Introductory remarks
The recently published report from the survey conducted by Polish law firm Wierciński, Kwieciński, Baehr Sp.k. (WKB) in cooperation with the Polish Association of General Counsel (the “Report”) provides useful insight into key compliance trends in Poland.
The goal of the authors of the Report was to assess the operating compliance programs in the Polish undertakings. The authors also looked closely at the role of in-house lawyers in drafting and implementing such solutions. The focus was also whether, in the opinion of the heads of legal departments, compliance programs are an effective tool for legal risk management, including whether they allow for detection and elimination of a potential breach.
The Report provided interesting insights about how compliance programs work in Poland.
Who Participated in the Survey
The survey was conducted among the leaders of the Polish compliance field.
Most of the heads of legal departments who were surveyed work in large undertakings (over 75% of which employ more than 300 employees), in which such solutions have been in place for five years or longer (80% of the responses). Most undertakings included in the survey are organizations with foreign capital (72% of the responses), with compliance programs implemented globally and usually of a very high standard as a result of many years of experience with various legal systems.
Key Practical Observations from Results of the Survey
Is it worthwhile for businesses to invest in compliance programs?
The survey results clearly show that the implementation of compliance programs makes a lot of sense. In the opinion of the vast majority of respondents, compliance programs constitute an effective method of legal risk management - as many as 88% of the heads of legal departments answered “yes” to the question whether the compliance program is an effective tool for ensuring compliance with the law.
Moreover, an equally high percentage of respondents stated that such programs effectively support employees in fulfilling their duties in a legal manner.
An even higher percentage of respondents (97%) agrees with the statement that such programs contribute to preventing compliance breaches and if such breaches take place, the programs enable their detection (82% of respondents).
As previously mentioned, most organizations surveyed are large organizations in which compliance solutions have operated for five years or longer. It is worth noting that nearly 60% of the respondents expect that the budgets allocated to preventing violations of law will increase in the coming years. This proves that investing in legal security makes sense.
Such results should stimulate discussions, in particular among those entrepreneurs who have not yet implemented compliance programs, or are just starting to do so. Catching up with the Polish (and perhaps international) leaders will be more difficult and more expensive every year. Small businesses may consider setting compliance priorities in order to budget for and implement a compliance program over time.
What is the scope of the compliance programs?
The survey yields interesting conclusions regarding the structure of compliance programs. Of course, this does not mean that they all have to be the same. Tailor-made solutions – where each element of the compliance program is designed to the company’s needs – work best in this area (e.g. non-superficial compliance solutions that include sector specific conditions and requirements). It also does not seem necessary to simultaneously tackle compliance with all regulatory areas at once. A step-by-step strategy is more effective, focusing primarily on the areas that are of particular importance for an entrepreneur (in most cases it is better to set compliance priorities and add new components of the compliance program over time than starting with a complex roll-out).
As far as the scope of compliance programs is concerned, solutions concerning the following three groups are the most popular:
- Relations with contractors (and trade policy): 85% of responses.
- Counteracting financial fraud (money laundering, financing of terrorism): 82% of responses.
- Personal data protection (this is certainly the aftermath of the General Data Protection Regulation (GDPR)): 81% of responses.
In addition, issues related to competition and antitrust represented 65% of responses.
If the proposed Polish legislative solutions, in particular the Act on liability of collective entities (a new piece of legislation drafted by the Polish Government that would require the companies to have effective compliance solutions in particular in relation to anti-bribery issues), enter into force, a comprehensive review of compliance policies will be necessary to ensure that they also effectively prevent economic crime.
On one hand, with the current innovation era in which the importance of enterprises’ intangible assets is growing, it is worth considering implementing comprehensive policies to protect intellectual property.
On the other hand, consumers’ growing expectations should encourage entrepreneurs to ensure that the compliance policies also cover environmental protection issues.
Anti-corruption policies, implemented by the vast majority of respondents (91% of responses), stand out. In addition, 90% of respondents implemented solutions to prevent conflicts of interest (90% of responses). Surveyed enterprises often use registers of interest (69% of responses).
