Compliance (law)

from Wikipedia, the free encyclopedia
QA law

This article was entered in the editorial right for improvement due to formal or factual deficiencies in quality assurance . This is done in order to bring the quality of articles from the subject area law to an acceptable level. Help to eliminate the shortcomings in this article and take part in the discussion ! ( + )

In the legal field, the term compliance basically describes the adherence to rules in the form of law and statute (“legal compliance”, “rule conformity”). In addition, the term is also used as a synonym for measures to prevent legal violations. In a business context, it stands for the entirety of all operational measures that are intended to ensure the lawful conduct of all company employees.

Legal term

The legal term compliance has its origin in the Anglo-American legal system. He has become a synonym for a separate legal concept since its beginnings in the 1930s and 40s, which on the concept of regulated self-regulation is based ( "enforced self-regulation"). By means of incentivizing framework conditions and specific regulations, Anglo-American law assigns companies an essential responsibility for preventing corporate legal violations. This legal concept finds its expression today mainly in the legal regulations of the Foreign Corrupt Practices Act , the US Federal Sentencing Guidelines and the Sarbanes-Oxley Act .

German Corporate Governance Code (DCGK)

In the German legal system, the term compliance has not yet received a legal definition ( legal definition ). Only the German Corporate Governance Code (DCGK) contains no. 4.1.3 a basic definition.

Point 4.1.3 German Corporate Governance Code The Board of Management is responsible for ensuring compliance with the statutory provisions and the company's internal guidelines and works towards ensuring that the Group companies observe them (compliance). It should ensure appropriate measures geared to the company's risk situation (compliance management system) and disclose their main features. Employees should be given the opportunity in a suitable manner to provide protected information about legal violations in the company; Third parties should also be given this opportunity.

The DCGK contains recommendations for the sustainable management of stock corporations and is not legally binding as a measure of economic self-regulation . According to Section 161 (1 ) AktG, stock corporations must publish a declaration of conformity every year. However, deviations from the recommendations of the DCGK are always possible if the reasons are given.

Finance and Insurance Law

The term compliance has so far been mentioned by law mainly in the organizational obligations of finance and insurance law . Credit and financial services institutions must acc. § 25a Abs. 1 KWG, securities service company acc. 80 para. 1 WpHG and insurance companies in accordance with Section 29 (1) VAG operate an internal control system (ICS) that includes, in particular, a “compliance function”. For insurance companies, Section 29 (2) VAG also describes the scope of the compliance function.

Section 29 VAG. Internal control system (2) 1 The tasks of the compliance function include advising the Management Board on compliance with the laws and administrative regulations that apply to the operation of the insurance business. 2 In addition, the compliance function must assess the possible effects of changes in the legal environment for the company and identify and assess the risk associated with violating legal requirements (compliance risk).

The relevant laws see the ICS including the compliance function as an essential component of a risk management system that is integrated into the business organization . The aim of risk management is to create the basis for a "sustainable" ( section 25a (1) sentence 3 no. 1 KWG) or "solid" ( section 23 ) through the conscious identification, assessment, control, monitoring and communication of operational risks Para. 1 sentence 2 VAG) to create corporate governance. Section 25a (1) sentence 4 of the KWG and Section 26 (2) of the VAG make the specific design of the operational measures dependent on the type, scope, complexity and risk content of the business activity.

Legal phenomenon

Driven by the recommendations of the DCGK and the developments on the financial and insurance market, the term compliance in German law has become a synonym for an understanding of law that is ancillary and preventive to risk. Except for the approaches of finance and insurance law, the structures and relationships of this legal understanding in German law have not yet been given legal concretization, so that the topic of compliance is still largely a phenomenon in contrast to Anglo-American law . The essential feature of this phenomenon is an interactive method that makes use of the entirety of the legal, economic and ethical control options in order to counter dangers and in particular the risk of legal violations (socio-economic regulatory approach). This is made possible by the concept of co-regulation , the new institutional economy and business ethics .

Co-regulation

Within the framework of co-regulation , the state gives civil and, in particular, business society a responsibility to participate in the prevention of dangers. The content of the prevention responsibility is largely left to the company, with the exception of special legal requirements, and is only secured by the legal liability mechanisms ( regulated self-regulation ).

