Liability

Liability of undertakings

What are the risk and compliance management obligations of members of governing bodies and senior management of undertakings?

The members of the board of directors are each personally responsible and liable for a proper risk and compliance management. The members of the management board of a group of companies are also responsible for appropriate measures of the subordinated entities fulfilling risk and compliance obligations.

The responsibilities may be delegated to a certain member of the board, and sub-delegation to a member of the senior management is possible and advisable. However, the ultimate responsibility remains with all members of the board of directors, meaning they have to supervise the person to whom the task has been conferred.

The supervisory board is responsible for supervising the board of directors. This includes checking and monitoring whether the board of directors has established a proper risk and compliance management system.

Risk and compliance manage obligations exist only for those senior managers who have been assigned these tasks (eg, chief compliance officer). Their tasks cannot be described abstractly. It depends on the results of the analysis of the company’s risks, which determine the individual tasks and the focus of the compliance measures to be taken.

Do undertakings face civil liability for risk and compliance management deficiencies?

Yes. If there are legal violations owing to inadequate risk and compliance management, customers may file damage claims, for example in cases such as antitrust violations (see truck cartel case, question 18) or bribery of public officials.

Do undertakings face administrative or regulatory consequences for risk and compliance management deficiencies?

Yes. The Act on Regulatory Offences is applicable on any entity irrespective of the industry sector. Pursuant to this legislation, the management board or owner of an operation or undertaking shall be deemed to have committed a regulatory offence if they intentionally or negligently omit to take the supervisory measures required to prevent contraventions of laws within the operation or undertaking and such contraventions occur. A regulatory fine may be imposed on both the person and the entity. The fine to be imposed on the entity may generally amount to a maximum of €10 million. However, the regulatory fine shall exceed the financial benefit that the perpetrator has obtained from commission of the regulatory offence; the statutory maximum may therefore be exceeded if it does not suffice for this purpose.

There are specific rules for the financial industry: risk and compliance management deficiencies of banks or other regulated financial institutions may have various consequences, for example administrative fines, dismissal of the responsible members of the management board and, ultimately, withdrawal of the licence.

Do undertakings face criminal liability for risk and compliance management deficiencies?

No. In Germany only natural persons may be subject to criminal fines, undertakings may not. There is an ongoing discussion to introduce a criminal liability for undertakings. A major reason against introducing such liability is that administrative fines (see question 12) are considered sufficient.

Liability of governing bodies and senior management

Do members of governing bodies and senior management face civil liability for breach of risk and compliance management obligations?

Each member of the board of directors of a stock corporation is responsible for ensuring that his or her company operates within the framework of the laws and internal directives and that any legal violations are avoided as much as possible. This obligation also applies to managers of companies of other legal forms.

If the management board violates these obligations, each individual member may face damage claims arising from this breach of duty by the company if the company suffered damage because of the breach. If tasks are delegated to a certain board member, the others may be held personally responsible for damages if they do not properly supervise the delegated member and the compliance officer repeatedly reported on compliance failures (eg, the Siemens corruption case). In accordance with the jurisprudence of the Federal Court of Justice (BGH), the supervisory board is obliged to analyse and enforce the company’s claims against members of the board of directors. Additionally, if the board of directors does not take actions against compliance failures and, in particular, systematic violations, the supervisory board knowing of such failure must take actions against the board of directors in order to restore proper risk and compliance management. If the supervisory board fails to do so and if damages occur or increase, the members of the supervisory board may be held liable for such damages.

Members of senior management - below the corporate board - may also be held liable by their company for damages resulting from the violation of risk and compliance management obligations. However, according to German judicial jurisprudence, being employees they bear a graduated liability. Liability therefore comes into practical consideration only when employees have deliberately violated their obligations. According to some court rulings, a special responsibility is assumed by the head of compliance.

According to section 93 paragraph 1 German Stock Corporation Act, no breach of duty exists if the member of the board of directors makes an entrepreneurial decision, assuming that he or she could act on the basis of appropriate information for the good of the company.

Do members of governing bodies and senior management face administrative or regulatory consequences for breach of risk and compliance management obligations?

Inadequate supervision by the management or the owner of a company may be sanctioned with massive fines against the responsible person as well as the company (section 130 Act on Regulatory Offences).

Members of senior management also face administrative consequences, if the owner of a business or someone otherwise so authorised had commissioned this senior executive to manage a business or expressly commissioned a person to perform on his or her own responsibility duties that are incumbent on the owner of the business (section 9 German Act on Regulatory Offences).

As regards regulatory consequences, specific rules have to be observed, for example, for managers working in the banking sector (see above).

Do members of governing bodies and senior management face criminal liability for breach of risk and compliance management obligations?

If the members of the management board of a stock corporation violate their duty of diligent care and damages arise therefrom, according to the jurisprudence of the German Federal Court, this may be regarded as a criminal offence pursuant to section 267 German Criminal Code (‘infidelity’). Even if this has not been ruled in the respective Court judgment, the failure to establish an appropriate compliance system or to react promptly on evidence for infringements of law may also be deemed a violation of duty in this regard.

Members of governing bodies may be subject to criminal proceedings because they did not prevent (further) infringements out of their corporate entity. This criminal liability may also apply to senior managers (below the board of directors) and to members of the supervisory board if and to the extent that they are responsible for the supervision or the functioning of the compliance system. If, for example, a foreign official has been bribed by a company representative and if the responsible board member has evidence for such bribery but does not react appropriately, this omission to react may be regarded as a criminal offence by the responsible board member. As a result, the board member may be punished for bribery because of an inappropriate compliance practice. As such, in a 2012 court trial the long-term former head of the MAN commercial vehicle division ultimately admitted that he had not done enough to prevent bribery payments in Slovenia in 2004-2005, and was convicted for accessory to corruption by omission.