Enforcement of financial services regulations in Germany

Enforcement

What powers do national financial services authorities have to examine and investigate compliance? What enforcement powers do they have for compliance breaches? How is compliance examined and enforced in practice?

The KWG provides for a set of administrative measures that may be used to monitor compliance with regulatory provisions.

Most importantly, regulated institutions are required to constantly self-monitor compliance and report specific situations to the regulators. In this respect, section 24 of the KWG provides for a catalogue of issues that need to be reported on an annual basis, as well as certain aspects that a regulated institution must immediately report to BaFin. Examples include changes to management, losses above a certain threshold or changes to the capital ratio. In addition, there is a sophisticated system of regulatory reporting under which institutions need to provide data on an ongoing basis, which enables the German regulators to assess solvency in the financial sector.

In addition, banks and financial services providers are required to commission an annual audit, which also includes an audit on compliance with regulatory obligations. The relevant audit reports that need to be produced to the German regulators are an important source of information in addition to supervisory dialogues that are conducted with each regulated entity on a regular (typically, at least annual) basis.

Further, section 44 of the KWG grants BaFin far-reaching investigative powers by giving BaFin the right to order special audits. According to section 44(1) KWG, any regulated institution as well as the managers and employees of such institution are obliged to provide BaFin or anybody appointed by BaFin with any business information that BaFin requires to perform its supervisory duties. In addition, BaFin may at any time - even without any specific reasons or indications of regulatory wrongdoing - order inspections on the premises of a regulated institution. If a regulated institution has outsourced certain activities to third parties, the German outsourcing regime as stipulated in the MaRisk requires that the outsourcing agreement provides for equal inspection rights for the German regulatory authorities at the premises of the service provider with respect to information relating to the outsourcing. This power to conduct regulatory investigations is widely used in a number of different ways, ranging from short written requests for information to the commissioning of external audit firms to conduct lengthy and complex special audits on specific questions (these need to be paid for by the institution itself).

If BaFin comes to the conclusion that a certain action or behaviour, including compliance breaches, requires regulatory intervention, BaFin may order the appropriate measures. In this regard, section 6(3) of the KWG grants BaFin the general power to issue orders to institutions and their senior managers that are appropriate and necessary to prevent or stop violations of regulatory provisions or to prevent or overcome undesirable developments at an institution that could endanger the safety of the assets entrusted to the institution or impair the proper conduct of its banking business or provision of financial services.

What are the powers of national financial services authorities to discipline or punish infractions? Which other bodies are responsible for criminal enforcement relating to compliance violations?

A bank or financial services firm authorised under the KWG is required to have in place a proper business organisation complying with the legal requirements to be observed by it, and with business needs. This requirement comprises appropriate and effective risk management, including a suitable and effective compliance function. If there is a violation of the requirement to establish and maintain a proper business organisation, BaFin can, inter alia, take the following measures:

• it can issue general orders to institutions and their senior managers that are appropriate and necessary to prevent or stop violations of regulatory provisions. Non-compliance with such binding order may result in a criminal liability of the senior managers, provided that the relevant deficits in the entity’s organisation result in the institution failing or becoming likely to fail;
• it can impose administrative fines on the institution;
• it can impose additional own-fund requirements;
• in exceptional circumstances, it can order the dismissal of senior managers; and
• it can ultimately revoke the financial services firm’s licence.

As an instrument of prevention, BaFin may also publish the imposed sanctions and fines on its website (naming and shaming).

The scope of criminal sanctions with regard to violations of regulatory provisions is generally limited to severe cases, such as market abuse, insider trading or conducting banking business without a licence, but should typically not apply in the case of negligence regarding compliance issues. In this respect, it should also be noted that German law generally does not provide for a criminal responsibility of legal entities; instead, only individuals may be subject to criminal sanctions. However, the German legal system nevertheless allows administrative fines to be imposed on legal entities in case of criminal offences committed by the employees of such entity, for example, senior management. In any event, criminal proceedings are initiated and conducted by the public prosecutor’s office, which will cooperate closely with BaFin.

What tribunals adjudicate criminal and civil financial services infractions?

As mentioned above, German law does not provide for a criminal responsibility of legal entities. If there is, however, indication that an individual (for example, a senior manager or an employee of a regulated institution) has engaged in criminal behaviour, this will be investigated by the office of the public prosecutor who will typically closely cooperate with BaFin during the investigation. If the public prosecutor comes to the conclusion that there is sufficient evidence that a crime has been committed, charges will be filed against the accused individuals before the competent criminal court at the location where the alleged crime was committed. Depending on the severity of the alleged crime, this will be brought before district courts or local courts.

As regards the responsibility of the regulated entity, court proceedings resulting from administrative fines imposed against financial services firms are usually adjudicated by the criminal courts (district courts).

In parallel, any individual such as, for example, a client, that takes the view that a misdemeanour has harmed their legal position can bring forward civil litigation before the competent private law court (eg, in order to seek compensation for damages caused by the wrongful behaviour of the financial services firm or employees).

What are typical sanctions imposed against firms and individuals for violations? Are settlements common?

As already outlined in question 10, there is a set of different measures that BaFin can impose on an organisation that is in breach of regulatory provisions. In this context, administrative fines are not uncommon. Particularly with regard to breaches of anti-money laundering provisions or breaches of market transparency rules, BaFin takes a strict approach to sanctioning breaches of regulatory provisions and regularly issues fines. Although the KWG and the WpHG provide for a wide scope of potential fines, each decision depends on a case-by-case assessment and is subject to regulatory discretion. BaFin has not made use of its full powers so far; however, German law does give BaFin the power to fine a legal entity that is in breach of provisions of the KWG, with - depending on the specific breached provision - a fine of up to €20 million, or 10 per cent of the annual turnover of the relevant entity. Violation of provisions required under the WpHG may incur a fine of up to €15 million, or 15 per cent of the annual turnover of the entity. In addition, BaFin may also impose a fine based on the economic profit deriving from the relevant offence, which may be even more severe than the actual fine. The economic benefit comprises the profits made and losses avoided, both of which can be estimated.