Postavke privatnosti
Economy

AKD first in Croatia with ISO 37301 certification and a new standard for compliance monitoring in state-owned enterprises

Find out what the ISO 37301 certificate means, which AKD was the first in Croatia to obtain after an audit, and how the compliance monitoring system ties to the law in force from 1 October 2025. We explain what is checked, how risks are managed and why it matters for public trust. In a brief overview we highlight key elements: policies, procedures, training and reporting irregularities.

AKD first in Croatia with ISO 37301 certification and a new standard for compliance monitoring in state-owned enterprises
Photo by: Domagoj Skledar - illustration/ arhiva (vlastita)

AKD first in Croatia with ISO 37301 certification: compliance as a new measure of accountability for state-owned enterprises

The Agency for Commercial Activity (AKD) announced on 26 February 2026 that it has completed a certification audit in accordance with the international standard ISO 37301 – Compliance Management System (CMS) and that it is the first organisation in Croatia to obtain certification to that standard.
According to the company’s announcement, this is a strategic project that began in September 2024 and is focused on strengthening corporate governance, integrity and business transparency, with a clear message that the compliance system is not about form, but about measurable processes. AKD emphasizes that by establishing a compliance management system it also fulfilled the legal obligation to introduce a compliance monitoring function, which in the new framework for managing state assets has been given the status of a mandatory internal control. In practice, this means that evidence is expected: how obligations are identified, how risks are measured, who is responsible for action and how deviations are managed. In state-owned enterprises, this topic is particularly sensitive because failures do not end only as a balance-sheet cost, but often become a matter of public trust, political accountability and the sustainability of key public services. Obtaining certification can therefore be read as an attempt to turn compliance into part of day-to-day governance, rather than a reaction after problems arise.

What is ISO 37301 and why it matters for organisations operating in the public interest

ISO 37301 is an international standard that sets requirements and provides guidance for establishing, implementing, maintaining and continually improving a compliance management system in organisations of different profiles, from private to public and non-profit. Its purpose is to build a framework that enables an organisation to identify and manage compliance obligations: from laws and by-laws, through regulatory requirements, to internal policies, ethical standards and contractual obligations to partners. The standard requires more than general statements about “zero tolerance”: it requires demonstrable processes on risk assessment, the adoption and implementation of policies, employee training, reporting to management and supervisory bodies, and corrective measures when irregularities are identified. In an environment where reputational risk and public expectations are high, such a framework helps an organisation show that it works “by the rules” even when processes are complex and responsibilities are shared across multiple levels of governance. An added value is comparability: ISO standards create a common language that facilitates communication with external auditors, regulators, banks, suppliers and international partners. For the public sector and state-owned enterprises this is particularly important because they are expected to simultaneously protect the public interest, maintain market discipline and avoid situations in which non-compliance grows into a systemic risk.

Law, guidelines and rulebook: how the state standardises the compliance monitoring function

The legal basis for the compliance monitoring function has been further strengthened by the adoption of the Act on Legal Entities Owned by the Republic of Croatia, published in “Narodne novine”, which entered into force on 1 October 2025 and in the chapter on internal control explicitly prescribes the obligation to establish a compliance monitoring function. The Act defines that this function covers tasks of aligning the functioning and business operations of a legal entity with applicable regulations and general acts, with additional tasks to be regulated by a rulebook of the Minister of Finance, which opens space for more detailed standards on independence, reporting and scope of work. The transitional provisions provide that until the rulebook is adopted, the Government’s 2019 decision on the obligation to introduce a business compliance monitoring function in legal entities in majority state ownership remains in force, which shows continuity of policy: the obligation has existed for years, but is now being moved from the level of a decision to the level of a law. The Ministry of Finance in June 2024 published extensive guidelines for organising this function, emphasising the principles of proportionality, independence and permanence, and the need for systematic management of compliance risk through prevention, warnings and controls. In parallel, a draft rulebook has been published in e-Consultations, which should operationalise the legal provision and harmonise practice in legal entities owned by the state, including rules on organisation, remit and reporting method. In such a framework, certification to ISO 37301 becomes important because it gives a company a methodology and external verification, while at the same time making it easier to demonstrate that it meets the expectations of domestic regulations.

