Author: kancelaria

Ongoing risk management in relation to the compliance system as an essential element of an effective breach prevention strategy

In the current regulatory environment, organisations must continually adapt their practices to changing regulations and laws. In this context, the ongoing risk management becomes a key tool to help organisations maintain a high level of compliance and minimise the risk of breaches. In addition, compliance risk management also allows for the assessment and identification of possible new risks and the adjustment of breach prevention strategies to meet the organisation’s current needs.

Specifically, as a part of the ongoing risk management process, the following measures are of paramount importance:

  • review of changes in regulations and laws relating to the organisation’s activities;
  • identification of new risks, i.e. identifying new areas where a potential risk of compliance violations may occur;
  • update of the compliance strategy based on the conducted analysis, i.e. adjusting the existing breach prevention strategies and procedures to better address the new risks;
  • update of employee training and awareness so that employees are made aware of current risks and fully understand the compliance procedures.

Below are also some reasons why ongoing compliance risk management is so important for organisations. First and foremost, we need to keep in mind:

  • Changing legislation. Organisations need to regularly assess whether their compliance practices are aligned with current legislation to avoid potential legal breaches;
  • Changes in the external environment. The business environment is constantly changing. New market trends, economy shifts and other external factors can affect the risks an organisation may encounter. Ongoing risk management, on the other hand, allows these changes to be addressed;
  • Internal changes within the organisation. The goal of any organisation is to grow, which manifests itself through, among other things, the launch of new products, services, processes or technologies. Any of the above changes may create new risks in the organisation or change the existing ones. Ongoing risk management in this case will identify new risks and allow to understand how the occurring changes affect the organisation and how the risk incidence can be reduced;
  • Monitoring of the effectiveness of control activities. Ongoing risk management also allows the organisation to assess whether its current control activities are effective in mitigating the occurring risks;
  • Adjustment of business strategy. As an organisation grows, it becomes necessary to adapt its business strategy to changing market conditions. Ongoing risk management helps to understand risks associated with new courses of business and whether they are acceptable;
  • Reputation management Ongoing risk management helps prevent the possibility of reputation loss or damage. Breaches of regulations or ethical standards can result in significant damage to an organisation’s reputation. Ongoing risk management helps avoid situations in which the organisation would be exposed to a public image crisis;
  • Requirements of investors and business partners. Recently, it has become increasingly common for investors, business partners and suppliers working with an organisation to require evidence that the organisation is monitoring any involved risks on an ongoing basis and taking appropriate steps to minimise them.

To conclude, ongoing risk management is an integral part of an effective compliance and non-compliance risk management system. It helps the organisation make the right business decisions, as well as remain competitive, maintain its reputation, avoid potential crises and adapt to a rapidly changing market environment.

 

National System of e-Invoice – new challenges for entrepreneurs

Pursuant to the amendment of the Act on Value Added Tax and certain other acts of 16 June 2023, electronic invoicing using the National System of e-Invoice (hereinafter: “KSeF”) will become a new obligation for entrepreneurs. Currently, the use of the KSeF system is voluntary, whereas from 1 July 2024 KSeF will be a mandatory solution for:

  • entrepreneurs who are exempt from VAT;
  • entrepreneurs registered as active VAT taxpayers;
  • taxpayers verified in Poland for the EU VAT-OSS procedure, who have a Polish tax identification number NIP.

For small and medium-sized VAT-exempt entrepreneurs the mandatory use of the system is postponed to January 2025.

KSeF allows the structured invoices with a unique identification number to be issued and shared. The issuer of the invoice receives an official acknowledgement of receipt and the recipient of the invoice can access it through a profile in KSeF or by indicating the invoice details. The system also enables granting, changing or withdrawing of KSeF access rights or the analysis and control of the correctness of data in the e-Invoices issued.

This is a fundamental change for entrepreneurs. When the planned amendments come into force, each invoice will have to be issued in electronic form and entered into the system. The invoice will be submitted to a system verification process to ensure that it meets the requirements of a so-called structured e-Invoice (XML format, user authorisation in KSeF, invoice without attachments).

