For criminal offences committed by individuals acting in a responsible position for a company, the amended German Act on Regulatory Offences increases the maximum fine for the company as well as the individual (i) from EUR 1 million to EUR 10 million, if the crime was committed intentionally, and (ii) from EUR 500,000 to EUR 5 million, if committed negligently. A company may be fined if a specific duty of the company has been breached or if the company has benefited from such crime, which is generally assumed in cases of bribery but not necessarily in cases of breach of trust or embezzlement.

Further, fines of up to EUR 10 million may be imposed for intentional or negligent lack of oversight by individuals in similar positions if proper oversight would have prohibited or at least reduced the chances that a crime would have been committed, which is the norm most commonly used in cases of non-existent or ineffective compliance and internal controls systems.

This law effectively provides an exception to the general German law principle that criminal liability for crimes does not attach to legal persons such as companies but only to individuals. The amendment shows that the Federal government seeks to hold companies increasingly responsible for lack of proper and compliant businesses. 

The liability for the above-mentioned offences attaches both to the individuals in the leading position as well as the company. For the company, it is important to keep in mind that, in addition to the above-mentioned fines and other sanctions, also the economic advantage gained by the company from the illegal activity may have to be disgorged, and that no cap applies to such disgorgement. The criminal responsibility of the individual remains unaffected by the liability under the Act on Regulatory Offences.

The new fine provisions are effective immediately. There is no retroactive effect for offences committed before the time the new law came into effect.