Nicole Willms (firstname.lastname@example.org) is a partner at Pohlmann & Company in Frankfurt/Main, Germany.
Compared to other jurisdictions, first and foremost the United States, compliance management is a fairly new corporate governance topic among German companies. For decades the concept of compliance was a “legal transplant” mainly recognized and taken seriously by large global companies having to comply with foreign standards. Lately, however, more and more increasingly complex compliance requirements are finding their way into German law, becoming applicable for medium-sized and even smaller German companies. Maintaining an adequate compliance program is evolving from a best practice fiduciary measure of self-control and protection of a company’s assets and reputation to a legally promoted instrument of prevention and relief from regulatory, if not even criminal, liability.
No regulatory roots for compliance programs
Germany has been approaching the concept of compliance management in a rather reactive manner. The demand for implementing comprehensive compliance programs clearly came from abroad. In the 2000s, German globally active companies became subject to US governmental investigations and settlements for systematic corruption and, as a matter of remediation, needed to demonstrate mature compliance programs.
At the same time, no such request or relevant standards were reflected in German legislation. There was no mention of compliance, compliance measures, or compliance management systems in any German law. A formal legal obligation to maintain a compliance program did not exist. Due to the immaturity of German corporate criminal law, no compliance program expectations or standards had been formed in this legal area either.
US enforcement sets the tone
In 2008, the Siemens corruption scandal marked a beginning. Siemens reached a settlement with the US Department of Justice and Securities and Exchange Commission, agreeing to pay a $450 million fine conditioned upon implementing and maintaining a solid compliance program worldwide. The US compliance measures and standards required under the settlements, at the time, did not resonate to any German requirement or regulation. The evident regulatory vacuum quickly led to the legal question and controversial discussion in practice and academia as to whether a German corporation’s management must implement a compliance program at all.
In the wake of its remediation efforts, Siemens then was the first to sue its former managers and board members for a breach of their organizational and supervisory duties by not having taken care of an adequate compliance program. While 11 out of 12 defendants entered out-of-court settlements with Siemens, the remaining case of former managing director Heinz-Joachim Neubürger was finally decided by the Munich District Court in 2013. After a lengthy lawsuit, the court found Neubürger liable for compensation of damages in the amount of €15 million. His liability was based on the argument that as part of his fiduciary duty vis-à-vis the company, he should have initiated sufficient measures to clarify and investigate violations, to put a stop to them, and to take actions against the employees involved. Yet, Neubürger failed to do so even though repeated violations of the law and shortcomings in the control system had been brought to his attention, the court ruled.