The value of compliance: New German business integrity law

Share this post
The value of compliance: New German business integrity law

The new ‘Law to Strengthen Integrity in the Economy’ is a landmark for corporate compliance in Germany. The country will soon have a criminal law by which it can sanction companies – not just impose administrative fines, which had been the case until now. When enacted, the law will bring Germany’s legislation in line with that of the United States and the United Kingdom.

Germany’s Federal Ministry of Justice and Consumer Protection (BMJV) identified several gaps in the existing Administrative Offences Law (OWiG) as the reason for bringing in the new legislation, specifically:

  • an insufficient ability to impose meaningful monetary sanctions due to the upper limit of €10 million
  • the lack of specific and reasonable rules for imposing monetary sanctions on companies
  • no legal incentive for companies to invest in compliance
  • the discretionary prosecution principle in the OWiG gave rise to inconsistent and unequal prosecutions of corporate crime
  • the inability to consistently prosecute crimes committed abroad
  • outdated procedural law.

The new provisions in the Law to Strengthen Integrity in the Economy are outlined below.

Introduction of company crimes

A company crime will be deemed to have been committed if a criminal action has:

  • violated the company's legal obligations
  • enriched the company or was intended to enrich it.

This will also cover violations of human rights, eco crime and competition crime.

Sanctions can be imposed on a company if a person in senior management commits a company crime themselves. A company sanction can also be imposed if a person who is not in senior management commits a company crime and there was a lack of preventative measures such as training, supervision and selection.

Increase to the upper limit of monetary sanctions

There is also a significant change to the financial sanctions framework. Currently, fines of up to €10 million can be imposed through the OWiG. This limit will remain in place for those companies whose revenue is less than €100 million; however, for companies with annual revenue in excess of €100 million, the new legislation will allow for penalties of up to 10% of the average annual revenue worldwide.

Up to 100% of the profit earned through the act committed can also be taken away. This should continue to act as a deterrent for companies and individuals who feel that the profits will outweigh the punishments (such as with the $2.3 billion in fines and penalties Pfizer paid in 2009 for off-label marketing of four drugs, which amounted to just 14% of the $16.8 billion it made in revenue selling those medicines from 2001 to 2008).

More options and flexibility in imposing sanctions

Following the example of the United States compliance monitor, the BMJV shall have the power to defer monetary sanctions and give warnings with potential conditions. These conditions could take the form of instructing a company to take certain actions to prevent company crimes going forward and demonstrating its compliance by being certified by a competent body.

The new legislation will allow for the publication of a final conviction in the register of company sanctions. This record will generally not be made public, but will be available to selected authorities. Where a committed act causes harm to a large number of individuals, however, the conviction of the company shall be made public.

Consideration of compliance programmes and internal investigations conducted by the company

The following will be taken into account when considering monetary sanctions:

  • precautionary measures taken prior to the crime to prevent and detect crimes
  • commitment to detecting crimes and compensating for the damage
  • precautionary measures taken after the crime to prevent and detect future crimes.

Even where a compliance programme has failed to prevent a crime or make it more difficult to commit, the demonstration of being committed to compliance will be taken into account. Companies who self-disclose, implement measures to close gaps and contribute to the clarification process can be offered incentives.

When conducting internal investigations, companies can reduce monetary penalties by up to 50% by:

  • fully co-operating with the enforcement authority
  • entrusting the conduct of an internal investigation to an independent third party
  • providing the enforcement authority with the final report, including findings and documents following the completion of the investigation
  • conducting investigations in compliance with the principles of due process, data protection law and employment law.

Foreign elements

The new legislation will allow for the prosecution of:

  • companies seated outside of Germany, provided the offence committed can be applied to German criminal law
  • offences committed abroad by Germany-based companies if the offence:
    • would be an offence if committed in Germany under German criminal law
    • is also an offence in the country where it was committed.

How should companies prepare?

Due to the fact that, up until now, the benefits of compliance systems have not been referenced in any German law, many German companies do not have a compliance structure in place. Concerns around the costs of introducing such systems have seen some companies shy away from tackling this.

By introducing the new legislation, the BMJV is essentially saying that every company operating in Germany should have a compliance programme if they want to minimise punishments for criminal acts. Although there is currently a lack of guidance on how to structure a compliance system, it is safe to assume that any future guidance will follow that which is already in place in the United States and the United Kingdom.

German companies and companies operating in Germany can prepare for the implementation of the new Act by:

  • understanding their compliance risks
  • implementing a compliance system, or, if a system is already in place, reviewing or expanding that system.

Companies implementing a compliance system for the first time must:

  • understand and analyse their compliance risks
  • introduce role-based and risk-based compliance training across key compliance risk areas
  • introduce secure, independent channel(s) that support anonymity and allow for two-way dialogue for the reporting of concerns by not only employees, but also other stakeholders such as suppliers, customers, distributors and shareholders
  • design robust investigation and case-management processes.

Compliance systems must also be regularly reviewed and continually improved.

Investment in the right compliance systems can save companies time and money and minimise the risk of reputational damage, loss of customers and profits, and financial penalties.

Speeki is an AI-powered compliance platform with built-in anonymous reporting channels, compliance training and stakeholder engagement. Our platform allows you to minimise your compliance risk, identify misconduct and ensure your organisation’s success in a cost-effective way.

Share this post