Germany’s new “Law to Strengthen Business Integrity” (“Gesetz zur Stärkung der Integrität in der Wirtschaft”) will have a transformative effect on the German corporate compliance landscape when it is finally enacted, presumably later this year.
But what is the law, what does it mean for affected companies, and what actions should they be taking now? To get the answers, we spoke with Dr. Rebekka Krause, a Partner at Taylor Wessing’s Munich office.
1. What is the new German "Law to Strengthen Business Integrity", and why is it such a landmark piece of legislation?
The new law lays down a number of provisions for the first time. These range from the punishment of German companies for criminal infringements to the possibility of imposing high fines. It will also consider internal compliance measures as a factor when determining sanctions and penalties.
Until now, there has been no independent criminal law in Germany to sanction companies - only the possibility of imposing administrative fines. In order to bring Germany in line with international peers like the U.S. and U.K., a protracted legislative process resulted in the present draft bill, which is now in the final phase of the legislative process.
2. What constitutes a "company" in the context of this law?
The definition of “company,” for which the German word "Verband" is used in the draft bill, is very broad. It includes legal entities under public or private law, as well as associations without legal capacity and partnerships with legal capacity. However, it excludes associations whose purpose is not directed at commercial business operations.
3. For those companies impacted, what are some of the highlights of the law?
The new law regulates the criminal liability of companies under German law for the first time. In the future, company-level sanctions could be imposed if offenses are committed which either:
- Violate obligations affecting the company
- Enrich the company or are intended to enrich it
But the most important change to the previous legal situation is the substantial increase in the sanctions framework provided for in the draft.
The current Administrative Offences Act allows fines of up to EUR 10 million, but the draft bill provides for company sanctions of up to 10% of the average worldwide annual revenue - provided that the annual turnover of the company in question exceeds EUR 100 million. Accordingly, the “billion-dollar fines” against large companies known and feared from U.S. law would also be possible in Germany in the future.
In addition, up to 100% of the profit that the company has earned through the offense itself can be skimmed off.
As well as the monetary fine, the draft provides for a number of other sanctioning instruments, in particular the publication of a final conviction in the register of company sanctions.
4. How does the new law emphasize internal compliance measures?
The relevance of a compliance management system is addressed at various points in the draft bill.
First, the absence of a compliance management system may constitute a punishable criminal offense committed by persons subject to the rights of management and instruction of the company.
Second, the establishment or absence of a compliance management system will be taken into account as part of the overall assessment of the sanction assessment factors. It will also be a significant factor in deciding whether to prosecute or simply issue a warning. The establishment of a compliance management system can be required as a court-ordered means of rehabilitation, too.
The draft bill also highlights internal investigations in relation to mitigating sanctions. Penalties may be discounted by up to 50% if companies cooperate with law enforcement authorities in a preliminary investigation - although conditions for reductions are very strict.
5. How will the law affect cases with foreign elements, such as companies in Germany owned by non-German entities?
The draft bill includes provisions for cases involving foreign elements.
Companies seated outside Germany may be sanctioned, provided an offense of the company has been committed to which German criminal law is applicable.
In case of offenses committed abroad, companies based in Germany may be sanctioned if the offense:
- Would be a criminal offense under German criminal law had it been committed in Germany, and
- Is also punishable at the place of the offense
This is intended to ensure German companies can be prosecuted for criminal offenses committed by their employees working abroad, without the applicability of German criminal law being relevant.
6. Do most German companies already have robust compliance systems in place?
Not all companies have introduced compliance structures yet. This is mainly due to the fact that, until now, no German law has referenced the benefits of compliance management systems. There have also been concerns – particularly among small- and medium-sized companies – about the costs of establishing robust compliance structures.
The law now brings the essential change that compliance management systems are to be taken into account when assessing penalties. There remains a lack of guidance on how a compliance management system should be structured in order to limit or avoid penalties - a point that has been strongly criticized. But it’s clear that in the event of a compliance failure, the absence of compliance management system will have a negative impact.
7. What questions are you regularly responding to, in relation to the new law?
The key question for most companies right now is: “What do we have to prepare to avoid being punished under the law?”
Our answer to this, of course, is that companies must do everything possible to avoid criminal offenses.
However, if offenses occur and are discovered, companies should be prepared to minimize any possible penalty. This means ensuring that they have a compliance management system in place and are prepared for the demands of an internal investigation.
8. With the law’s implementation due imminently, what actions do you recommend affected companies take now?
Corporate leaders within every company affected by this law would be well advised to intensively review their compliance management systems now.
Conduct a compliance risk analysis, review existing compliance structures, and expand them where necessary in order to be well prepared when the law comes into force, presumably later this year. This is likely to save the organization time and higher costs later down the line.