Laura Monserrat Balderas Sánchez  
Liaison Coordinator, ema

A compliance management system comprises all the measures, structures and processes that a company or organization establishes to ensure compliance with the norms, standards and the law.

In April 2021, ISO 37301:2021 Compliance management systems — Requirements with guidance for use was published. There are five fundamental aspects of this standard, which replaced ISO 19600:2014 Compliance management systems — Guidelines.

1. It is a certifiable standard

This allows for the addition of independent third parties that attest that the boards and companies have taken due diligence and exercised the duty of care effectively, that controls and measures have been put in place to mitigate risks faced by the company, and that there is a control and monitoring mechanism that enables the company to detect possible irregularities and, where appropriate, conduct investigations.

2. A new emphasis on the environment

This new standard recognizes the company as a social actor, inserted in a system, and therefore subject to the forces of society. It demands a deeper analysis of socio-political context and competitive, socio-economic and territorial variables, etc.

3. Openly encourage the use of whistleblowing tools

The importance of reporting channels when detecting fraud or other illicit activities is well documented in business literature. Here specific requirements are established to ensure the effectiveness of these tools and active promotion of a culture where the responsibility for compliance is on every member of the organization.

4. Based on a risk approach

Since the publication of ISO 9001 Quality management systems — Requirements, an integrated management framework has been formed, where the specific aspects of something are also standardized in the global system, the same one that standardizes the characteristics of ampoules, voltage, the acronyms of countries or the limits of tolerance to nuclear radiation.

In this case the standard is based on ISO 31000 Risk management — Guidelines for risk identification and ISO 31010 Risk management — Risk assessment techniques for evaluation.

5. The culture of compliance

Finally, the most important aspect. The culture of compliance is at the heart of this new standard. The promotion of an ethical culture based on values, where everyone knows their responsibilities and roles, and involving the entire organization in ensuring the viability of the company in the longer term.