Compliance – what is actually still permitted today?

There is therefore no one compliance regulation; instead, what is meant is general compliance with legal provisions, in particular laws and directives but also voluntary corporate policies. However, this also makes it clear that this obligation to ensure legally compliant conduct is aimed primarily at a company’s management, as ultimately only the management is in a position to ensure that regulations are complied with and to implement this within the company, which an employee in a position below the company management would not be able to do from a purely factual perspective. Thus, a corruptible or corrupting employee may ultimately have recourse to the company’s management, as they had not ensured that illegal actions were inhibited or prevented. The only potential exception is for compliance managers, who are employed specifically to ensure that provisions are complied with at a company. Based on their particular position, compliance managers can be called to account in civil and even criminal proceedings, although they are employees at a level below that of the company management – albeit only under very specific circumstances.  

But which points require particular attention in the scope of compliance?  

Since the entire legislation theoretically needs to be considered, it is difficult to single out particularly “important” specifications. However, it is certainly possible to highlight a few key regulations, not least based on various incidents that have been extensively reported on in the public domain.  

First of all, the anti-trust law deserves a mention here. This aims to defend against “prevention, restriction or distortion of competition” (Section 1 Restriction of Competition Act (GWB)). Accordingly, it prohibits anticompetitive agreements and misuse of market power, above all. This includes, in particular, understandings between companies that are direct competitors on the market. It is clear that there can be no free competition if, for instance, competitors agree on the purchase or sales price. However, restrictions to competitiveness are also prohibited in the supply chain; for example if suppliers and recipients set the resale price.

Competition law should also be mentioned as a focus point. In particular the Federal Law regarding Unfair Competition (Gesetz gegen den unlauteren Wettbewerb, UWG) contains numerous regulations to protect competitors, consumers and other players on the market. A so-called “blacklist” is used to list clear-cut cases that are always prohibited; for example, using quality marks without the relevant approval. Targeted obstruction of competitors is also prohibited in accordance with the UWG, and specifications on comparative advertising are also included here.  

Another point to be addressed is the fight against corruption. This is sanctioned under criminal law in accordance with the specifications of Sections 331–338 of the German Criminal Code (Strafgesetzbuch; StGB) as well as in Section 299 ff for individuals who are not government officials. For this reason, “rewards” for the employees of a business partner in order to gain benefits from a (planned) business relationship are prohibited.  

A further key point is the (correct) disclosure of a company’s financial position. As the annual financial statements, in particular, play an instrumental role in determining a company’s financial situation, be it for customers, suppliers and investors or for the capital market or shareholders, and the annual financial statements themselves are a result of the company’s accounts, there are extremely detailed and strict regulations for these. The obligation regarding accounting is specified in more detail in Section 238 ff of the German Commercial Code (HGB). The “Grundsätze ordnungsgemäßer Buchführung” (principles of proper accounting) in particular must be taken into account here. The level of detail for the individual specifications to be taken into account is in turn based on the size of the company, from a sole trader to a small corporation up to the capital market-oriented parent company of a Group.  

A further compliance focus arises from the area of commercial law; namely a company’s obligation to inform and report. The German Commercial Code sets out extensive obligations regarding publication in the commercial register, including entry of the company itself as well as all changes. With new legal regulations, a publicity obligation has also been implemented, which obligates companies of a certain size to disclose the annual financial statements in electronic form.  

Commercial law also includes the archiving obligation as a further focus of compliance. This not only obligates companies to retain items that can be defined as accounting documents in the narrower sense, such as invoices and receipts, but also states that companies are obligated to archive general business documents, such as commercial letters, whereby it is irrelevant whether these are received or sent by the company in question. These documents must always be collected and retained for a period of up to ten years. It goes without saying that this cannot be done in a shoebox based on the idea that “the main thing is to collect them”. Rather, the principles of proper accounting must also be taken into account in this case in order to guarantee an accurate overview of the situation at the company.  

Another key point that should be mentioned is compliance with tax laws. Companies are obligated to comply with tax regulations, in particular those regarding tax declaration and payment. The legal basis for these points can be found in the German Fiscal Code (Abgabenordnung; AO). Here, companies not only have cooperation obligations such as the declaration of tax obligations; they are also obligated to acquire the necessary and potentially extremely specialised expertise regarding complex or difficult tax-related procedures, be this by attending training themselves or relying on external consultants.  

It is not surprising that data protection is a major focus of compliance. In view of the numerous data protection scandals that have come to light in the past, a rethink has long set in at companies and the handling of sensitive data now enjoys increased attention. As well as the protection of personal data under the terms of the German Data Protection Act (Bundesdatenschutzgesetz; BDSG), this point also includes data security, i.e. the protection of sensitive corporate data that is not intended for the public such as cost factors, customer relationships or intellectual property rights. In the scope of compliance, companies must therefore ensure data protection and data security through suitable measures.  

Yet another point is gaining significance from a compliance perspective: environmental protection obligates companies to adhere to certain standards. The starting point for this is the requirements of Section 22 of the German Recycling and Waste Management Act (Kreislaufwirtschafts- und Abfallgesetz), which is directed towards saving resources when manufacturing, developing and using products. At the same time, this Act also provides standards for labelling harmful products and requirements for references regarding return and reuse options.  

Finally, for companies with business relationships abroad, the area of export controls must be mentioned as a key guideline. This aims to prevent the export not only of weapons and arms, but also of dual-use goods, i.e. products that could be used for both civilian and military purposes. As well as the War Weapons Control Act (Kriegswaffenkontrollgesetz), the Foreign Trade Act (Außenwirtschaftsgesetz) is particularly relevant here and contains important provisions.  

The information above is just a small selection of all the points that need to be considered in the scope of compliance. However, at the same time it clearly demonstrates that a company’s management would certainly be overwhelmed if it alone had to ensure compliance with all the specifications. The compliance managers discussed previously are therefore becoming increasingly important in companies, just as implementing compliance management is almost mandatory for any company.