The introduction of KSeF means that existing accounting software and internal procedures will have to be adapted to the new legal requirements.  Also, it must be pointed out that in order to effectively register with KSeF, it is necessary to have a qualified electronic signature, a qualified electronic seal or a trusted signature.

This form of record-keeping will simplify the process of controlling entrepreneurs’ accounts through remote monitoring by tax authorities, which will reduce the risk of malpractice in this area.

In addition, the amendment introducing the electronic invoicing obligation for entrepreneurs provides for, among other things:

  • automatic archiving of issued invoices;
  • simplified circulation of documentation to streamline the accounting process and mutual settlements between entrepreneurs;
  • a shorter VAT refund waiting period to 45 days (currently 60 days);
  • a unified invoice template will make it easier for entrepreneurs to issue invoices;
  • a possibility to download documentation from a database maintained by the Ministry, which minimises the risk of loss/destruction of invoices;
  • certainty that an invoice will be received by the recipient through electronic acknowledgement of receipt (where the recipient chooses this form).

It is worth mentioning that, at this stage, the functioning of the KSeF still raises a number of practical doubts with regard to the matters that are not explicitly regulated by the Act. These concern in particular the technical aspects of the functioning of the system itself or verification of the status of the buyer (with respect to excluding from the KSeF the invoices issued to natural persons not conducting the business activity).

 

POLAGRA 2023 – The Food Industry Fair

We are pleased to announce that JLSW Law Office will take part in this year’s POLAGRA fair in Poznań, which will be held on 27-29 September 2023 at the Poznań International Fair.

POLAGRA covers the food industry and the HoReCa sector. The event comprises three zones. The FOOD zone is intended for the food industry and heralds the latest consumer trends, provides a comprehensive overview of offers and promotes the Polish economy. Another zone during the September fair is the FOODTECH zone, which provides an opportunity to see entire production lines in operation. The last zone at the POLAGRA fair is the HORECA zone, which presents innovative solutions improving work in professional kitchens, increasing the range of services offered by catering and accommodation facilities, and ensuring safety and comfort of stay for guests of restaurants and accommodation facilities.

As one of the exhibitors, on 28 September at 10:30 we will hold a legal training on preventing food waste and related problems, on the basis of applicable regulations. The theory will be supplemented by a case study – an example of a case and practical use of the acquired knowledge.

The following topics will be discussed during the training:

who is responsible for preventing food waste?;

duties of food vendors;

NGOs and their responsibilities;

controls;

consequences of non-compliance with food waste prevention obligations;

case study.

To participate in the training, you must fill in the form available at the link and then download the invitation.

JLSW Law Office will be represented by legal counsel Julita Wilbik-Klimek.

Compliance system – part X – the most common mistakes made in the implementation and functioning of the compliance system in organisations

More and more compliance systems are being implemented in organisations. The reasons for this are, among others, frequent changes in the law, bringing members of the organisation’s management board to account, financial losses resulting from corruption and abuse. Moreover, implementation of an effective compliance system is often required by business partners, who make it a condition for further negotiations or conclusion of a contract. However, one should bear in mind that the compliance system must be adapted to the organisation’s needs and properly implemented. Moreover, the proper functioning of the system in the organisation should also be ensured, i.e. through updating and improving it and taking actions aimed at ensuring its effectiveness. An ineffective compliance system will not deliver the expected results and will not protect the organisation from the negative consequences of non-compliance.

The following are the most common errors in the implementation and functioning of compliance systems in organisations:

Poorly conducted risk assessments and defective implementation of internal policies and procedures – these problems arise when organisations try to carry out risk assessments on their own, without the help of a professional who can indicate the threats and implement effective and tailored security mechanisms. Lack of a proper risk assessment is reflected in the lack of adequate verification of the areas exposed to risks and the effectiveness of the implemented policies and procedures, and as a result, in irregularities, financial losses, reputational damage and liability.

