Compliance is the totality of all (reasonable) measures that establish the rule-compliant behaviour of a company, its management bodies, its executives and employees with regard to all legal requirements and prohibitions like Commercial Code, Basel II, German Federal Telecommunications Act (TKG), GDPR, German Federal Data Protection Act (BDSG), German Federal Stock Corporations Act (AktG), German Federal Act on Limited Liability Companies (GmbHG), SOX, Principles for Keeping and Storing of Books, Records and Documents in Electronic Form and the Access to Data (German GoBD), German Federal Act for Control and Transparency in Business (KonTraG), German Works Constitution Act (BetrVG), etc. in order to avoid liability claims and legal disadvantages for the company.
Implementing effective compliance structures has become the central factor for entrepreneurial success. This requires the interaction of management, legal, auditing, controlling, IT and other departments. As many examples show, non-compliance with normative framework conditions is associated with high liability risks and enormous damage to a company's image.
Liability management must not be reduced to the areas of financial management or IT management or even just corruption. The entire operational area of risk management must be taken into account.
The goal of liability management is to avoid the liability of the management through active risk prevention in all areas of the company in order to prevent all conceivable scenarios of claims - as far as possible - from the outset. In principle, the company is liable with all its assets for the actual amount of damage or it is drawn into an unforeseen defence against an unfounded claim, which in any case ties up company resources, threatens its image and causes costs. The defence against a claim - even an unfounded one - is made extremely difficult if the company cannot prove that it was not at fault or did not cause the damage. In special cases, managers and employees are also liable; managing directors of limited liability companies, for example, are also liable with their private assets.
To cope with liability management, measures are required – in addition to insurance cover – in entrepreneurial initiative, practised as a permanent, regularly repeated, coordinated process accepted by all.
We contribute to the process of liability minimisation by first identifying and analysing the legal risks and, based on these results, establishing a compliance organisation in the company. We place particular emphasis on a practicable approach without lengthy preliminary analyses, which is made possible by our long experience.
The compliance organisation is based, among other things, on the creation of guiding principles and guidelines as well as by raising employees' awareness of compliance issues. By implementing a risk monitoring system, precautions are taken for crisis management.
We conduct regular training and audits and also propose measures for post-crisis care. This ensures the implementation of and compliance with regulatory requirements and creates company-wide transparency and integrity.
Liability management is an essential contribution to the staying power and survivability of a company.
“We are not only responsible for what we do, but also for what we don’t do.” (Voltaire 1694 – 1778)
Whistleblower system as a necessary part of a functioning compliance management system (CMS)
Due to the Whistleblower Directive and the Whistleblower Protection Act legal entities in the public sector and companies with more than 50 employees will in future be obliged to set up legally compliant whistleblower systems.
These internal reporting channels have to guarantee the anonymity and/or confidentiality of the whistleblower when submitting a report about specific legal violations – be it verbally, in text form or in a personal meeting.
For a whistleblower system to work well, it is important that the person or organisational unit managing the internal reporting system can act independently. There should be no conflicts with other interests and confidentiality must always be maintained.
The law therefore considers the independent data protection officer to be particularly qualified to undertake the tasks of an internal reporting office. The duty of confidentiality ensures that the identity of the whistleblower remains protected.
The benefits from the tips your company receives due to a lean whistleblower system that protects whistleblowers and fulfills all legal obligations should not be underestimated.
Our conviction: compliance is a business of trust. That is why our compliance hotline (whistleblower system) is attended by people with experience, empathy and a high level of legal competence. Even in the age of digitisation, it is important in favour of our clients to create trust, right from the first contact.
We will gladly assist and advise you on expanding your whistleblower system and take on the tasks of an internal reporting channel for you.
Depending on the requirements, we provide the following reporting channels:
Whistleblower telephone hotline