Compliance is still a foreign concept for many enterprises. Its vital role has not been sufficiently communicated to the upper management especially in medium-sized companies. This newsletter gives a brief outline of this fundamental problem, the legal situation in Germany and the relevance of compliance for M&A transactions.
B. What is Compliance?
In business practice, it is still often unclear as to what is meant by the term "compliance", since no legally prescribed or standard definition of the term exists. In legal literature the term is usually defined as
"the totality of all the measures which are necessary in order to ensure lawful behaviour of the enterprise, the members of its governing bodies and its employees with respect to all legal prohibitions and requirements."
This definition clearly suggests that there is more to compliance than the mere self-evident characteristic that a company should comply with all legal provisions. It shows that the term "compliance" also comprises that establishment of organisational arrangements in the form of a comprehensive system to ensure that legal provisions and all corporate policies are observed.
2. Compliance management system (CMS)
The objective of the compliance management system is the prevention of infringements. It is aimed at ensuring a generally law-abiding and sometimes even ethically correct behaviour of enterprises and their employees.
b) Development and implementation
When introducing such a system, it is important to ensure that the approach is tailored to the specific enterprise. First of all, the executive management of the enterprise must express their commitment to compliance and make a statement to this effect ("tone from the top"), appoint a Compliance Officer and set the compliance objectives. This should be followed by a strategic survey and risk analysis, which also covers the industry-specific characteristics. All the rules and regulations relevant to the enterprise should be compiled. Only after the prevailing situation has been analysed can the system design be started. Among other things, a comprehensive regime of rules and regulations and including a code of conduct and structural and process organisation needs to be developed. As a next step, the system can then be implemented. Particular attention should be given to the comprehensive training of the relevant personnel groups and generating an awareness for the topic among the employees. Following its implementation, the CMS should be continuously monitored to ensure effectiveness (including reporting) and, it should be made sure that the system is continuously adapted to new developments.
It is a fallacy to assume that introducing a CMS is a sensible and necessary move for large market-listed enterprises only; SMEs cannot dispense with such a system either, for they too may incur substantial damage to their reputation and liability risks in the event of non-compliance. By introducing and successfully rolling out a CMS, a company might be exculpated (see below). Furthermore, business partners also frequently demand proof that a compliance structure has been implemented.
C. Introducing a Penal Code for Enterprises in Germany
1. Criminal Law for Associations and Federations (VerbStrG)
A criminal law for enterprises is defined as the sanctioning of an enterprise by imposing a punishment. There is currently no such criminal law for companies in Germany, but has already been introduced in a number of European countries for quite some time. At the end of 2013, the state of North Rhine-Westphalia, however, presented a "draft bill of a law for introducing the criminal responsibility of companies and other associations" and a decision on its introduction is expected for the end of 2014.
The introduction of this Penal Code for Associations (VerbStrG) will enable not only individual employees but also entire enterprises to be punished. The company itself is to be held to account for criminal misconduct committed by its decision makers, if it violated its supervisory duties and failed to stop or prevent breaches such as money laundering, corruption and/or tax evasion. The draft bill provides for financial penalties amounting to up to ten percent of turnover, loss of subsidies and awards of public contracts, even the liquidation of the company.
2. The intention of the legislator and reach
The legislator's intention is to create an incentive for developing and cultivating of business compliance. Under § 5 of the draft bill, the sanctioning of an association may be dispensed with, if the association has taken organisational or staffing action in order to avoid similar penalties in the future und if no considerable damage resulted or if the greater part of such damage has been redressed. This regulation demonstrates the great importance of an effective CMS for companies in the near term.
The planned legislation has acquired additional significance in particular in the context of M&A transactions. As a consequence, the due diligence carried out in corporate acquisitions will become even more complex and time-consuming, because penalties may also be imposed on a company's legal successors
D. Compliance Due Diligence in M&A transaction
Due diligence on finances and taxes has become standard practice today for M&A transactions. Frequently it is, however, overlooked that separate compliance due diligence is both reasonable and necessary, because misjudging compliance risks can jeopardize the success of an M&A now that companies have to meet more and more legal requirements regarding the transparency and supervision of their activities both on the domestic and international levels.
If such risks are ignored, costly legal disputes (post-merger disputes); considerable damage to reputation and legal prosecution may loom after closing the transaction.
2. Due diligence process
When carrying out compliance due diligence, a compliance risk profile should first be prepared for the target company which takes into account industry-specific risks. Information made available in the data room for other due diligence processes may be used for this. As agreements to break the law are generally not put down in writing, further research is strongly recommended, e.g. making inquiries with public registers and black lists and conducting interviews with managers and compliance officers. In addition, the company's own CMS should be carefully compared with that of the target company, in order to quickly spot errors or identify gaps in the system and to facilitate incorporation into the own system. If such a comparison should not be feasible, say because compliance structures differ greatly due to belonging to different industries, the CMS assessment can draw on national and also general international guidelines. In particular IDW PS 980, an auditing standard developed by German auditors, the UK Bribery Act Guidance and the Resource Guide to the U.S. Foreign Corrupt Practices Act (FCPA) should be mentioned in this context.
After completion of a compliance due diligence, its results must be incorporated into the transaction, and for instance the enterprise value reassessed or a new more effective CMS introduced.
A first significant step is the awareness of major players that compliance is becoming ever more important for the business world. Once an awareness has been developed for this issue, there is greater appreciation of the need for a functioning compliance management system. Due to the vast number of legal standards, guidelines and policies, it is recommendable to obtain legal advice at an early stage when introducing or optimising a CMS, in particular to mitigate the risks in the fields of corruption, data privacy, environmental protection, financial accounting, public procurement law and anti-trust law.
A functioning CMS is also becoming increasingly important for the planning of M&A deals due to frequent financial and conceptual risks associated with the transaction. In this context, we must emphasize again the necessity of carrying out compliance due diligence in the target company, as such due diligence is gaining more and more importance in particular for the acquisition of German companies due to the legislative efforts towards a criminal law for enterprises. In the future, such compliance due diligence should become an indispensable part of an M&A transaction in addition to financial, tax and legal due diligence.
Dr. Andreas Lachmann, Partner,
RWP Rechtsanwälte PartG mbB
Dirk Lahme, Salary-Partner,
RWP Rechtsanwälte PartG mbB
Nadine Longrée, Salary-Partner,
RWP Rechtsanwälte PartG mbB
Randi Jo Haase, Associate,
RWP Rechtsanwälte PartG mbB