No updates of the compliance system – internal policies and procedures functioning within an organisation also require regular updates, in particular in terms of compliance with the law, which nowadays is changing dynamically. Lack of ongoing updates of the compliance system means that the policies and procedures functioning within the organisation are not adapted to its current needs. This is also due to a failure to appoint a person responsible for supervising the compliance system and its ongoing updates.

Lack of a clear definition of the roles and responsibilities and assigning responsibilities to people who do not have the appropriate competences – a common mistake made by organisations is the fact that they entrust several functions to one person. The compliance system requires proper commitment, which means that the compliance officer should focus as much as possible on his or her responsibilities to avoid exposing the organisation to adverse effects.

Lack of regular reporting and notification of errors – ongoing reporting to the management bodies of the results of the compliance system in the organisation is another problem. Lack of proper monitoring and reporting measures translates into the lack of ability to quickly identify irregularities and implement corrective actions and inhibits the process of improving the compliance system in the organisation.

Lack of training – lack of training is reflected in the lack of knowledge of policies and procedures among employees and lack of skills to apply them in practice, e.g. failure to report errors. Moreover, the lack of regular training is not conducive to the creation of the ethical culture that promotes appropriate behaviour in a given organisation.

Lack of communication and support from the management body – organisations often point to the lack of commitment from the management body, which should clearly communicate support for the compliance system and promote the values and behaviours that are desired in the organisation.

Lack of appropriate tools to support the compliance system – organisations should implement tools to report and visualise the compliance status, which facilitate making effective decisions and demonstrating due diligence.

We invite you to read our other articles on the subject of compliance:

Compliance – part IX – procedures

Compliance – part VIII – procedures

Compliance – part VIII – Trainings – one of the ways to ensure the effectiveness of the compliance system

System compliance – VI – Risk assessment

Compliance – part IV – Compliance officer

Compliance – part III – Who is affected by the compliance system and how it is implemented.

Compliance – part II – compliance system

Compliance – part I – introduction

Compliance – part IX – procedures

The compliance system ensures an organisation’s compliance with legal regulations, industry standards and ethical principles in the risk areas.

An effective compliance system requires creating appropriate tools, such as policies, procedures and codes. On the other hand, the kind of compliance system documentation to be implemented in an organisation is determined primarily by the scope of the business activity and the type of risks involved.

This documentation should provide, in particular, information on the patterns of operation in an organisation, the roles and tasks of individual persons and the rules of conduct, e.g. in the event of specific irregularities.

Standard compliance procedures include:

Code of Ethics. This is the basic document of the compliance system, which indicates the crucial ethical principles and standards applicable in the company, both in the internal and external relations. In addition, it contains the values that guide the organisation in its operations.

Code of Conduct. The code of conduct contains specific procedures and behaviours that should be observed or restricted within the organisation. It is addressed, in particular, to all members of the organisation, but sometimes the circle is extended to include external entities.

Anti-corruption procedure. The procedure is designed to minimise the risk of abuse in the organisation. Effective compliance with this procedure prevents the risk of criminal liability for a person in a managerial position because of taking a private financial or personal advantage, abusing his or her powers or failing to fulfil his or her obligations. In addition, the implementation of an anti-corruption policy is an expression of lack of tolerance for corrupt behaviour and a confirmation that the organisation operates in accordance with ethical principles, which in turn strengthens its credibility with customers, investors and business partners.

Infringement reporting procedure. The procedure lays down the rules and guidelines for reporting potential irregularities and handling of such reports.

AML procedures. AML procedures relate to the obligations arising from the Act on Counteracting Money Laundering and Terrorist Financing, and their implementation is required by entities that are recognised as obliged institutions in the above-mentioned regulations. Their purpose is to prevent the flow and use of money from illegal sources.

Corporate governance procedures. This is a set of fundamental principles, practices and processes to manage and control an organisation. These principles are intended to strengthen the organisation’s management systems, in particular the areas related to risk management, compliance and internal audit function.

Personal data protection procedures (GDPR). In case of some organisations, it is advisable that the compliance system also covers the processing of personal data, in the form of implementation of the GDPR privacy protection principles and organisational measures, because non-compliance with these principles may expose the organisation to the risk of severe administrative penalties.

