Back to all our Insights
Sistem Manajemen Kepatuhan
Knowledge

Partnering with Compliance: The Key to Achieving Sustainable Business Through ISO 37301

ISO 37301

Authored By: Farrah Alizah Larasati, Lead Consultant GRC – Robere & Associates (Indonesia) 

Compliance is a critical aspect that companies must fulfill when conducting their business operations. Every company, regardless of its field, will have regulatory provisions and requirements from interested parties that must be adhered to. Failure to comply with applicable provisions or requirements can potentially lead to reputational damage, financial losses, and even legal or criminal sanctions for the company. 

A pertinent case example occurred in 2023 involving a Rural Bank (BPR) that failed to comply with regulations related to credit management. By disbursing fictitious loans, the BPR’s business license was revoked by the Financial Services Authority (OJK). 

The importance of adhering to every provision and requirement motivates companies to establish a systematic management system for identifying, evaluating, and ensuring compliance. In this regard, the international standard, ISO 37301:2021 on Compliance Management Systems serves as a best practice that companies can utilize as a guide for managing compliance. 

What is ISO 37301:2021? 

ISO 37301:2021 Sistem Manajemen Kepatuhan is an international standard that outlines how companies can effectively manage and comply with regulations. This standard provides clear guidance on how companies can develop, implement, maintain, and continuously improve compliance management systems. 

Critical Aspects in Implementing ISO 37301:2021 

The critical aspects that companies need to fulfill when implementing ISO 37301:2021 Compliance Management Systems are as follows: 

1. Commitment to Compliance

Commitment to the implementation of a Compliance Management System is crucial within a company, particularly the commitment from the Governing Body and Top Management. This commitment is demonstrated by establishing a Compliance Policy, ensuring that the implementation of the Compliance Management System is achieved, and guaranteeing the availability of necessary resources for its implementation within the company. 

2. Establishment of the Compliance Function

In the implementation of ISO 37301, companies need to establish a Compliance Function. This function has the duties and responsibilities to facilitate the identification of compliance obligations, conduct analysis and evaluation of the Compliance Management System’s performance to identify needs for corrective actions, establish mechanisms for compliance reporting, and monitor and report the results of the Compliance Management System’s implementation to Top Management. Generally, the Compliance Function is assigned to the unit overseeing compliance within the company. 

3. Awareness ISO 37301:2021

Companies must ensure that all employees are provided with an understanding of the Compliance Management System’s implementation. This includes offering training related to the Compliance Management System and conducting socialization sessions regarding the Compliance Policy. 

4. Identification of Compliance Obligations

Compliance obligations are regulations and provisions that companies must adhere to in accordance with their business processes, encompassing both external and internal regulations. In implementing ISO 37301, companies need to identify compliance obligations, analyze the impact of each regulation, and conduct evaluations to ensure all regulations are being followed. Compliance obligations can be categorized into two types: mandatory obligations and voluntary obligations. Mandatory obligations are provisions that must be complied with, such as regulatory provisions, government provisions, or customer requirements. Voluntary obligations, on the other hand, are provisions that are optional; while not mandatory, the company commits to fulfilling them, such as the ISO 37301 standard itself. 

5. Compliance Indicators

Companies can establish compliance indicators to assess their level of compliance. Under ISO 37301, compliance indicators are divided into predictive indicators and reactive indicators. Predictive indicators include measuring non-compliance risks as the potential for achieving or failing to achieve targets, as well as non-compliance trends. Examples of reactive indicators are the number of non-compliances that occurred, the time required to address non-compliances, and corrective actions taken. 

Companies implementing a Compliance Management System based on ISO 37301 not only ensure adherence to applicable provisions but also minimize risks, enhance operational efficiency, and build a positive reputation. This enables companies to continue growing and ensures their sustainability. 

Discuss with Us! 

For those who wish to discuss further and explore the latest information on Governance, Risk, and Compliance, Robere & Associates is ready to assist. Join us now! 

Contact Us
OTHER INSIGHT POSTS
ISO 27001 Logistic Postal Sector
Implementation of ISO/IEC 27001:2022 Now Mandatory for the Postal and Logistics Sector Under Permenkomdigi No. 8 of 2025 Knowledge
Public Trust Through ISO/IEC 27701:2025
Building Public Trust Through ISO/IEC 27701 Implementation Knowledge

Leave a Reply

Consult with us