New institutional economics

The operational responsibility for prevention can be shaped with the help of the new institutional economy, which, as a departure from the neoclassical understanding of the economy, includes the behavioral control effect of institutional structures. The basis is no longer the unrealistic postulate of all-encompassing information, but the cognitively limited range of services of every person. Accordingly, in order to develop the company's potential for self-regulation, targeted regulations are required, the efficiency and effectiveness of which depend heavily on their acceptance by the corporate culture.

Business ethics

Business ethics , which deals with the conflict between economic self-interest and social responsibility , provides information about the cultural processes of economic organizations . Business ethics sees any collective oriented towards economic maxims as the central point of this conflict, which is why companies in particular are particularly responsible for using cultural measures to set sustainable incentives for observing legal and moral standards ( corporate social responsibility ).

Risk prevention

The preventive structures of the compliance phenomenon are not only expressed in the provisions of finance and insurance law . There are also regulations in numerous other areas of law that do not explicitly use the term compliance, but nevertheless convey his idea of ​​risk prevention by requiring a conscious handling of dangers.

General prevention obligations

General operational prevention obligations arise primarily from company law (corporate compliance) and the provisions of criminal and administrative offense law (criminal compliance). In addition, private law also has certain preventive obligations that apply to both companies and private individuals.

Legality control

As part of its general duty of care under company law (in particular Sections 76 (1) , 93 (1 ) AktG and Section 43 (1) GmbHG), the company management must ensure that all company employees behave in accordance with the law by countering the risk of company law violations by taking appropriate measures . Unless there are special legal requirements, company law generally grants a margin of discretion in the content of the legality control ( business judgment rule ). However, the company's management must always make its decisions on the basis of an appropriate risk analysis (risk accessoryity). In accordance with these corporate law principles, the LG Munich I decided in 2013 in one of the few rulings on the subject of compliance (" new citizens ruling" in the context of the corruption scandal at Siemens AG):

“As part of his legal obligation, a board member has to ensure that the company is organized and supervised in such a way that there are no violations of the law such as bribe payments to public officials of a foreign state or to foreign private individuals. In the case of a corresponding risk situation, a member of the Board of Management only fulfills his organizational obligation if he sets up a compliance organization geared to damage prevention and risk control. The type, size and organization of the company, the regulations to be observed, the geographical presence as well as suspected cases from the past are decisive for the scope in detail. "

If risks are discovered that could jeopardize the company's continued existence, Section 91 (2 ) AktG also requires an internal control system (ICS). However, it is not mandatory to monitor the existing risks per se with the ICS, but only the operational measures that are required to control the existing risks.

Fight against crime

Even the criminal and misdemeanor cases knows a duty to prevent workplace violations. Self-control by the company cannot replace state control. However, the scope of the duty of prevention is smaller compared to the legality control duty under company law, since only the risk of corporate crimes and administrative offenses ( corporate crime ) has to be countered. This obligation to combat corporate crime was expressly formulated in Section 130 of the OWiG. Both the applicability of Section 130 OWiG to group matters and the scope of matters abroad have not yet been conclusively clarified.

Section 130 OWiG. Obligation to supervise (1) 1 Anyone who, as the owner of a business or company, intentionally or negligently fails to take the supervisory measures that are necessary to prevent infringements of obligations in the business or company that affect the owner and the violation of which is subject to a penalty or fine, acts administrative offense if such an infringement is committed that would have been prevented or made significantly more difficult by proper supervision.

In the criminal law may have made no explicit prevention obligation exists. Nonetheless, in particular within the framework of general criminal attribution mechanisms ( Sections 13–15 StGB and Sections 25–27 StGB), a duty of management to combat corporate crime has also become established. As in regulatory offense law , the basis is the increased risk of corporate crime due to company delegation relationships and the ability of the company management to influence this risk with the help of the company's organizational structures (risk and organizational control).

