Compliance, liability and damages from a lawyer’s perspective

February 27, 2023
No Comments
Laywer
Compliance, liability and damages from a lawyer's perspective

The term compliance has long been a fixed part of business language. Literally, it refers to compliance with rules and laws.

It means that a company consistently complies with legal regulations, but also with standard specifications, ethical maxims and rules from voluntary commitments and ensures internally that compliance is part of the corporate culture and is not based solely on good will or coincidence.

As a lawyer I regularly deal with compliance violations and their consequences. In such a situation I can help to ensure that the consequences are kept to a minimum.

A compliance violation can mean many different things:

A compliance violation means

  • … first of all, that a law (or other regulation or rule) has not been observed. Example: The head of a sales team has entered into a prohibited price agreement with the competition, clear violation of competition law.
  • … secondly, that the offense was not prevented: Perhaps the head of department knew about the agreement, but did not intervene.
  • … and thirdly, that the company management has not fulfilled its organizational and monitoring obligations: it has not installed a compliance system so that price agreements can be specifically prevented through training, control and organizational guidelines.

A compliance violation can therefore involve breaches of compliance with rules and laws at several hierarchical levels. Central to management is the task of establishing an internal security and control system within the company. If it is missing, or if the installed compliance system is not functional, claims for damages are imminent.

A compliance system can protect against liability and mitigate fines

  • A well-established compliance can protect the management from liability after a violation of the law in the company.
  • In the absence of compliance measures, on the other hand, the risk of liability increases considerably.
  • Even after a violation of the law, active efforts to maintain a functioning compliance system will still earn you points: This can have a favorable effect on the amount of threatened penalties or fines.

What a compliance management system protects against

A compliance system is an organizational concept (usually software-based) that defines control procedures and communication processes to ensure that actions are in compliance with obligations.

It is designed to protect the company from violations of the law by its own management and employees. If it works, it thus provides protection against fines and claims for damages as well as other consequences of violations such as loss of image or contractual penalties.

Depending on the sector, size of the company and positioning, the focus may be on different regulations: for example, tax regulations, BaFin requirements, criminal law provisions against corruption, data protection law, procurement regulations, waste legislation and environmental requirements, as well as balance sheet and accounting regulations under commercial law. But it can also be about requirements from standards such as ISO/IEC 27001 or voluntary commitments such as for quality seals that signal supply chains without child labor.

Which system to install?

Which compliance system is the right one depends on the industry, the size and other factors. In any case, the market is large.

There are different requirements for a compliance system depending on the size of the company, its business activities and the industry in which it operates. This includes, for example, requirements from the following sources:

  • the standard for compliance management systems (TR CMS 101) from TuV Rheinland
  • ISO 19600 as an international standard for compliance management systems
  • the ISO standards for quality management systems (ISO 9001)
  • the German Corporate Governance Code (GCGC)
  • The Corporate Sector Supervision and Transparency Act (KonTraG)
  • the Basel II and III capital adequacy agreements
  • The German Accounting Law Modernization Act (BilMoG)
  • the US Sarbanes-Oxley Act.

Compliance and corporate law

A few highlights show how closely compliance and corporate law are related:

  • The duty of limited liability company managers includes setting up a monitoring system that allows them to check the economic situation of the company at any time. This follows from sections 30, 43a of the German Limited Liability Companies Act (GmbHG), section 15a of the German Insolvency Code (InsO).
  • If there are several board members or managing directors, they bear joint responsibility. You must therefore cooperate and exchange information with each other. If there is a suspicion of irregularities in one's own department, fellow board members or managing directors must be informed. In addition, the management bodies must at least keep an eye on each other. (A basic liability for each other does not exist, however.)
  • CEOs and board members should also keep a close eye on subordinate employees. The management must close loopholes for crooked tours by employees. This begins with the selection of employees and extends to training courses and ensuring clarification in the event of legal violations.
  • International transactions are often particularly tricky. Initiating business through bribes abroad is punishable in Germany (§§ 334, 299 para. 3 StGB, EU-BestG). This also applies if bribery is part of everyday life in the country concerned.

What are the consequences of a compliance violation??

  • The company can claim damages from board members or managing directors (u. a. §§ Sections 91, 93, 116 AktG).
  • The company is threatened with forfeiture of the entire economic benefit obtained in the process. The confiscation may therefore cover more than just the pure profit from the transaction.
  • Claims for damages from competitors can be particularly expensive (Section 33 GWB). In addition, there may be competitive disadvantages and a corresponding damage to the image.
  • The tax office reacts by prohibiting deductions (d. h. no input tax deduction, no consideration of operating expenses). In addition, there is the threat of an estimate. The case will be forwarded to the prosecutor's office.
  • The company's rating is shaken, financing becomes more expensive.
  • Public contracts are in danger (blocking at national level, inclusion in the "black list" internationally).

Practical case: lack of compliance, 15 mil. Euro damages

In 2013, the Munich Regional Court ordered a Siemens board member to pay the company damages of. Euro (Munich Regional Court I, judgment of 10.12.2013, 5 HK O 1387/10). The background was a system of slush funds from which bribes had flowed to initiate business abroad.

The Siemens board members were subsequently accused of not having set up a functioning compliance management system in the company. Nine out of ten board members agreed to a settlement. The tenth one let it come to a judgment – and was indirectly held responsible for the black accounts, even though they were by no means in his area of responsibility and he had no idea of what was happening.

Nevertheless, the judges said, it would have been part of his management and organizational duties to ensure compliance with the relevant regulations pertinent to the company, both by the company itself and by its employees. Since he had violated this duty, he was liable for damages even without personal involvement.

BGH: Establishing a compliance management system can reduce fines

On the other hand, there are also judgments that give hope. For example, the BGH has confirmed that the establishment of a compliance management system can reduce the fine against the company – even if proceedings have already been initiated.

A properly functioning compliance management system set up in response to a breach of duty thus has a mitigating effect on punishment. This is true even if compliance violations occur again later, despite the system in place, and management decides to make adjustments to avoid future violations. The decisive factor is the active effort to achieve functioning compliance.

Conclusion

  • If CEOs and board members fail to ensure functioning compliance measures, they face personal liability.
  • As a managing director or board member, you should therefore always be aware of the risk of claims for damages if irregularities occur in the company.
  • This also applies if the incidents fall within the area of responsibility of a fellow managing director or board member.
  • Even an established compliance system is no guarantee of freedom from liability. In the event of a lawsuit, it depends on whether the judge considers the system to be sufficient.
  • When a legal violation reveals vulnerabilities, it is important to quickly implement appropriate compliance measures. This can lower the penalty or fine.

Ask me

If a compliance violation may have occurred, I as a lawyer for business law and business criminal law can quickly tell you what you or your company may face. I will also give you specific advice on how to proceed. As a specialist in tax law and commercial and corporate law, I am very familiar with compliance.