Why AKD is in focus: “of special interest” status and sensitive activities

AKD is listed in the current decision on legal entities of special interest to the Republic of Croatia among the entities to which the state attaches special importance, which implies a higher level of expectations in management, oversight and public accountability. The reasoning of the decision states that this is a company 100% owned by the Republic of Croatia, with activities related to providing services to public administration bodies, producing official documents and information security. The content of the decision further describes the scope of work: AKD produces and personalises identity cards, passports, visas, driving licences, residence permits and other protected printed materials, and participates in activities related to certificates and qualified trust services. When operations are connected with identity, documents and security-sensitive processes, the question of compliance also gains a security dimension: controlled access, traceability, supplier reliability, data protection and the integrity of IT systems that support the issuance and use of documents are important. In such an environment, a compliance management system is not only a “legal topic”, but also an organisational discipline that connects management, the supervisory board, IT, procurement, security and operational teams. Certification to ISO 37301 can therefore also be viewed as an instrument to strengthen internal controls in an area the public often sees only when an incident occurs or when institutions respond to irregularities.

What the certification audit could have required: key elements of an effective CMS

AKD states in its announcement that the certification confirms the existence of all key elements of an effective compliance management system: from identifying and managing compliance risks, through clear policies and procedures, to a system of training, reporting and continuous improvement. In practice, such elements mean that an organisation must have an overview of obligations and risks, but also an audit trail: documented assessments, training records, procedures for reporting irregularities, and clear corrective action mechanisms. In compliance management systems, special attention is paid to how “paper-only” compliance is prevented, i.e., how it is ensured that employees understand the rules and that deviations are detected before they become a problem. The Ministry of Finance’s guidelines emphasise that the aim of the compliance monitoring function is to reduce the risks of penalties, court proceedings and reputational damage through an effective system of identification, management, warning, prevention and controls, which is very close to the logic of ISO 37301. AKD additionally highlighted alignment with international guidelines: CEO Jure Sertić stated that the system is aligned “with the highest international standards and guidelines”, referencing OECD recommendations and the forthcoming rulebook of the Ministry of Finance. In practice, such a statement means that the company is trying to position itself above the minimum legal threshold and focus on standards recognised beyond the national framework, which is an important signal both for partners and for the public.
  • Compliance risk management: mapping obligations, assessing risks and defining controls for areas such as procurement, contracting, conflicts of interest and data protection.
  • Policies and procedures: clear rules, responsibilities and protocols for decision-making, with approval mechanisms and monitoring of implementation.
  • Training and communication: employee training and advisory plans, with verification of understanding and documentation of participation.
  • Reporting irregularities and handling: reporting channels, whistleblower protection, case handling and the introduction of corrective measures.
  • Reporting and oversight: regular reports to management and supervisory bodies and effectiveness indicators, so that the system is a management tool and not a formality.

OECD guidelines and the international context: integrity as a condition of modern governance

In 2024, the OECD published revised Guidelines on Corporate Governance of State-Owned Enterprises, which serve as an international reference framework for professionalising the ownership function, transparency of objectives and strengthening integrity in state-owned enterprises. The Guidelines, among other things, emphasise separating the state’s role as owner from its regulatory role, clear objectives and responsibilities, and robust internal control systems that reduce room for irregularities, abuse and political influence that is not grounded in publicly explained criteria. In the Croatian context, the link between ISO 37301 and OECD expectations is clear: ISO provides an auditable system, while the OECD calls for institutional maturity and comparability of governance standards among countries. When a state-owned enterprise establishes a certification-verifiable compliance system, it sends a signal of readiness for external scrutiny and for a governance culture based on evidence rather than ad hoc interpretations. This does not mean that a certificate automatically guarantees the absence of irregularities, but it means that there is a structure that facilitates detecting, documenting and correcting failures. That is precisely why in the public sector there is an increasing emphasis on system discipline: periodic reviews, continuous improvement and measuring the effectiveness of controls.

A broader message to other state-owned enterprises: from legal obligation to functional practice

AKD says that with this step it positions itself as a leader of good practice and a reference point for other enterprises in establishing compliance systems, strengthening integrity and transparent, accountable governance. In the months after the law entered into force, pressure for documented and measurable internal controls will likely grow, especially when by-laws are adopted that more precisely regulate the compliance monitoring function. Management boards will have to decide where the compliance function sits organisationally, whom it reports to, what resources it has and how conflicts of interest are prevented in highly exposed areas such as public procurement, contract management or security-critical IT systems. The Ministry of Finance’s guidelines leave room for the principle of proportionality, but at the same time require that each legal entity can convincingly explain why it chose that model and how it ensures independence and effectiveness. In addition, the draft rulebook provides for application to certain subsidiaries, which raises the question of how compliance standards “flow” through state-owned groups and how it is ensured that subsidiaries do not remain the weaker link. In such a framework, ISO 37301 certification can be a tool that accelerates alignment of practice, but also a benchmark against which progress is more easily compared.