What is the “form” of the compliance programs?
The subject of the Report was not only the substantive scope of compliance programs in terms of topic area, but also the form of the programs.
There were no surprises in this regard. 100% of respondents confirmed that various internal documents (procedures, regulations, or guidelines) are the basis of compliance programs.
The form of the documents that constitute the compliance program does not seem of key importance for its operation. More important is the extent to which the compliance program is alive within the organization - or the extent to which the organization lives by the compliance program. In this context, the answers to the question whether the compliance program provides for systematic training of employees are interesting: 77% of respondents stated it does (which may seem like a lot or not enough, depending on the reader’s point of view).
Also, a significant number of the surveyed entrepreneurs systematically conduct audits of certain types of activities (60% of responses), such as antirust audits, health and safety audits. It is an important element of the compliance program, and one of the factors determining its success. In addition to the increased chance of detecting infringements, such audits discipline employees and are a clear signal for the entire organization that compliance is taken seriously and is not limiting to merely introducing formal rules.
How is the compliance program organized?
The survey shows that two solutions are the most common for organizational structure of compliance programs. The legal department usually plays a key role in the compliance area, or the obligations in this respect are assigned to a separate compliance department dealing exclusively with this subject (almost the same number of responses - 43% in the first case, 38% in the second). Other solutions are rare (such as assigning these duties to an internal audit department or an internal control department).
In those cases where the compliance tasks have been assigned to the company’s legal department, the most common solution is that these tasks are simply a part of the obligations of lawyers employed by the entrepreneur (77% of responses). Cases where compliance departments are separate within legal departments, and the related responsibilities are assigned to dedicated personnel (23% of responses), are not that common.
Regardless of where the main compliance competence and duties lie, the answers show that compliance involves a large number of other departments, permeating and complementing their competences and duties. Apart from the legal department, this concerns the Human Resources (HR) and the internal audit departments (about 45% of responses each). Cooperation with the communication and Public Relations (PR) department is also fairly common (30% of responses).
Interestingly, only about two-thirds of the respondents indicated that their business employs a compliance officer, i.e. someone who gathers competences and responsibilities in this area and deals with their management. It is equally interesting that, in those cases where a compliance officer was employed, he/she does not necessarily have legal education - in nearly one-third of cases, the compliance officer is not a trained lawyer.
The vast majority of organizations that employ compliance officers ensures that they occupy the highest possible position, which is associated with a specific status in the organization. In more than 50% of cases it is a director, and in another 26%, it is a managerial position. Only in about 15% of cases does the compliance officer stand lower in the corporate hierarchy. Therefore, it can be concluded that the Polish entrepreneurs do the right thing by ensuring that the compliance officer they employ has the specific authority necessary to properly fulfill the duties.
In nearly 7% of cases, people holding the position of compliance officers are board members. Regardless of the position of the compliance department (or compliance officer) in the organization, the rule is to report directly to the board of directors - almost 90% of the respondents indicated using this approach.
Summary
The image emerging from the Report defines the directions in which entrepreneurs should follow when starting to implement their own solutions in the field of legal risk management or even planning to start their own compliance program.
The Report is useful for all undertakings operating on the Polish market, including those that are advanced in terms of legal risk management. The Report allows for benchmarking, which is of particular value in the face of the draft Polish laws (including in particular the provisions of the Act on liability of collective entities), which make sanctions for entrepreneurs dependent on various factors, such as whether or not they have implemented an effective compliance program.
The opportunity to compare your own solutions with the market standards can therefore be extremely valuable and helpful in answering the question whether the solutions used in the organization are sufficient to meet the requirements set by the legislator.
Authors: Aleksander Stawicki, attorney-at-law, senior partner, WKB Wierciński, Kwieciński, Baehr Sp.k. (LinkedIn) and Wojciech Kulczyk, attorney-at-law, senior associate, WKB Wierciński, Kwieciński, Baehr Sp.k. (LinkedIn)