The range of regulations to be observed within the framework of the duty of prevention under criminal and administrative offense law results from the company's area of ​​activity. However, one of the obligations that are subject to penalties or fines and which affect every owner of a business or company is in any case respect for free competition . To protect free competition, the Criminal Code ( Sections 298–301 StGB), the Act against Unfair Competition ( Sections 16–20 UWG) and the Act against Restraints of Competition ( Section 81 GWB) threaten corrupt , unfair and distorting practices with penalties or Fines .

Whistleblowers can also pass on their knowledge of rule violations anonymously to the law enforcement authorities, as the principle of legality requires the police to investigate anonymous reports.

Traffic safety

Companies and private individuals are obliged to protect the general public from dangers that are subject to their sphere of influence within the framework of the general civil law due diligence standards ( §§ 823, 276 BGB).

Special prevention obligations

The idea of ​​risk prevention is also increasingly finding its way into individual areas of the legal system. These special legal requirements represent an area-specific concretization of the general prevention obligations.

privacy

Since May 25, 2018, companies and private individuals have had to observe the General Data Protection Regulation (Regulation EU No. 2016/679) every time they process personal data that is or should be stored in a file system . The only exception is processing for exclusively personal or family purposes ( 2 Paragraph 2 lit. c GDPR ). In particular, the GDPR requires that risk-adequate data protection precautions are taken when processing personal data.

Art. 24 GDPR. Responsibility of the person responsible for the processing (1) The person responsible implements suitable technical and organizational measures, taking into account the type, scope, circumstances and purposes of the processing as well as the different probability of occurrence and severity of the risks for the rights and freedoms of natural persons ensure and be able to provide evidence that the processing is carried out in accordance with this regulation.

This requires keeping records of all processing activities ( Art. 30 GDPR), ensuring an adequate level of data protection ( Art. 32 GDPR) and reporting violations ( Art. 33 GDPR). A data protection officer is only required in certain cases ( Art. 37 GDPR).

Osh

The Occupational Safety and Health Act (ArbSchG) obliges employers to take occupational safety measures. According to Section 2 (1) of the ArbSchG measures to prevent accidents at work and work-related health hazards, including measures to make work more humane.

§ 3 ArbSchG. Basic obligations of the employer (1) 1 The employer is obliged to take the necessary occupational health and safety measures, taking into account the circumstances that affect the safety and health of employees at work. 2 He has to check the effectiveness of the measures and, if necessary, adapt them to changing circumstances. 3 In doing so, he must strive to improve the safety and health protection of employees.

The occupational health and safety measures are to be based on the general principles ( Section 4 ArbSchG), determined on the basis of a risk analysis ( Section 5 ArbSchG), planned and implemented with the help of a suitable organization and internal control measures ( Section 3 (2 ) ArbSchG) and documented ( § 6 ArbSchG).

anti Money Laundering

The Act on the Detection of Proceeds from Serious Crimes ( Money Laundering Act - MLA) writes players in the financial, insurance, legal, accounting, fiduciary, real estate, gaming and real estate distribution sector have a responsibility in the prevention of money laundering and terrorist financing to ( Section 2 of the GwG).

Section 4 of the GwG. Risk management (1) In order to prevent money laundering and terrorist financing, the obliged entities must have an effective risk management system that is appropriate with regard to the type and scope of their business activities.

Components of the prevention strategy are a risk analysis ( Section 5 GwG), internal security measures ( Section 6 GwG), standards of conduct ( Sections 10–17 GwG) and the reporting of suspected cases ( Section 43 GwG).

Product safety

The general duty to maintain safety in relation to products has developed in a special way. The Product Liability Act (ProdHaftG) does not formulate any special statutory prevention obligations. However, a manufacturer is not responsible for the consequences of a defective product if he has observed the legal provisions and the current state of science and technology ( Section 1 (2) No. 4 and 5 ProdHaftG).

Preventive measures

German law does not yet provide a generally applicable description of the necessary preventive measures. Nevertheless, in line with the interactive methodology of the compliance phenomenon, a certain standard of operational preventive measures has emerged. Within the framework of strategic risk management, this merges cultural learning and formal control measures into a systematic handling of the risk of operational rule violations ( compliance management system ).

