Bartosz Makovich: The biggest step now is for the legislator, who, however, is not very interested in the subject of compliance. Currently, on the one hand, the development of CMS is internally motivated, that is, more and more companies see the advantages of CMS and implement them without thinking. These companies know that implementing a CMS costs less than putting out fires by not having it, which is also evidenced by the franchisor’s example. This group of companies has always caught up with or even surpassed the countries of Western Europe, because often compliance solutions in Polish countries are at a very high level. However, for a real hack to happen, we need proper legislation, because the CMS should clearly pay off. Rodo and now Whistleblower Protection Directive. The General Data Protection Regulation (GDPR) has added wings to protect personal data, and the whistleblowing directive will make a component of a global content management system (CMS). Therefore, it is the legislator who influences the development of compliance. And he should take care of them as well as companies, because honest economics is sound. If it’s healthy, it pays off, not just for ourselves, but for the tax office, the jobs we all need, and finally, prosperity. The lack of relevant regulations not only hampers the development of compliance, but also negatively affects foreign investments in Poland and other countries’ perception of our economy.
Read also: Compliance in Poland 2021 – Polish companies learn to act according to the law >>
Whistleblower protection systems will certainly gain importance under the Whistleblower Protection Directive. Do you think its implementation will be the beginning of the implementation of other elements of the CMS?
Honestly, I can’t imagine it otherwise. The legal obligation to implement whistleblowing (we call it SIN) systems will become a reality for most organizations within a few weeks. However, if the matter is taken seriously, it is clear that SIN is one of the methods within the entire compliance management system, i.e. both will not function properly without each other. More specifically: in organizations where there are still whistleblower objections, and there are still many of them in Poland, an appropriate communication campaign aimed at building awareness should be implemented before implementation. In addition, the SIN is also a complete system, i.e. information must be evaluated, procedures must be established to protect whistleblowers, assess the risk of retaliation, but also, if necessary, by initiating internal investigations. After all, SIN submissions are a source of valuable information on how to improve your overall compliance management system. So everything works together. I think the implementation of the SIN may be the beginning of the construction of the entire CMS, which may start through the new implementation law.
Where are the companies that… You have already implemented or are implementing Compliance Management Systems (CMS), as shown in the Poland Compliance Report 2021. This is your second study, and the first was conducted in 2017. What surprised you the most this time?
There are some things that may not have surprised us, as we are seeing developments on an ongoing basis, but they are very interesting compared to the results obtained four years ago. First and foremost, the report shows how the new Compliance Officer profession is evolving and how more and more people are practicing it. It’s safe to say that it’s already clear that he will be with us forever. Interestingly, more and more people are interested in it, although a few years ago it was attracting economists. The method of education is also interesting – most compliance officers prefer specialized certifications, such as those offered by the Compliance Institute. They are less likely to choose graduate studies.
On the one hand, nearly 75 percent. Respondents implemented a CMS, given that there are recommendations on anti-money laundering, the GDPR, recommendations of regulators, and WSE best practices. On the other hand, the most common reasons for implementing a CMS were: owner will and reputation protection. Here, only 36 per cent legal compliance is indicated. responders. How do I understand?
The legal obligation to implement CMS exists only in the regulated sector, and there is no such obligation outside of it. This would also correspond to some extent with the proportion of respondents representing this sector. However, when it comes to management, it seems to me that we still need a lot of awareness and education, because many people in these positions do not yet realize that CMS not only brings a lot of valuable benefits, but is also a great tool for fulfilling the requirements Legal, which is the exercise of due diligence in the management of the company. In my opinion, it’s not the law, but there are other factors that make companies decide to implement Compliance Management Systems (CMS). It is very important that the epidemic does not affect the development of compliance in Poland. On the contrary, a large percentage of respondents said that it would make compliance more important.
If the legislator values compliance more, will its development be greater, and there will be more demand for compliance officials?
Yes of course. Unfortunately, there are still no regulations in Poland that clearly state that compliance is “legally profitable”. This can be done in different ways, but the most common is to write down the so-called compliance defense and so-called compliance monitoring. The first group is that having a good CMS can lead to fewer penalties. The second reason is that the court, instead of imposing a penalty, instructs the entrepreneur, telling him exactly how to implement the CMS or how to improve it accordingly. Hence the term “observer” in English. This is still missing in the Polish legal system.
The survey shows that companies see all the elements of a CMS: compliance risk analysis, code of conduct, reporting systems, internal investigations, training, and business partner research. Do you think they can’t see something, and they should?
I think the perception of the CMS is correct and corresponds to the reality of the companies in which the respondents work. It’s just that the surveyed group only included companies that already have a CMS in place or are currently implementing it. If we were to perform the research on a wider group, the result would certainly be different and would reveal huge knowledge gaps about the elements of CMS.
The survey asked about a CMS certification. More than half of the respondents answered that they do not see such a need. are you too? Is it worth it for someone on the outside to check and evaluate how the system works?
This is just an issue that everyone should consider considering the individual situation of the company. Certification has one major advantage. Thanks to him, the CMS is evaluated by a person from the outside who sees the internal processes and structures in a different and objective way. It’s like checking a written text: No matter how many times we’ve read it, we always ignore some errors. These will be picked up by someone who has neither written nor read them before, the so-called second eye. On the other hand, the certification process is expensive and dependent on schemes, which is not entirely consistent with the idea of a CMS as a custom-built system. Looking at it from another angle, certification may be a bargaining chip for the company, especially since internationally recognized ISO certifications generally increase the value of the company.
During the conference about the report, there was a committee dedicated to digitization. I was most surprised by the solutions that companies operating in Great Britain have, including the scope of access to public databases. Do you see an opportunity for companies in Poland to get many opportunities abroad, or perhaps funding prevents the digitization of CMS?
When it comes to CMS digitization tools, firstly they don’t have to be expensive, and secondly, there is really a whole bunch of them. That’s why I think a Polish compliance officer has similar capabilities to foreign colleagues. Of course in the end it boils down to two aspects: firstly, the ability to use it correctly, and secondly, an adequate budget, because such solutions, of course, cost money. And while the pandemic has changed the way we communicate overnight from the real world to virtual space, digitization itself, understood as the use of digital tools, hasn’t moved much forward.
“Music specialist. Pop culture trailblazer. Problem solver. Internet advocate.”