Skip to main content

Notable developments in the new ISO standard for Compliance Management Systems

A new international standard for compliance management systems (CMS) was published on April 13th 2021.  Known as ISO 37301, the standard replaces ISO 19600.  There are several new developments.

If your organisation is already aligned with ISO 19600, then it is important to understand the developments in ISO 37301.  We have no doubt that these developments will be embraced by organisations who aim to have a strong and robust CMS.

Seven key developments with the introduction of ISO 37301:

ISO 37301 is articulated in directive language, such as ‘shall’ meaning that it is certifiable and that independent experts, regulators or courts may use the standard when assessing an organisation’s CMS.

The standard emphasises the importance of a common standard of behaviour and conduct that is required throughout the organisation to create and support compliance. Top management is required to prevent and not tolerate behaviour that compromises compliance.

There is a requirement for consideration of aspects of diversity, potential barriers and the views of interested parties when establishing an organisation’s communication needs and processes.

There is an emphasis on the inter-related elements to managing compliance risk and there is recognition that compliance management is a cycle of continuous improvement.

The importance of organisational structure and the broader social and economic impact is recognised as fundamental when building a CMS.

The role and importance of levels of management below top management, in managing their compliance duties and creating appropriate internal rules, processes and structures to ensure compliance is emphasised. There is also increased focus on transparency and clear communication of the roles of top management.

Whistleblowing tools and processes are encouraged as part of effective compliance management.  Organisations must ‘establish, implement and maintain’ a process to enable and encourage whistleblowing. The standard stipulates that such a process should be accessible, protect reporters from retaliation and reports should be treated with confidentiality.

What does this mean for you?

Organisations already aligned with ISO 19600 understand how a robust CMS helps to build sustainable businesses. At Deloitte, we believe that ISO 37301 takes the management of compliance risk to the next level, with practical, relevant and detailed guidance. The developments have been agreed to by subject-matter experts from around the world, who know exactly what industries need.  Deloitte’s compliance experts are on hand to help guide your organisation through the amendments, supporting your business to continue to have a strong and robust CMS.

How can Deloitte help? 

Deloitte has over 30 years’ experience supporting organisations to assess their compliance management systems against prior standards, advising required changes and assisting with implementation. We are also active committee members working with the Governance Risk and Compliance Institute (GRCI) who represent the International Federation of Compliance Associations (IFCA) in contributing to the draft development of ISO 37301.

Keep watching this space as we will be providing regular updates on the development of ISO 37301. If you require further information or other support with improving your compliance management system or preparing for ISO 37301, please contact us.