Labour law procedures. Labour law procedures play a key role in the employment sphere, as they are an important source of information for employees on the principles in force in the organisation that they are obliged to follow. In addition, in many cases the procedures help protect against potential administrative, civil or criminal liability. The labour law-related policies include, among others, anti-mobbing policy and non-discrimination and equal treatment policy.

Environmental procedures. Environmental protection is an important and broad field in which every entrepreneur should ensure compliance. The environmental law is a number of legal acts, i.e. laws and regulations, that the entrepreneurs should observe. Any violations in this respect, such as a failure to comply with reporting obligations or a lack of proper permits, can have far-reaching negative consequences for the organisation. The procedures are intended to ensure compliance of the organisation’s activities with the environmental laws and requirements, as well as the current “green” trends in the industry.

The list above is for reference only and does not include all the procedures and policies that comprise the compliance system. The documentation is always based on the needs of a given organisation, taking into account the regulations governing the type of business concerned. Not all of these procedures will be necessary in all cases.  The scope of the procedures may be narrower or broader, depending on the individual needs.

Depending on the type of business of a given organisation, the following procedures and policies can also be implemented: procedure for counteracting unfair competition, code of conduct when concluding contracts, tax and accounting procedures, procedure for verification of contractors and using the car fleet.

We invite you to read our other articles on the subject of compliance:

Compliance – part VIII – procedures

The compliance system ensures that the organisation operates in compliance with legal regulations, industry rules and rules of ethics in areas susceptible to risk.

An effective compliance system requires creating appropriate tools, in particular policies, procedures and codes. The documentation to be implemented in the organisation as part of the compliance system is primarily determined by the scope of the organisation’s operations and type of risks present.

The documentation referred to above should in particular provide information about operating procedures within the organisation, roles and tasks of individual persons and rules of conduct, e.g. in the event of specific irregularities.

Standard procedures of the compliance system include:

  1. Code of Ethics. The code is the base document of the compliance system, stipulating the most important rules and ethical standards applicable within the organisation, both in internal and external relations. It also specifies the values followed by a given organisation as part of its operations.
  2. Code of Conduct. A document formulating specific practices and behaviours which should be followed or limited within the organisation. Such codes are addressed in particular to all members of a given organisation, but in some cases they may also apply to entities outside the organisation.
  • Anti-corruption procedure. The purpose of the procedure is to reduce the risk of any abuse within the organisation to a minimum. Its effective implementation prevents situations where the organisation becomes criminally liable if a person in executive position abuses their rights or fails to comply with their duties as a result of accepting a financial or personal benefit. Furthermore, implementing an anti-corruption procedure is proof of the organisation’s zero-tolerance policy in respect of corruption and confirms that the organisation follows ethical rules, as a result improving the organisation’s credibility with customers, investors or business partners.
  • Abuse reporting procedure. The procedure specifies rules and guidelines concerning the reporting of potential irregularities and investigating such reports.
  • AML procedures. AML procedures are related to obligations resulting from the act on preventing money laundering and funding terrorism, and entities considered to be obligated institutions under the terms of the act are required to implement its provisions. The purpose of implementing the provisions of the act is to prevent the flow and use of funds originating from illegal sources.
  • Corporate governance procedures. They are a set of primary rules, practices and processes used to manage the organisation and control its operations. The aim of the rules are to reinforce the management systems of the organisation, in particular in matters related to risk management, compliance and internal audit.
  • Procedures concerning the protection of personal data (GDPR). In certain organisations, it is recommended that the compliance system also include the processing of personal data through implementing rules governing the protection of privacy and organisational measures as per GDPR, as failing to comply with personal data protection rules may run the risk that the organisation may receive severe administrative penalties.
  • Procedures related to labour law. Procedures related to labour law play a key role in the area of employment, as they constitute an important source of information for employees on rules applicable within the organisation that they must follow. Furthermore, in many cases such procedures allow the organisation to avoid potential administrative, civil and criminal liability. Procedures related to labour law include anti-harassment policy and non-discrimination and equal opportunity policy.
  • Procedures related to environmental protection. Environmental protection is an important and broad area where all businesses should ensure compliance. Environmental protection law includes a number of acts of law, i.e. bills and regulations, that businesses must comply with. Breaching environmental regulations, for example by failing to comply with reporting obligations or failing to obtain required permits, may have far-reaching, negative consequences for the organisation. The procedures are meant to ensure that the organisation’s actions comply with provisions and requirements of environmental law, as well as current “green” trends prevalent in a given industry.