Strategic risk management

The basis of the compliance management system is continuous identification and evaluation ( risk analysis ) as well as control and monitoring of the risk of operational rule violations. This need for strategic risk management is brought about primarily by the auditing standard IDW PS 980 ("Principles of proper auditing of compliance management systems") published by the Institute of Auditors in Germany eV (IDW ) and the ISO 19600 standard published by the International Organization for Standardization (ISO) (“Compliance management systems - Guidelines”).

Cultural learning process

Risk control is carried out through the use of corporate culture measures. The aim is to use an exemplary leadership style and democratic communication of values ​​to establish a culture of legality that is actually lived by all company employees and that does not tolerate any legal violations. The following measures are required for this:

Formal control process

Formal control measures are used to monitor risk . Its aim is to secure and strengthen the preventive effect of corporate culture measures ( prevention ), to uncover and clarify cases of suspicion (detection) and, if suspicions are confirmed, to sanction them ( sanction ) and to eliminate any weak points discovered in the system ( optimization ). This requires the following measures:

liability

The perception of the responsibility for prevention is secured by the legal liability structures in accordance with the concept of regulated self-regulation . If, due to inadequate preventive measures to legal compliance, threatening the prevention managers liability for damages , fines and monetary or imprisonment .

damages

Obligations to pay damages result from special laws (e.g. § 83 BDSG, § 1 ProdHaftG) and general regulations (e.g. § 823 BGB, §§ 280 ff. BGB). The company is fundamentally liable for damage in connection with breaches of duty. A violation of the operational prevention obligations acc. Section 93 (2) sentence 1 AktG, Section 43 (2) GmbHG, however, also imposes an obligation on the company management to pay compensation to the company. However, this obligation to pay compensation is not justified by every wrong entrepreneurial decision, but only when the limits of entrepreneurial discretion according to Section 93 (1) sentence 2 AktG ( Business Judgment Rule ) are disregarded .

fine

The violation of special prevention obligations is usually punished with fines under the relevant special laws (e.g. Section 56 KWG, Section 120 WpHG, Section 332 VAG, Section 56 GwG). In addition, Section 130 (3) OWiG threatens a violation of the general corporate crime prevention obligation with a fine of up to one million euros. Compared to companies, according to Sections 30 , 9 OWiG even fines of up to ten million euros can be imposed. Via Section 17 (4) of the OWiG, there is also a skimming of the entire economic benefit that has been derived from a breach of duty ( profit skimming ).

Fine and imprisonment

In some cases, violations of special prevention obligations are already criminalized by special law (e.g. Section 54a KWG). In addition, people can lead §§ 13-15 of the Criminal Code ( Business Mr. liability ) and §§ 25-27 of the Criminal Code ( participation in a criminal offense ) and criminal law for crimes of an organization / a company be called to account other relatives. In the event of inadequate measures to ensure product safety, there is also a risk of criminal liability for bodily harm according to Sections 223, 224, 226 and 227 to 230 StGB or for killing according to Sections 211 to 213 and 222 StGB (criminal product liability). German criminal law has so far not known companies to be held liable under criminal law ( corporate criminal law ).

See also

literature

  • Denis Bock: Criminal Compliance . 2nd Edition. Nomos Verlag, Baden-Baden 2013, ISBN 978-3-8487-1091-1 .
  • Florian Gottschalk: Cultivated legality - the socio-economic fight against crime through operational compliance systems using the example of economic corruption . Publishing house Dr. Kovac, Hamburg 2018, ISBN 978-3-339-10378-9 .
  • Christoph Hauschka, Klaus Moosmayer, Thomas Lösler: Corporate Compliance, manual on avoiding liability in companies . 3. Edition. CH Beck, Munich 2016, ISBN 978-3-406-66297-3 .
  • Lothar Kuhlen, Hans Kudlich, Inigo Ortiz de Urbina: Compliance and criminal law . CF Müller, Heidelberg 2013, ISBN 978-3-8114-4442-3 .
  • Thomas Rotsch: Criminal Compliance . Nomos, Baden-Baden 2015, ISBN 978-3-8329-7398-8 .
  • Gregor Wecker, Bastian Ohl: Compliance in business practice, basics, organization and implementation . 3. Edition. Springer, Wiesbaden 2013, ISBN 978-3-658-00892-5 .
  • Marc Engelhart: Sanctioning of companies and compliance, a comparative analysis of criminal and administrative offense law in Germany and the USA . 2nd Edition. Duncker & Humblot, Berlin 2012, ISBN 978-3-86113-830-3 .

