Search
Contact
03.03.2020 | KPMG Law Insights

Business Continuity Management – How to steer your company through the crisis

Business Continuity Management – How to steer your company through the crisis

Whether a company becomes the target of a cyber attack or operations are interrupted because its own workforce or that of a supplier is absent due to illness, there are a variety of scenarios that challenge a company’s emergency and crisis management. Effective business continuity management enables companies to prepare for crises and, in particular, to clarify in advance legal issues that regularly arise in crisis management. In the following, we would like to draw your attention to some useful crisis prevention measures and their legal implications, and present practical approaches to solving them.

  • Identify which business processes are mandatory for the operation and existence of the company (so-called business impact analysis). In addition to the workforce, it can also be the timely fulfillment of delivery obligations of one of your suppliers, the functionality of your IT system or even the energy supply for your production facilities. Evaluate how long you could do without the critical business processes without putting your company’s existence at immediate risk. Find out at what point it becomes “critical” for the existence of your company and evaluate this criticality, because your actions should be based on this. For example, you will have to react differently to the loss of fifty percent of your workforce than you would if “only” five percent of your employees were absent. You will take different measures in the event of a power failure than in the event of the complete destruction of your production facility by fire.
  • Develop strategies for dealing with the potential failure of an entire division or business process. In doing so, also identify fallback and resupply opportunities and establish restart procedures.

If supply bottlenecks are to be feared in the short term, supply chains must be structured as far as possible to withstand crises. First and foremost, this means that companies should immediately look for alternative providers. However, it should be borne in mind to check the existing contracts to see whether exclusivity agreements, special termination rights or contractual penalties make it more difficult to commission new suppliers or represent an economic risk.

Coordinate with your works council at an early stage on measures requiring co-determination that may have to be implemented in the event of a crisis. From a business perspective, it may be appropriate in individual cases to introduce short-time working, assign employees to other tasks or temporarily change the contractually agreed place of work (e.g. home office). It is true that negotiations between the employer and the works council are reluctant to deal with scenarios that seem unlikely to occur. However, experience also shows that negotiations are made considerably more difficult when there is immediate pressure to act and events in the company are happening at the same time.

  • Establish contingency plans that mirror your strategies. Once the crisis has occurred, it will generally be too late to develop a concept, examine the legal implications and communicate them within the company. Make sure your emergency plan is clearly understood and manageable. In the event of a crisis, defined processes provide security and structure.
  • Crisis management, as a core component of risk management, is the responsibility of management. It must maintain an appropriate business continuity management (BCM) system for crisis situations in order to fulfill its statutory organizational obligations. In doing so, you must be able to answer the following questions:
    • How do you ensure monitoring of crisis risk and occurrence?
    • How is management reporting done and who is responsible for it?
    • By whom is the competent and timely assessment of the situation carried out?
    • How and by whom are concrete options for action developed?
    • How do you ensure that management decisions are always based on sufficient information?
    • Who monitors the implementation of these decisions and by what means?
    • How and by whom is internal and external crisis communication carried out?
    • What are your legal notification and reporting obligations (e.g. data protection or capital market law) and who is responsible for fulfilling them in a crisis?

Responsibilities and roles must be assigned clearly, without overlap and without gaps. The responsible employees must be carefully selected in advance according to competence and instructed on the emergency concepts. Only in this way can a BCM system meet the requirements of a legally effective delegation.

  • In the event of an emergency, form a crisis team (Business Continuity Committee) that includes internal and external representatives with all the necessary competencies. The required competencies result from the specific crisis. Expertise in human resources, IT and communications will be required on a regular basis.
  • Regularly check whether your business impact analysis is still up to date and whether your contingency plans and crisis management organizational structure work in an emergency. Weaknesses are to be analyzed and eliminated.
  • As management, make sure that your crisis management decisions do not leave you open to legal challenge. Always exercise their business judgment in the crisis and in preparation for it without discretionary error.

Explore #more

04.04.2025 | In the media

KPMG Law Statement in DER PLATOW Brief: FiDA – The regulatory hammer

FiDA could revolutionize the financial market. The new regulation could provide third-party providers with standardized access to financial data. But high costs and unanswered questions…

03.04.2025 | KPMG Law Insights

First Omnibus Package to relax the obligations of the CSDDD, CSRD and EU taxonomy

The EU Commission has today published the draft of the first announced Omnibus Package. With the first directive as part of the omnibus initiative,…

24.03.2025 | KPMG Law Insights

Product piracy in online retail: these are the latest tricks

Product piracy is also flourishing with the growth in online trade. A major problem for brand owners, but also a challenge for online marketplaces and…

24.03.2025 | Deal Notifications

KPMG Law advises Munich Airport on the sale of aerogate München Gesellschaft für Luftverkehrsabfertigungen mbH

KPMG Law Rechtsanwaltsgesellschaft mbH (KPMG Law) provided legal advice to Flughafen München GmbH (FMG) on the sale of its subsidiary aerogate München Gesellschaft für Luftverkehrsabfertigungen…

21.03.2025 | KPMG Law Insights

Special infrastructure assets: how the administration manages to implement projects quickly

The special infrastructure fund creates the opportunity to catch up on years of investment backlog. There is a need for urgency. Defence capability, economic growth…

20.03.2025 | KPMG Law Insights

AI Act: This applies to AI in universities and research

Artificial intelligence (AI) offers numerous opportunities for research, teaching and administration, but also raises complex legal issues. The European Union’s AI Regulation(AI Act)…

19.03.2025 | In the media

BUJ/KPMG Law Summit Transformation

The Bundesverband der Unternehmensjuristinnen und Unternehmensjuristen e.V. (BUJ) and KPMG Law cordially invite you to the BUJ Summit Transformation on May 28, 2025 in Frankfurt…

18.03.2025 | In the media

KPMG Law Statement in the German transport magazine DVZ: Planning at a crawl; DIHK sees great potential for faster traffic route construction

The Chamber of Commerce in Arnsberg regularly awards prizes to the worst state roads in the Hellweg-Sauerland region of Westphalia. A funny idea, if it…

13.03.2025 | KPMG Law Insights

ECJ tightens antitrust liability for information exchange

The ECJ (C-298/22) has recently set strict standards for the permissible exchange of information between companies. As a result, companies are now even more faced…

11.03.2025 | In the media

KPMG Law Interview with HAUFE: LkSG after the elections – everything new?

Many companies have made considerable efforts to implement the Supply Chain Due Diligence Act. The political discussion about its abolition is now causing uncertainty. KPMG…

Contact

Dr. Bernd Federmann, LL.M.

Partner
Stuttgart Site Manager
Head of Compliance & Corporate Criminal Law

Theodor-Heuss-Straße 5
70174 Stuttgart

Tel.: 0711 781923418
bfedermann@kpmg-law.com

Johanna Friedrichsen

Senior Manager

Luise-Straus-Ernst-Straße 2
50679 Köln

Tel.: +49 30 530199125
jfriedrichsen@kpmg-law.com

Dr. Stefan Middendorf

Partner
Duesseldorf Site Manager

Tersteegenstraße 19-23
40474 Düsseldorf

Tel.: +49 211 4155597316
smiddendorf@kpmg-law.com

© 2024 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit https://home.kpmg/governance.

 KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.

Scroll