What follows: implementation, oversight and the system’s real effectiveness

For AKD, ISO 37301 certification can have more consequences than reputational benefit: as a company that works with documents, identity and IT solutions, it is exposed to the expectations of various regulators and contractual partners, and a compliance management system can help align those requirements into a single framework. At the same time, certification implies maintaining the system, periodic reviews and readiness for corrections, which is crucial to avoid a situation in which the standard becomes a “one-off project”. For the system of state-owned enterprises, the broader picture is clear: after 1 October 2025, the 2024 guidelines and the preparation of the rulebook, a greater focus is expected on demonstrable governance and on the role of the compliance monitoring function as the second line of defence in the control system. At the same time, the question remains open of the dynamics of adopting and implementing by-laws and the way their application will be supervised, which in practice will decide whether standards will be harmonised or remain uneven among enterprises. In any case, the direction is set: compliance is increasingly understood less as an administrative formality and more as a system that must be able to withstand oversight, audit and public scrutiny.

Sources:
- AKD – official announcement on ISO 37301 certification ( akd.hr )
- Narodne novine – Act on Legal Entities Owned by the Republic of Croatia (enters into force on 1 October 2025; Art. 52 on the compliance monitoring function) ( narodne-novine.nn.hr )
- Ministry of Finance of the Republic of Croatia – Guidelines for the business compliance monitoring function in legal entities in majority ownership of the Republic of Croatia (June 2024.) ( mfin.gov.hr )
- Ministry of Finance of the Republic of Croatia – Decision on legal entities of special interest to the Republic of Croatia (the list includes AKD and the explanation of activities) ( mfin.gov.hr )
- OECD – OECD Guidelines on Corporate Governance of State-Owned Enterprises (revised edition 2024.) ( oecd.org )
- ISO – ISO 37301:2021 Compliance management systems — Requirements with guidance for use (description of the standard) ( iso.org )
- e-Consultations – Draft Rulebook on the compliance monitoring function in legal entities owned by the Republic of Croatia (draft text) ( esavjetovanja.gov.hr )

Find accommodation nearby

Creation time: 4 hours ago

Related

post-thumbnail
traffic
Boeing steps up the 777-9 campaign as the FAA tightens oversight after the 737 MAX and the Alaska Airlines incident
post-thumbnail
tourism of the countries
Destinations International opens applications for the Tourism for All certificate and six months of online training
post-thumbnail
tourism croatia
True Zagorje Home: ten new vacation homes received the quality label in Krapina-Zagorje County in 2025
post-thumbnail
health curiosities
UCSF is revolutionizing education: Medical students become certified robotic surgery assistants
post-thumbnail
technology
Croatian technology in the fight against black market: AKD and ENSESO implement EU system for tobacco traceability in Ireland
post-thumbnail
tourism world
Trip.com Group: Travel Sustainability through Innovation and Responsible Business 2024
post-thumbnail
economy
New taxi cards in Croatia: Everything you need to know about terms, prices and deadlines
post-thumbnail
traffic
New taxi driver card in Croatia: Everything you need to know about the conditions, prices and deadlines prescribed by AKD
post-thumbnail
traffic
IF AFFINIS - how the new analytical system changes traffic in Croatia
post-thumbnail
economy
The Ministry of Finance successfully issued maturity bonds in 2027 and 2034 in the total amount of EUR 2 billion, confirming the high interest of investors

Business Editorial Department

The editorial desk for economy and finance brings together authors who have been engaged in economic journalism, market analysis, and monitoring business developments on the international stage for many years. Our work is based on extensive experience, research, and daily contact with economic sources — from entrepreneurs and investors to institutions that shape economic life. Over years of journalism and personal involvement in the business world, we have learned to recognize the processes behind numbers, announcements, and short-lived trends, enabling us to deliver content that is both informative and easy to understand.

