Compliance Management Systems
Key contacts
A trip to Bangkok, a business deal between brothers, and a bottle of wine – about life with and without compliance
Case study on implementing a compliance management system
It’s not uncommon for multiple compliance risks to be identified during due diligence when acquiring a company. An institutionalised compliance costs money, an institutionalised compliance does not evolve by itself, the company has grown quickly, and “has always managed fine without it” – those are just four of the many reasons why German SMEs in particular struggle in this area.
Like in the case we are describing here. We identified policies that were not state-of-the-art for a compliance management system. We found out that employees were not sensitised to compliance-related issues. We saw organisational and governance structures that lacked clarity around how, and by whom, compliance measures should be developed, implemented and applied.
The acquiring company considered this a problem, having itself a rather different compliance culture. They consider a professional compliance management system as the market standard and part of proper corporate governance. The lack of this type of system at the target company worked in its favour during the price negotiations, however, the company would now like to implement appropriate compliance structures in the acquired company. The purchaser considered it essential to urgently reduce liability risks that could arise for both the company and its management as a result of inadequate structures (in a worst-case scenario, fines of up to EUR 10 million could be imposed). Another aim is to ensure compliant conduct on the part of all company employees.
The directors of the acquired company and its employees are not exactly enthusiastic about this approach. They voice various concerns, citing unnecessary costs, unnecessary work and unnecessary expenditure on external consultants. Managers fear that compliance would hinder their day-to-day work. “Compliance requirements take up too much time, you don’t get anything else done.” There were mutterings among employees about a “surveillance state” in which you are no longer allowed to do anything. And the knock-down argument raised by the directors, managers, employees and works council is that there was nothing wrong in the first place, so why not just carry on as usual?
In situations such as this, where two wholly different viewpoints collide, the key is to engage in dialogue. A functioning compliance system must not just be aligned with a company’s size, international scope, industry specifics and risk areas, but also with its corporate culture. In addition to managers, it is particularly important to address the concerns of the employees, who ultimately have to put the compliance culture into practice. You need to explain the benefits of compliance to them and involve them in designing the compliance management system. It’s also necessary to find practical solutions that are genuinely tailored to the needs of the specific company. Compliance should not be a burden, but should protect the company, its management and the employees, and ideally simplify their everyday work by providing clear rules on dos and don’ts.
Grudgingly, the company began to tackle the project. We came in as external advisors, starting with workshops in which we talked to the company about key aspects and concerns. This was followed by quick compliance checks on specific areas to get an idea of where loopholes might be found. We conducted interviews with key stakeholders from the core areas and used our dedicated tool to analyse documents efficiently.
Not so surprising to us, but certainly to the company management, that alongside identifying weaknesses we uncovered embarrassing compliance-related incidents, some of which were financially detrimental to the company. Employees from the Business Development department regularly received invitations from business partners, including a week-long stay in Bangkok for a trade association meeting. Christmas presents in Sales exceeded the appropriate value. In the Purchasing department, contracts were regularly awarded to a construction company whose managing director just happened to be the brother of our client’s purchasing manager. In the Finance department, reminders were simply thrown away and duplicate payments made, possibly due to the lack of an appropriate IT system. The HR department told us about people being off sick due to workplace bullying. These incidents went unreported because there was too little awareness of whistleblower protection or the Whistleblower Protection Act (Hinweisgeberschutzgesetz). A Legal department that had never heard of the Supply Chain Due Diligence Act (Lieferkettensorgfaltspflichtengesetz – LkSG) insisted that sustainability was leftist nonsense, and that you could not be held liable for things in the supply chain anyway.
The picture that gradually emerged was very different from the view of compliance held by company management and many employees. There was a clear need for action on several fronts. Accordingly, with the evidence in our favour, we set about establishing a compliance organisation (and in particular appointing a Compliance Officer). A code of conduct was drawn up together with policies on corruption and on conflicts of interest. A system for screening business partners was also introduced, along with a signature policy including a documentation/filing system and a reporting system. We took various steps to ensure compliance with the Supply Chain Due Diligence Act and developed a modern training programme. This was designed to make employees more aware of compliance issues going forward, with attendance being documented.
Shortly before Christmas, we received something in the mail. It was from the company’s senior management team, with whom we had worked closely over the course of a year to help introduce a compliance management system. It turned out to be a nice bottle of wine – which is deemed completely appropriate from a compliance perspective in such a context. But we remember the card much more, which thanked us for our work and said they were looking forward to more projects in the coming year. No trace of a grudging attitude now. More a sense of gratitude, in fact, since our project had eliminated several personal liability risks compared to the original situation.
OUR ADVISORY PORTFOLIO
We provide a full range of advisory services around compliance management systems, including
- Development, implementation and optimisation of compliance programmes
- Advising executive bodies on legal compliance and organisational obligations, and on corporate governance structures
- Structuring a compliance organisation (responsibilities, etc.)
- Risikoanalyse und -management (Compliance Due Diligence, Business Partner Screenings, Compliance-Klauseln)
- Setting up and managing whistleblower systems (whistleblower hotline, ombudsman)
- Preparation of compliance policies as well as instructions and trainings
Structured approaches – example: review of Compliance processes
What others say about us:
Legal experts for Compliance-Management-Systeme


Compliance Management Systems
Local market knowledge. Global outlook
We provide future-facing legal advice to help your organisation thrive. Combining local market knowledge and a global perspective, and with lawyers in locations worldwide, your organisation benefits from the expertise it needs, even across borders.
About CMS