In our Legal Insights edition of 9 March 2015, we already adressed the recent decision issued by the District Court of Munich No I in Germany (Landgericht München I; the "Court") on the liability of directors for inadequate compliance organizations. In this edition, we will provide additional detail on the measures that – according to the Court – the directors should have taken to ensure an effective and adequate compliance system.
The Court held that with regards to recurring bribery suspicions, Siemens' management board should have reviewed the efficiency of the existing compliance system and taken the steps necessary to improve it. According to the Court, Siemens' management board failed to arrange for such steps in a sufficient manner.
The firm's former CFO, who stood trial in the present criminal case, and its other directors, had the obligation to create clear rules about whose main responsibility it was to ensure compliant behavior within the company. In light of the firm's size and its existing exposure to compliance breaches, a clear organizational allocation of compliance responsibility amongst the directors should have been implemented. Furthermore, directors should have ensured that the persons in charge of compliance had sufficient authority to draw the necessary consequences for violations.
The Court ruled that individual directors cannot rely on the argument that they had no right to instruct certain employees or departments, because this would contradict the overall responsibility of the management board for a functioning compliance system. The management board (and, therefore, also the firm's former CFO as a board member) should have actively stepped in and created an organizational structure to ensure direct reporting line with a corresponding disciplinary competence.
Further, the management board ought to have made sure that it was being provided with the results of internal investigations, as well as information about personnel consequences and especially about how to fight the underlying system of continuing compliance breaches. Though the board took some measures in 2004, those had clearly not been sufficient– as indicated by ongoing breaches thereafter.
The Court also pointed out a specific contract in relation to Siemens' Nigerian business activities. This contract was brought to the former CFO's attention as a potential bribery case, since the commission it contained was too high. As a consequence, the former CFO should have taken care that all contracts in relation to the firm's Nigerian business activities were reviewed. By assuming a breach of duty in this regard, the Court implicitly establishes that a director's investigation duties are quite extensive: it is not sufficient for them to take care only of the case at hand, but rather they must also make sure there are no other similar cases.
One cannot stress too often that the omission of implementing an efficient compliance system and reviewing its effectiveness is a breach of duty. It is the obligation on the part of the entire management board to constantly review and verify that the implemented system is suited to prevent infringements of mandatory laws.
Fortunately, there are now both national (ONR 192050) and international (ISO 19600) standards that provide guidance to managers as to the principles of effective and adequate compliance management systems. For further information on these standards, please see our Legal Insights of 9 March 2015.
- Is the compliance system established within your corporation able to identify, control, and prevent compliance risks appropriate to the assessed risk of non-compliance?
- Is the entire management board being kept in the loop and do they have sufficient in-formation and power to create, monitor, and – if necessary – adjust a functioning compliance system?
- Does the compliance system provide clear reporting lines and sufficient power for the person in charge to draw the necessary personnel and structural consequences for compliance violations?