Web links

Individual evidence

  1. ^ Bock, in: Kuhlen / Kudlich / Ortiz de Urbina: Compliance and criminal law . P. 57; Hauschka, in: Hauschka: Compliance . 2nd Edition. § 1 Rn. 2; Rotsch, in: Achenbach / Ransiek: Manual Commercial Criminal Law , Part 1, Chap. 4 margin no. 1.
  2. Bock, Criminal Law Aspects of the Compliance Discussion - Section 130 OWiG as the central norm of Criminal Compliance, ZIS 2009, p. 68; Vetter, in: Wecker / Ohl: Compliance in business practice . P. 2.
  3. ^ Hauschka, in: Hauschka: Compliance . 2nd Edition. § 1 Rn. 39.
  4. Engelhart: Sanctioning of companies and compliance . P. 285 ff., P. 305 ff.
  5. Government Commission: German Corporate Governance Code. Retrieved October 16, 2018 .
  6. ^ Ringleb, in: Ringleb: German Corporate Governance Codex . Preliminary remark para. 68 ff.
  7. a b Stock Corporation Act (AktG). Retrieved October 16, 2018 .
  8. Bundestag: Drucksache 14/8769. April 11, 2002, p. 21 , accessed October 9, 2018 .
  9. a b c Law on the Banking System (KWG). Retrieved October 16, 2018 .
  10. Law on Securities Trading (WpHG). Retrieved October 16, 2018 .
  11. a b c Law on the Supervision of Insurance Companies (VAG). Retrieved October 16, 2018 .
  12. Gottschalk: Cultivated Legality . P. 265; Hauschka, in: Hauschka: Compliance . § 1 Rn. 1 ff .; Rieder / Falge, in: Inderst / Bannenberg / Poppe: Compliance . Cape. 2 Rn. 46 ff.
  13. Gottschalk: Cultivated Legality . P. 100 ff.
  14. ^ Kuhlen, in: Kuhlen / Kudlich / Ortiz de Urbina: Compliance and criminal law . P. 17 ff .; Spindler: Compliance in corporate law . RW 2013. p. 293.
  15. Göbel: New Institutional Economics . P. 11 f .; Richter / Furubotn: New Institutional Economics . P. 35.
  16. Crane / McWilliams / Matten / Moon / Siegel, in: Crane u. a .: Corporate Social Responsibility . P. 4; Mühle: Corporate Social Responsibility . P. 37; Schaltegger / Müller: Corporate Social Responsibility . P. 17; Wieland, in: Backhaus-Maul u. a., Corporate Citizenship . P. 88 f .; Schwerk, in: Backhaus-Maul u. a .: Corporate Citizenship . P. 121 ff.
  17. ^ Hauschka, in: Hauschka: Compliance . 2nd Edition. § 1 Rn. 19 f .; Rotsch, in: Rotsch, Criminal Compliance before the tasks of the future . P. 5.
  18. ^ Spindler, in: Goette / Habersack: Munich Commentary Stock Corporation Act . Section 93 Rn. 74.
  19. Bundestag: Drucksache 15/5092. March 14, 2005, p. 11 , accessed October 9, 2018 .
  20. ^ Spindler, in: Goette / Habersack: Munich Commentary Stock Corporation Act . Section 93 Rn. 53.
  21. ^ LG Munich I: Judgment v. 10.12.2013 - 5 HKO 1387/10. Retrieved October 16, 2018 .
  22. ^ Spindler, in: Goette / Habersack: Munich Commentary Stock Corporation Act . Section 91 Rn. 16 ff.
  23. Bundestag: Drucksache 16/3656. November 30, 2006, p. 14, accessed May 27, 2019; Gürtler, in: Göhler: OWiG . Section 130 Rn. 18; Rogall, in: Senge: Karlsruher Commentary OWiG . Section 130 Rn. 81 ff .; Wittig: Commercial criminal law . § 6 Rn. 136.
  24. a b Law on Administrative Offenses (OWiG). Retrieved October 16, 2018 .
  25. Caracas, Christian: Responsibility in international corporate structures according to § 130 OWiG using the example of bribery in business dealings abroad without punishment . 1st edition Nomos Verlagsgesellschaft mbH & Co. KG, Baden-Baden 2014, ISBN 978-3-8487-0992-2 .
