Skip to main content
Perspective:
Perspective
13 Apr 2021
5 minute read

Notable developments in the new ISO standard for Compliance Management Systems

A new international standard for compliance management systems (CMS) was published on April 13th 2021.  Known as ISO 37301, the standard replaces ISO 19600.  There are several new developments.

Angela Jaric

More about our author

Angela Jaric

Deloitte - Australia
Angela is a Risk Advisory Partner at Deloitte who seeks to help the power and utilities sector embrace regulatory disruption through her deep and trusted relationships, her tenacity and fast adoption of tech-enabled solutions. Angela is a regulatory compliance and conduct risk professional with over 19 years of experience working in Australia and across the Asia Pacific region. She has a strong focus on helping clients navigate disruption in both regulatory and stakeholder expectations, and understand the impact of this change to business processes, controls, customers, third party relationships and operational performance. She has been working as a professional consultant for Tier 1 firms, with a solid foundation in governance, risk and compliance technical skills, team leadership and business development acumen.
View Profile

If your organisation is already aligned with ISO 19600, then it is important to understand the developments in ISO 37301.  We have no doubt that these developments will be embraced by organisations who aim to have a strong and robust CMS.

Seven key developments with the introduction of ISO 37301:

ISO 37301 is articulated in directive language, such as ‘shall’ meaning that it is certifiable and that independent experts, regulators or courts may use the standard when assessing an organisation’s CMS.

The standard emphasises the importance of a common standard of behaviour and conduct that is required throughout the organisation to create and support compliance. Top management is required to prevent and not tolerate behaviour that compromises compliance.

There is a requirement for consideration of aspects of diversity, potential barriers and the views of interested parties when establishing an organisation’s communication needs and processes.

There is an emphasis on the inter-related elements to managing compliance risk and there is recognition that compliance management is a cycle of continuous improvement.

The importance of organisational structure and the broader social and economic impact is recognised as fundamental when building a CMS.

The role and importance of levels of management below top management, in managing their compliance duties and creating appropriate internal rules, processes and structures to ensure compliance is emphasised. There is also increased focus on transparency and clear communication of the roles of top management.

Whistleblowing tools and processes are encouraged as part of effective compliance management.  Organisations must ‘establish, implement and maintain’ a process to enable and encourage whistleblowing. The standard stipulates that such a process should be accessible, protect reporters from retaliation and reports should be treated with confidentiality.

What does this mean for you?

Organisations already aligned with ISO 19600 understand how a robust CMS helps to build sustainable businesses. At Deloitte, we believe that ISO 37301 takes the management of compliance risk to the next level, with practical, relevant and detailed guidance. The developments have been agreed to by subject-matter experts from around the world, who know exactly what industries need.  Deloitte’s compliance experts are on hand to help guide your organisation through the amendments, supporting your business to continue to have a strong and robust CMS.

How can Deloitte help? 

Deloitte has over 30 years’ experience supporting organisations to assess their compliance management systems against prior standards, advising required changes and assisting with implementation. We are also active committee members working with the Governance Risk and Compliance Institute (GRCI) who represent the International Federation of Compliance Associations (IFCA) in contributing to the draft development of ISO 37301.

Keep watching this space as we will be providing regular updates on the development of ISO 37301. If you require further information or other support with improving your compliance management system or preparing for ISO 37301, please contact us.   

Recommended for you

You’ve found instances of modern slavery, now what? - Financial Advisory blog

The only way we can stop modern slavery is together. Find out more in our Financial Advisory blog.
Perspective
5 minute read
Blog