The above is purely illustrative and is not an exhaustive list of all procedures and policies forming part of the compliance system. Such documentation is always drafted based on the needs of a given organisation and accounting for laws that regulate a given type of business activity. Implementing all of the above procedures will not be required in every case. The scope of implemented procedures may be narrower or broader, depending on individual needs.

Depending on the nature of operations of a given organisation, other procedures and policies that can be implemented include: preventing unfair competition, proper procedures when entering into contracts, tax policies, policies related to proper bookkeeping, business partner verification and use of company vehicles. 

Please read our other articles on compliance:

Compliance – part VIII – Trainings – one of the ways to ensure the effectiveness of the compliance system

System compliance – VI – Risk assessment

Compliance – part IV – Compliance officer

Compliance – part III – Who is affected by the compliance system and how it is implemented.

Compliance – part II – compliance system

Compliance – part I – introduction

Legal Netlink Alliance’s Global Meeting in Paris, June 15-18.

JLSW is happy to announce we will be joining the Legal Netlink Alliance’s Global Meeting in Paris, June 15-18.

Meeting friends and partners from 35 firms across 20 countries to reinforce the common values that unite us and learn from each other is an extraordinary opportunity we are excited about!

Our firms has been a member of Legal Netlink Alliance for 10 years and we have enjoyed the rich exchanges, common projects and cooperation for the benefit of our clients that was made possible by the alliance.

JLSW will be represented by Member Tomasz Janaszczyk.

Reduction of single-use products

On 27 April 2023, the President signed the Act amending the Act on duties of entrepreneurs concerning the management of certain types of waste and the product fee. The amendment implements into the Polish legal order the provisions of the Directive 2019/904 of the European Parliament and of the Council (EU) of 5 June 2019 on the reduction of the impact of certain plastic products on the environment.

The purpose of the amendment is to introduce system solutions aimed at reducing the impact of waste from single-use plastic products, products made of oxo-degradable plastics and fishing gear containing plastics. These solutions will impose a number of obligations on some entrepreneurs, among others:

  • those placing single-use plastic products on the market or their authorised representatives,
  • those placing fishing gear containing plastics on the market,
  • retailers, wholesalers or catering businesses which offer single-use plastic products, which pack and offer – by means of a vending machine, including those placed in locations other than a retail unit, wholesale unit or catering unit – beverages or food in single-use plastic products,
  • entrepreneurs operating waste collection facilities in ports or entrepreneurs operating other equivalent collection systems.

Among the obligations imposed on the above-mentioned entrepreneurs, it is important to highlight a few, the effects of which will be experienced by us, i.e.:

  • a prohibition to place on the market single-use plastic products and products made of oxo-degradable plastics such as cotton buds, cutlery, plates, straws, drink stirrers, balloon sticks and their cups, food containers and beverage containers and cups made of expanded polystyrene will be introduced. The prohibition is effective from 24 May 2023, while products that were placed on the market before this date may be sold or given free of charge to buyers in the national territory or used for own use until the stocks of these products are depleted;
  • from 1 January 2024, entrepreneurs will be required to charge a fee for offering buyers disposable plastic products, such as beverage cups and food containers;
  • from 1 July 2024, entrepreneurs will also be obliged to ensure the availability of alternative packaging made of either biodegradable or reusable material;
  • an obligation will be introduced to label disposable plastic products, such as sanitary towels, tampons, tampon applicators, wet wipes, tobacco products with filters and filters sold for use with tobacco products as well as beverage cups, with a visible, legible and non-removable marking (on the product packaging or on the product itself) informing about inappropriate disposal methods and the harmful environmental impact of these products. This solution is effective from 24 May 2023, while products that were placed on the market before this date may be sold or given free of charge to buyers in the national territory or used for own use until the stocks of these products are depleted;