At the center of our work is the effort to make the economy more accessible to people who want to know more but seek clear and reliable context. Every story we publish is part of a broader picture that connects markets, politics, investments, and everyday life. We write about the economy as it truly functions — through the decisions made by entrepreneurs, the moves taken by governments, and the challenges and opportunities felt by people at all levels of business. Our style has developed over the years through fieldwork, conversations with economic experts, and participation in projects that have shaped the modern business landscape.

An important aspect of our work is the ability to translate complex economic topics into text that allows readers to gain insight without overwhelming technical terminology. We do not oversimplify the content to the point of superficiality, but we shape it so that it is accessible to everyone who wants to understand what is happening behind market tickers and financial reports. In this way, we connect theory and practice, past experiences and future trends, to provide a whole that makes sense in the real world.

The editorial desk for economy and finance operates with a clear intention: to provide readers with reliable, thoroughly processed, and professionally prepared information that helps them understand everyday economic changes, whether related to global movements, local initiatives, or long-term economic processes. Writing about the economy for us is not just reporting news — it is continuous monitoring of a world that is constantly changing, with the desire to bring those changes closer to everyone who wants to follow them with greater confidence and knowledge.

NOTE FOR OUR READERS
Karlobag.eu provides news, analyses and information on global events and topics of interest to readers worldwide. All published information is for informational purposes only.
We emphasize that we are not experts in scientific, medical, financial or legal fields. Therefore, before making any decisions based on the information from our portal, we recommend that you consult with qualified experts.
Karlobag.eu may contain links to external third-party sites, including affiliate links and sponsored content. If you purchase a product or service through these links, we may earn a commission. We have no control over the content or policies of these sites and assume no responsibility for their accuracy, availability or any transactions conducted through them.
If we publish information about events or ticket sales, please note that we do not sell tickets either directly or via intermediaries. Our portal solely informs readers about events and purchasing opportunities through external sales platforms. We connect readers with partners offering ticket sales services, but do not guarantee their availability, prices or purchase conditions. All ticket information is obtained from third parties and may be subject to change without prior notice. We recommend that you thoroughly check the sales conditions with the selected partner before any purchase, as the Karlobag.eu portal does not assume responsibility for transactions or ticket sale conditions.
All information on our portal is subject to change without prior notice. By using this portal, you agree to read the content at your own risk.

Events Croatia

Jubilee Wine ViP Event in Zadar: education and an eno-gastro experience at Hotel A’Mare with a charitable note

Jubilee Wine ViP Event in Zadar: education and an eno-gastro experience at Hotel A’Mare with a charitable note

26 February, 2026
Easter workshop on Women’s Day: Dragica Lukin at Stancija Buršić in Vodnjan on 8 March with desserts and lunch

Easter workshop on Women’s Day: Dragica Lukin at Stancija Buršić in Vodnjan on 8 March with desserts and lunch

25 February, 2026
Opatija 2026 brings the “Oasis of Health and Wellness”: free walks, Thalasso Cardio Walk, SUP and a charity race

Opatija 2026 brings the “Oasis of Health and Wellness”: free walks, Thalasso Cardio Walk, SUP and a charity race

24 February, 2026
Charity exhibition on Rijeka’s Korzo: “Smiling Faces of the Rijeka Carnival” help little Val until March 5

Charity exhibition on Rijeka’s Korzo: “Smiling Faces of the Rijeka Carnival” help little Val until March 5

20 February, 2026
Charity exhibition “Smiling Faces of the Rijeka Carnival” on 20 February on Korzo, support for Val Radovanović

Charity exhibition “Smiling Faces of the Rijeka Carnival” on 20 February on Korzo, support for Val Radovanović

19 February, 2026
In March, free “Get to Know the Apsyrtides” excursions strengthen the knowledge of Mali Lošinj accommodation providers and the archipelago’s tourism

In March, free “Get to Know the Apsyrtides” excursions strengthen the knowledge of Mali Lošinj accommodation providers and the archipelago’s tourism

19 February, 2026
Wine ViP Event in Zadar on 24 February at Hotel A’Mare: education, tastings, and donations for the League Against Cancer

Wine ViP Event in Zadar on 24 February at Hotel A’Mare: education, tastings, and donations for the League Against Cancer

19 February, 2026
Free guided tours of Rijeka, Opatija and Kastav for Tourist Guides Day on 21 and 22 February 2026 with e-mail registration

Free guided tours of Rijeka, Opatija and Kastav for Tourist Guides Day on 21 and 22 February 2026 with e-mail registration

19 February, 2026