Suche
Contact
03.03.2020 | KPMG Law Insights

Business Continuity Management – How to steer your company through the crisis

Business Continuity Management – How to steer your company through the crisis

Whether a company becomes the target of a cyber attack or operations are interrupted because its own workforce or that of a supplier is absent due to illness, there are a variety of scenarios that challenge a company’s emergency and crisis management. Effective business continuity management enables companies to prepare for crises and, in particular, to clarify in advance legal issues that regularly arise in crisis management. In the following, we would like to draw your attention to some useful crisis prevention measures and their legal implications, and present practical approaches to solving them.

  • Identify which business processes are mandatory for the operation and existence of the company (so-called business impact analysis). In addition to the workforce, it can also be the timely fulfillment of delivery obligations of one of your suppliers, the functionality of your IT system or even the energy supply for your production facilities. Evaluate how long you could do without the critical business processes without putting your company’s existence at immediate risk. Find out at what point it becomes “critical” for the existence of your company and evaluate this criticality, because your actions should be based on this. For example, you will have to react differently to the loss of fifty percent of your workforce than you would if “only” five percent of your employees were absent. You will take different measures in the event of a power failure than in the event of the complete destruction of your production facility by fire.
  • Develop strategies for dealing with the potential failure of an entire division or business process. In doing so, also identify fallback and resupply opportunities and establish restart procedures.

If supply bottlenecks are to be feared in the short term, supply chains must be structured as far as possible to withstand crises. First and foremost, this means that companies should immediately look for alternative providers. However, it should be borne in mind to check the existing contracts to see whether exclusivity agreements, special termination rights or contractual penalties make it more difficult to commission new suppliers or represent an economic risk.

Coordinate with your works council at an early stage on measures requiring co-determination that may have to be implemented in the event of a crisis. From a business perspective, it may be appropriate in individual cases to introduce short-time working, assign employees to other tasks or temporarily change the contractually agreed place of work (e.g. home office). It is true that negotiations between the employer and the works council are reluctant to deal with scenarios that seem unlikely to occur. However, experience also shows that negotiations are made considerably more difficult when there is immediate pressure to act and events in the company are happening at the same time.

  • Establish contingency plans that mirror your strategies. Once the crisis has occurred, it will generally be too late to develop a concept, examine the legal implications and communicate them within the company. Make sure your emergency plan is clearly understood and manageable. In the event of a crisis, defined processes provide security and structure.
  • Crisis management, as a core component of risk management, is the responsibility of management. It must maintain an appropriate business continuity management (BCM) system for crisis situations in order to fulfill its statutory organizational obligations. In doing so, you must be able to answer the following questions:
    • How do you ensure monitoring of crisis risk and occurrence?
    • How is management reporting done and who is responsible for it?
    • By whom is the competent and timely assessment of the situation carried out?
    • How and by whom are concrete options for action developed?
    • How do you ensure that management decisions are always based on sufficient information?
    • Who monitors the implementation of these decisions and by what means?
    • How and by whom is internal and external crisis communication carried out?
    • What are your legal notification and reporting obligations (e.g. data protection or capital market law) and who is responsible for fulfilling them in a crisis?

Responsibilities and roles must be assigned clearly, without overlap and without gaps. The responsible employees must be carefully selected in advance according to competence and instructed on the emergency concepts. Only in this way can a BCM system meet the requirements of a legally effective delegation.

  • In the event of an emergency, form a crisis team (Business Continuity Committee) that includes internal and external representatives with all the necessary competencies. The required competencies result from the specific crisis. Expertise in human resources, IT and communications will be required on a regular basis.
  • Regularly check whether your business impact analysis is still up to date and whether your contingency plans and crisis management organizational structure work in an emergency. Weaknesses are to be analyzed and eliminated.
  • As management, make sure that your crisis management decisions do not leave you open to legal challenge. Always exercise their business judgment in the crisis and in preparation for it without discretionary error.

Explore #more

27.05.2024 | KPMG Law Insights

Agreement on ecodesign regulation: products to become more sustainable

After lengthy negotiations, the Council and Parliament of the European Union reached a provisional agreement on the Ecodesign Regulation on the night of December 5,…

22.05.2024 | KPMG Law Insights

The AI Act is coming: EU wants to get a grip on AI risks

For many people, artificial intelligence (AI) is the great hope for business, healthcare and science. But there are also plenty of critics who fear the…

17.05.2024 | KPMG Law Insights

Podcast series “KPMG Law on air”: When the family business is to be sold

Around 38,000 family businesses are currently handed over each year. In most cases, the change of ownership takes place within the family. But more and…

03.05.2024 | KPMG Law Insights

Doubts about inability to work? What employers can do

The certificate of incapacity for work (AU certificate) serves as proof of incapacity for work due to illness. However, only if the certificate meets certain…

27.03.2024 | KPMG Law Insights

EU Buildings Directive: life cycle greenhouse potential becomes relevant

On March 12, 2024, the EU Parliament approved the amendment to the EU Buildings Directive. The directive obliges member states and, indirectly, building owners and…

19.03.2024 | Business Performance & Resilience, KPMG Law Insights

CSDDD: Provisional agreement on the EU Supply Chain Directive

The EU member states agreed on the CSDDD, the EU Supply Chain Directive, on March 15, 2024. Germany abstained from the vote. Negotiators from the…

21.02.2024 | KPMG Law Insights, KPMG Law Insights

The Digital Services Act – what does it mean for companies?

The Digital Services Act (DSA) is a key component of the EU’s digital strategy and came into force on November 16, 2022. As a regulation,…

15.02.2024 | KPMG Law Insights

Data compliance management: How to implement it in practice

Part 3 of the article series “Professional tips for data compliance management”   The third part of this series of articles deals with data compliance

14.02.2024 | Business Performance & Resilience, PR Publications

Guest article in ZURe: Monitoring the implementation of the LkSG

The current issue of ZURe (p. 20 ff.) contains a guest article by KPMG Law Partner Thomas Uhlig (Head of General Business and Commercial Law),…

09.02.2024 | KPMG Law Insights

Podcast series “KPMG Law on air”: The employment law function

In almost all German companies, the employment law function is located in the HR department and not in the legal department. One of the reasons…

Contact

Dr. Bernd Federmann

Partner
Stuttgart Site Manager
Head of Compliance & Corporate Criminal Law

Theodor-Heuss-Straße 5
70174 Stuttgart

tel: 0711 781923418
bfedermann@kpmg-law.com

Johanna Friedrichsen

Senior Manager

Barbarossaplatz 1a
50674 Köln

tel: +49 30 530199125
jfriedrichsen@kpmg-law.com

Dr. Stefan Middendorf

Partner
Duesseldorf Site Manager

Tersteegenstraße 19-23
40474 Düsseldorf

tel: +49 211 4155597316
smiddendorf@kpmg-law.com

© 2024 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit https://home.kpmg/governance.

 KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.

Scroll