We have identified a more suitable language of this document. To change language to please click here or close
Wir haben eine besser geeignete Sprache dieses Dokuments identifiziert. Um die Sprache auf zu ändern, klicken Sie bitte hier oder hier um diese Meldung zu schließen.
We have identified a more suitable language of this document. To change language to please click here or close
For storing your preferred CMS location, analysing referrals from LinkedIn and embedding third party content we need your consent (which you can withdraw any time).
This website uses cookies so that we can provide you with the best user experience possible. Our Cookie Notice is part of our Privacy Policy and explains in detail how and why we use cookies. To take full advantage of our website, we recommend that you click on “Accept All”. You can change these settings at any time via the button “Update Cookie Preferences” in our Cookie Notice.
Technical cookies (required)
Technical cookies are required for the site to function properly, to be legally compliant and secure. Session cookies only last for the duration of your visit and are deleted from your device when you close your internet browser. Persistent cookies, however, remain and continue functioning on repeat visits.
Analytics
CMS does not use any cookie based Analytics or tracking on our websites; see details here.
Personalisation cookies
Personalisation cookies collect information about your website browsing habits and offer you a personalised user experience based on past visits, your location or browser settings. They also allow you to log in to personalised areas and to access third party tools that may be embedded in our website. Some functionality will not work if you don’t accept these cookies.
Social media cookies
Social Media cookies collect information about you sharing information from our website via social media tools, or analytics to understand your browsing between social media tools or our Social Media campaigns and our own websites. We do this to optimise the mix of channels to provide you with our content. Details concerning the tools in use are in our privacy policy.
4th CMS Compliance Barometer: Companies underestimating material risks
22/05/2019
Compliance officers focusing on data protection
Compliance awareness increasing among employees and decreasing among management
Digital transformation seen as an opportunity for compliance tasks
Berlin – German companies are becoming increasingly professional in their compliance activities, but they continue to underestimate relevant risks. Declining management support for compliance issues is a cause for concern among corporate compliance officers. On the plus side, compliance departments of German companies are embracing digitisation, mostly perceiving it as an opportunity to improve compliance. Those are the key findings of the representative cross-sector survey for the CMS Compliance Barometer, carried out in 2018 for the fourth time by commercial law firm CMS Germany. The CMS Compliance Index, which measures the extent to which compliance is embedded in major companies, remained unchanged in the reporting year at 67.1 out of a possible 100 points.
“While the Compliance Index again shows a strong reading and companies consider themselves well positioned with regard to compliance, there is still a substantial need for external consulting. This is partly due to increased legal requirements,” said Dr Harald W. Potinecke, partner and Head of Compliance & Forensic Services at CMS in Germany. “In particular, the EU General Data Protection Regulation, which has applied to all companies since last May, is proving to be a challenge in practice. If it has not yet been implemented, or not implemented correctly, there is a risk of fines running into the millions and claims for compensation from those affected. There are also other risks that should not be ignored,” Potinecke continued. For the survey, leading market research institute Ipsos conducted anonymous interviews with a sample of 177 compliance officers from large companies with at least 500 employees.
Focus on data protection, corruption being underestimated
The EU General Data Protection Regulation (GDPR) and the associated penalties have thrown data protection into sharp relief. Accordingly, as in previous years, compliance officers in major companies regard this area as the primary compliance risk: 35% of company representatives surveyed put it top of their list (previous year: 22%).
Corruption (16%) and liability for products and services (11%) were cited as the second and third most important risks. From the perspective of the respondents, corruption is significantly less of an issue than in the previous year, while competition law and protection of business secrets were both lowly ranked. That is all the more remarkable because Transparency International’s latest Corruption Perception Index (CPI) paints a different picture, with managers regarding corruption and bribery as on the rise in Germany’s business world and public sector. The marked difference in risk perception also contrasts with the actual risks that companies face from corruption or competition violations. Overall, the trend seen in recent years of underestimating corruption and competition law issues remains in place.
Declining management engagement
While the recorded level of compliance awareness among management has declined slightly over the years (falling from 81% in 2016 to 76% in 2018), it has risen steadily among employees. This suggests increasing buy-in at employee level. However, there is still room for improvement: only 40% of respondents rate compliance awareness of employees as good to very good, while 12% consider it poor or even very poor. A significant decline in the willingness of employees to make decisions on compliance issues is also being seen. This trend gives real cause for concern. “The results show that shortcomings in the compliance culture and in compliance communication remain a major weakness in many companies. Management awareness and willingness to support compliance are still strong, but the steady decline is alarming. A compliance system can only be successful if it is supported and embraced by all company employees, especially by management, and is not regarded as a hindrance to doing business,” said Florian Block, a partner in the Compliance Group at CMS’s Munich location.
Companies relying increasingly on external consultants
The number of companies with a compliance department has increased since 2015, but not risen further since 2016. A good four out of ten large companies now have a department dedicated solely to compliance. In 2015, the figure was less than three out of ten.
At the same time, there has been a significant increase in the number of companies using the services of external consultants. Whereas in previous years around 50% of all respondents drew on external support in compliance matters, this figure rose to 70% in 2018. One reason for this is undoubtedly high demand for advice in connection with the introduction of the EU General Data Protection Regulation (GDPR) in May 2018. In addition, practical experience shows that awareness of compliance and liability issues has increased steadily in recent years and that companies are continuing to develop and professionalise their compliance structures; this is often done with external support.
Digital transformation is changing compliance requirements
The effects of digitisation on compliance were covered by the 2018 Compliance Barometer for the first time, with almost half of respondents stating that they see digitisation as an opportunity to improve compliance. A quarter regard it as an additional risk that needs to be managed. The same number of respondents are still undecided as to what digitisation means for compliance. “Digital transformation is changing the compliance demands faced by businesses. The introduction of new technologies and digitised business models creates opportunities and risks that have to be managed. Compliance officers need to respond accordingly,” said CMS partner Florian Block. Companies are already deploying a range of digital tools. Most frequently, they use IT-supported approval processes to ensure adherence to the principle of dual control, digital policy management and computer-aided checking of sanctions and terror lists. There is considerable scope for improvement, though, particularly in relation to inducements and integrity checks on business partners. “Digitisation is set to become an integral part of compliance work. For this reason, companies should now invest in developing digital aspects of their compliance management system and training up their compliance officers. This has the potential to greatly facilitate everyday tasks, while also boosting the effectiveness of the compliance system,” said Block.
The survey and the CMS Compliance Index are published annually, providing a comprehensive overview and insight into the current state and progress of compliance in major German companies.
If you want to use third party tools, please enable personalisation cookies as part of your cookie preferences. You can change this setting at any time via the button below or in our Cookie Notice.
Social Media cookies collect information about you sharing information from our website via social media tools, or analytics to understand your browsing between social media tools or our Social Media campaigns and our own websites. We do this to optimise the mix of channels to provide you with our content. Details concerning the tools in use are in our privacy policy.