  26. a b Gottschalk: Cultivated Legality . P. 195 f .; Roxin, Criminal Law General Part II, Section 32 Rn. 135 ff.
  27. Criminal Code (StGB). Retrieved October 16, 2018 .
  28. ^ Law against Unfair Competition (UWG). Retrieved October 16, 2018 .
  29. Law against Restraints of Competition (GWB). Retrieved October 16, 2018 .
  30. BVerfG v. 2.7.2001 - 1 BvR 2049/00 - NJW 2001, 3474: Decision, testimony against employer no reason for termination .
  31. Simona Kreis: Whistleblowing as a contribution to law enforcement, page 17 . Ed .: Martina Benecke, Felix Hartmann, Sudabeh Kamanabrou, Hartmut Oetker. Mohr Siebeck, Tübingen, ISBN 978-3-16-154776-8 .
  32. a b General Data Protection Regulation (GDPR) - Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data, on the free movement of data and on the repeal of Directive 95/46 / EG. Retrieved October 16, 2018 .
  33. a b Act on the implementation of occupational safety measures to improve the safety and health protection of employees at work (Occupational Safety and Health Act - ArbSchG). Retrieved October 16, 2018 .
  34. a b Law on the tracking of profits from serious criminal offenses (Money Laundering Act - GwG). Retrieved October 16, 2018 .
  35. ^ Law on Liability for Defective Products (ProdHaftG). Retrieved October 16, 2018 .
  36. Bea / Haas: Strategic Management . Pp. 16, 22, 115; Gottschalk: Cultivated legality . P. 247.
  37. IDW: PS 980 Principles of proper auditing of compliance management systems. Retrieved October 22, 2018 .
  38. ISO: ISO 19600: 2014 Compliance management systems - Guidelines. Retrieved October 22, 2018 .
  39. ^ Rosbach: Ethics in a business enterprise - useful or superfluous formality . CCZ 2008. p. 104; Schaupensteiner: Legal compliance in the company - compliance and crisis management - concerted approach instead of individual company measures . NZA supplement 2011. p. 12.
  40. Emergency aid: The introduction of a compliance management system as an organizational learning process . CCZ 2013. p. 28; Wieland: Business ethics and compliance management - two sides of the same coin . CCZ 2008. p. 17.
  41. Gottschalk: Cultivated Legality . Pp. 248-252; Hauschka, in: Hauschka: Compliance. § 1 Rn. 42; Emergency help: the introduction of a compliance management system as an organizational learning process . CCZ 2013. p. 28; Wieland: Business ethics and compliance management - two sides of the same coin . CCZ 2008. p. 17.
  42. ^ Bock: Aspects of criminal law in the compliance discussion - Section 130 OWiG as the central norm of criminal compliance . ZIS 2009. p. 77 f .; Bussmann / Matschke: The future of corporate liability in the event of compliance violations . CCZ 2009. p. 35; Gottschalk: Cultivated legality . Pp. 252-260; Rogall, in: Senge: Karlsruher Commentary OWiG . Section 130 Rn. 54, 66; Stanitzek: The importance of criminal compliance for criminal law in the fight against economic corruption . P. 78 ff.
  43. Gottschalk: Cultivated Legality . Pp. 70-76; Poelzig: Enforcement of norms through private law . P. 587 ff .; Spindler: Company organizational obligations . P. 1007, 1021, 1027.
  44. ^ Spindler, in: Goette / Habersack, Munich Commentary Stock Corporation Act, § 76 Rn. 59.
  45. ^ Fleischer, in: Spindler / Stilz, Aktiengesetz, § 93 Rn. 61; Koch, in: Hüffer, Aktiengesetz, § 93 Rn. 4d.
  46. BGHSt 37, 106; Roxin, Criminal Law AT II, ​​§ 32 Rn. 198 ff.