 

Compliance – part VIII – Trainings – one of the ways to ensure the effectiveness of the compliance system

The compliance system, in particular, is a set of policies, procedures and rules related to compliance within a given organisation. In order for the system to be effective, it is necessary to take specific actions to facilitate reaching this goal. First of all, it is necessary to keep the system up-to-date and to ensure that members of the organisation observe the rules of the compliance system, which requires the involvement of the management, as well as the employees, co-workers and business partners.

This raises the question: how to ensure compliance by the members of the organisation? One solution is to provide trainings that specifically include information on the rules binding within the organisation.

Compliance trainings should be tailored to the organisation’s profile and the type of audience, take into account their position within the organisation and be focused on the practical aspects of the functioning and observing the principles of the implemented compliance system. These trainings are a tool to facilitate the education of the organisation’s employees on the legal responsibility for taking or desisting from certain actions, and translate to compliance in the organisation, in particular they:

  • constitute a means of communicating changes in the organisation’s applicable regulations to the employees,
  • constitute a guarantee that the members of the organisation carry out their duties in accordance with the applicable regulations, thus reducing the risk of breaches in the organisation,
  • provide a source of valuable feedback on unidentified risks,
  • increase the staff awareness of emerging risks,
  • help build the compliance culture in the organisation.

Compliance trainings include:

  • one-off trainings – aimed at understanding the issue of the compliance system and the binding regulations and increasing the staff awareness of existing risks,
  • periodical trainings – regular trainings taking place over a specific period of time, aimed at promoting and building a long-term compliance culture in the organisation,
  • ad hoc trainings – held in the event of changes to the existing regulations, e.g. in the event of changes to the internal policies, procedures and principles, the generally applicable law, changes to the organisation’s profile, etc.

Depending on the regulations the organisation is required to comply with, compliance trainings may focus on specific issues, e.g.:

  • AML – training on counteracting money laundering,
  • GDPR – training on the collection and processing of personal data,
  • bullying prevention – training on bullying situations, aimed at eliminating or minimising the occurrence of cases of bullying in the organisation.

Please read our other articles on compliance:

System compliance – VI – Risk assessment

Compliance – part IV – Compliance officer

Compliance – part III – Who is affected by the compliance system and how it is implemented.

Compliance – part II – compliance system

Compliance – part I – introduction

End to combustion car sales – final decision by the European Union

On 28 March 2023, the Council of Europe adopted a regulation that will ban the sales of new cars with internal combustion engines (petrol and diesel) in the European Union countries. The ban will apply from 2035. An exception to the ban will be made for vehicles powered by carbon-neutral e-fuel.

It should, however, be emphasised that the regulation adopted by the European Union allows for the further use of internal combustion cars by driving them and selling second-hand cars, whereas those who decide to buy a new car after 2035 will only have electric and hydrogen cars to choose from.

The introduction of this ban results from the ‘Fit for 55%’ package adopted in July 2021 by the European Commission. The package is a set of interlinked proposals which together are intended to ensure that the European Union’s ambitious climate policy is achieved by reducing greenhouse gas emissions by at least 55% by 2030. The European Union regulation on the reduction of CO2 emissions for new cars and vans is one of many acts in this package.

Bearing in mind the climate change and the growing interest in low- and zero-emission vehicles in the west, the Polish government has introduced a range of privileges and benefits for owners of these types of cars, i.e:

  • the possibility of obtaining a subsidy for the purchase of a new electric car (up to PLN 27 000 for individuals and PLN 70 000 for entrepreneurs),
  • exemption from excise duty,
  • higher depreciation limits,
  • free parking in cities (based on local regulations),
  • the right to drive on bus lanes designated to improve urban transport slowed down by traffic congestions (until 2025).

These benefits have not just been introduced to reward electric car owners for their contribution to reducing CO2 emissions, but are also intended to encourage the citizens to purchase such vehicles in the future.