"If you think compliance is expensive, try non-compliance." This oft-quoted phrase by former US Attorney Paul McNulty has been confirmed once again by the forthcoming law on sanctions against associations. Only this time in an even stricter form.
With the cabinet resolution of 16 June 2020, the German government launched a government draft of the "Act to Strengthen Integrity in the Economy". In this context, the so-called "Act on the Sanctioning of Company-Related Offences" (Verbandssanktionengesetz - VerSanG-E) was also adopted. Behind this very technical term is a "monumental change" for the German legal system, as the FAZ newspaper described it on 21 August 2020. The aim is to effectively combat corporate crime in Germany, but also to bring it closer to international standards.
New regulations increase the demands on companies
According to Section 1 VerSanG-E, the addressees, i.e. obligated parties, are all "associations whose purpose is directed towards a commercial business operation." This means that companies fall under this definition regardless of their size or turnover. Even if this has been criticised as "boundless" by various professional associations in their comments on the proposed legislation, the German government has decided to leave the term in this comprehensive form.
According to this, an association offence pursuant to Section 2 (1) No. 3 VerSanG-E is to be deemed to have been committed if the association has breached its obligations as a result of a criminal offence and the association has been or should have been enriched. This means that the focus is not only on property or tax offences - offences against competition, environmental offences and possible breaches of occupational health and safety are also possible. The list of possible sanctionable offences is hardly exhaustive.
The obligation of law enforcement authorities to investigate is also undergoing a fundamental change. While this currently follows the requirements of the law on administrative offences and the authorities themselves are allowed to assess whether investigations are appropriate ("opportunity principle"), in future there will be an obligation to investigate ("legality principle"). In this respect, a complete "machinery" of the authority can be set in motion even if there is only a slight suspicion of wrongdoing.
As already experienced in other areas - the introduction of the GDPR comes to mind - there are also significant changes to the sanction regulations compared to the previous regulations with the sanction framework from the Administrative Offences Act. A sanction framework of up to 10 % of the average annual (group) turnover is envisaged. Based on antitrust law, the draft also affirms the economic unity for all (subsidiary) companies that are under uniform management within a group of companies (see BGH, decision of 26 February 2013 - KRB 20/12).
Compliance measures are becoming (even) more important
Both the legal text - e.g. pursuant to Section 15 (3) no. 7 E-VerSanG - and the explanatory memorandum expressly emphasise the consideration of compliance measures to mitigate sanctions. Recording and taking into account compliance measures for the specific sanctioning of individual cases will be a particular challenge for each individual company.
If compliance measures appear suitable, prosecution can be waived in accordance with Section 41 (1) E-VerSanG. According to the explanatory memorandum to the law, a functioning compliance system can even be considered a special circumstance that makes the imposition of potentially draconian financial sanctions unnecessary. Should an association sanction nevertheless be imposed, the existence and functionality of a compliance system and its implementation must be taken into account to mitigate the sanction.
Companies must act - time is of the essence
The introduction of the Corporate Sanctions Act leads to a de facto obligation for company management to take preventative measures. If corresponding guidelines have already been implemented in the company, these must be reviewed to ensure that they are up to date in light of the new requirements.
Time is of the essence.
The law is currently being introduced in the Bundestag in September. It is expected to be published by the end of the year. There will then be an implementation period of two years. As the introduction of the GDPR requirements has shown, two years is not just a short time - the implementation programme should not be underestimated either. If compliance structures are already in place, they must be checked for their existing functionality, up-to-dateness and appropriateness. This must be based on comprehensive analyses in order to develop risk-oriented internal guidelines, documentation requirements and training. The establishment or review of a compliance management system should not be postponed, especially as companies benefit in many ways from its establishment right from the start - not only in terms of economic but also value-orientated corporate goals.
Compliance should also be seen as an opportunity - an efficient compliance management system will be of great economic benefit to shareholders and companies in the long term. Compliance protects the company, enhances its reputation and prevents corresponding damage. Compliance helps to establish efficient and legally compliant organisational structures and corporate processes.
Your TAXGATE team will be happy to advise you on everything from the review of existing measures to the complete implementation of compliance systems and can draw on the many years of experience of proven experts.
