The first harmonized rules for compliance management systems

Compliance management system can help to prevent criminal offences in enterprises. Their proper application is the topic of the new ONR 192050.

Vienna (AS prm, 04.02.2013)

Almost every day media report on alleged fraud, bribery or corruption in the context of financial transactions and procurements. Attention focuses not only on the policy-makers responsible, but usually also on persons working for renowned enterprises.

Under Austrian corporate criminal law and similar legislation adopted in other countries, legal entities can be held liable for criminal offences committed by staff members if duties were neglected by the legal entity. In plain English this means that enterprises — be they public limited companies, cooperatives or foundations — and their executive officers can be punished for criminal offences of employees. These provisions are not blunt instruments or a dead letter, which is illustrated by spectacular convictions handed down in recent years that, in part, also resulted in exorbitant fines.

Therefore, corporate leaders intensify their efforts to prove that they have taken all reasonable precautions to ensure compliance and prevent criminal actions in their enterprises. Under the heading “compliance” numerous measures of varying quality and effectiveness have been taken — the focus, however, frequently was not on traceability and comparability.

Austria pioneers rules

By adopting specific rules, Austria plays a pioneering role once more. On 1 February 2013, Austrian Standards published ONR 192050 “Compliance Management Systems” that describes the state of the art and provides a sound basis for compliance efforts.

DDr. Alexander Petsche, chairman of the relevant technical committee at Austrian Standards, believes that the introduction of a compliance management system (CMS) results in significant advantages for enterprises. “ONR 192050 specifies how a company should organize its activities to identify, understand and then properly treat relevant risks. It provides guidance on how compliance management systems can be integrated into an organization, on the measures which should be taken to bring about the desired change in the staff’s behaviour, i.e. change management, and on what is and what is not permitted in this context,” explains DDr. Petsche, partner in the global law firm Baker & McKenzie. 

Certainty and transparency

The development of ONR 192050 resulted from the understandable demand of enterprises for certainty. Dr. Armin Toifl, General Counsel and Head of Legal and Compliance for Austria and the CEE countries at Siemens Austria: “The topic of compliance is not an insignificant issue for several reasons: when staff members violate legal provisions, enterprises face massive consequences — these range from loss of reputation and fines to impacts on share prices. Therefore, more and more enterprises and organizations started to establish compliance management structures. While they had to rely on foreign models in the past, the new ONR 192050 now offers an Austrian — but internationally applicable — document providing guidance based on state-of-the-art expertise. Since such systems also raise the transparency of business transactions internally, they substantially contribute to improving corporate management and corporate culture.”

Using internal resources

When enterprises implement CMSs, they usually can build on existing schemes. Almost all internal audit or legal departments already have elements of compliance management in place that can be used for setting up a system in line with the new ONR.
The introduction of such a system focuses on roles rather than on organizational structures and manpower. These roles are described in the ONR and, depending on the resources available, can be assigned to new appointees or existing staff members. It is sufficient, for example, if the owner of a company fulfils the function of compliance officer. It is essential that the role exists and its function is performed. Relevant courses will soon be offered to provide the qualifications required.

Independent certification

Having reliable rules is not enough for enterprises and organizations. It is, of course, also of great importance to them that they are able to demonstrate conformity with the rules. To meet this demand, Austrian Standards will start to offer certification services for compliance management systems in the second quarter of 2013. The audits will be carried out by top-qualified professional practitioners (e.g. commercial lawyers). Moreover, personnel certification services will also be available for compliance officers.

Aiming at an international standard

The new ONR 192050 takes account of all the benchmarks existing throughout Europe. The integration and, at the same time, independence of all legal systems ensures that ONR 192050 is internationally “compliant” and guarantees a high level of legal certainty.
Internationally, there are currently no rules applicable to all legal areas. Australia is the only country having a comparable national standard and, as a result, initiated work on an international standard within ISO. On the basis of the new ONR, Austrian representatives will actively contribute to the activities of ISO/PC 271 “Compliance programs” set up in 2012. Therefore, ONR 192050 is already available in English, too.

Author: Herbert Hirner


ONR 192050 Compliance Management Systems

PR-ID: 0617-2013-02-04 / Compliance Management Systems