they began to consider establishing a business compliance function in the company. At the same time, it is increasingly common for business partners, customers from the international environment, to ask them for certain assurances before concluding contracts that they are managing corruption risks in their operations. Some foreign business partners are already introducing provisions in draft contracts that impose liability on the company if only or one of its subcontractors becomes involved in corrupt practices. In short, it is more than obvious that the environment in which the company operates has changed. So they have to adapt to that.

The problem is that no one in the leadership knows exactly what it is - the compliance function. They heard about Siemens and how they set up a strong and robust Compliance globally there after major corruption scandals. However, there is little domestic literature available in Slovenia and even fewer practical examples from domestic companies on how to approach this.

The first idea, an acquaintance told me, was that the company should look around the labor market. If they find the right candidate, he will take care of the correct placement, organization and operation of compliance. The Human Resources Department proposed two candidates. One was a retired criminologist, the other had a multi-year career in a security company.

When an acquaintance and I debated about this, we found that they had a fundamentally wrong focus when looking for candidates. Their input may have been incorrect, but the compliance feature is not a substitute for the security service. It is true that the risks to compliance in one part also stem from the risks for which corporate security is primarily responsible, but this is far from all that is the responsibility of the compliance function. I handed over some literature to an acquaintance and directed him to the current ISO 19600 standard. I also suggested to him the names of two candidates he could call for an interview. One is a lawyer who works in Slovenia in the field of corruption risk management, the other is a sociologist who works in a British manufacturing company and takes care of the field of business compliance in our region.

What they did in the company and how they finally decided, I don’t know yet. The experience itself is valuable because it reminds us of the nascent knowledge of the profession in the field of compliance in Slovenia and how many opportunities there are in this field.

I reminded an acquaintance of one more thing. If they want to establish a compliance function as it should be, the management must give 100% support and communicate this extensively in the company. Both the Management Board and the Supervisory Board. Which means that they must first clarify for themselves why they want such a function and at the same time be prepared for the compliance officer to sooner or later bring them news or findings that will not be most pleasant to them. Which means that compliance functions must be given an appropriate degree of autonomy and independence. In the long run, this will pay off for them. The management of the company, which is the first responsible for the legality of operations as a legal representative, will be informed on an ongoing basis about the risks of (non) compliance as a company and the condition of the company's internal management. In this way, management will be able to take timely measures to manage risks, strengthen the quality of internal management and build a stronger organizational culture. This will also reduce the risk of management being sanctioned by state authorities in the event of adverse events, criminal offenses and damage to the company, and above all, they will reduce the risk of damaging the company's reputation in the market. Which is always bad for business.

Rok Praprotnik
Head of the EICE Professional Committee