Regulatory requirements for companies are constantly increasing in a national, European and global context. This is accompanied by growing expectations of good and transparent corporate governance, non-compliance with which is increasingly associated with heavy sanctions. Corporate management therefore faces the enormous responsibility of keeping both strategic decisions and day-to-day operations continuously in line with laws, regulations and internal policies – worldwide if necessary.
Our multidisciplinary team of experienced compliance counsel can help you meet these challenges in both strategic and operational areas, and thanks to the involvement of our global compliance practice in virtually every jurisdiction around the world.
We advise companies and management on how to organize and enforce the law within the company and thus avoid liability risks – from A for foreign trade law, G for money laundering, K for anti-corruption, to P for product safety, W for whistleblowing and Z for certification, in association with our colleagues at KPMG AG. As the market leader in LegalTech, we consistently rely on modern IT solutions and innovative tools for our consulting services. To: EU Whistleblowing Directive Transposition Status in the EU Member States.
Germany is the world’s leading exporter – German companies supply their goods to markets around the globe. For every delivery that crosses the German border, a multitude of regulations from foreign trade law must be observed and often export licenses must be obtained. Failure to comply with foreign trade regulations can result in severe prison sentences and fines of up to 1 million euros for management and employees.
We advise you on setting up internal export control audit systems that fit the specific structure of your company. We check existing systems for practicability and support you in implementing any additional measures that may be required. We create compliance guidelines in foreign trade law, support you in adhering to compliance requirements and integrating internal export control measures in the company (work instructions, guidelines and training). We place a special focus on the pragmatic integration and use of IT systems in the processing of export transactions.
Our approach is holistic and we not only consider German and European export regulations, but also focus on other legal regulations that may be relevant, such as US export control law. To this end, we have access to our international network of specialists in foreign trade law and can advise our clients who have subsidiaries abroad on foreign trade law issues locally in the respective legal system.
Although it is said in soccer that “money doesn’t score goals”, it is nevertheless well known: In the end, money wins. Therefore, a simple formula applies throughout professional sports: More money brings more success. Of importance here are marketing revenues from licenses of all kinds – from advertising space to broadcasting rights to tickets.
In the world of professional sports, value is determined by the attractiveness of the competition and the image of the sport, the club and the athlete. Sponsors in particular aim to achieve a positive image transfer by acquiring advertising licenses. The market for sports licenses is therefore a reputational market. For licensors, it is therefore important to avoid damage to their image; for licensees, on the other hand, it is important to protect their investment against damage to their image.
More and more new scandals in sports make it clear: Compliance – which can be about adherence to sporting fair play as well as applicable law – poses major challenges for players in professional sports. We know how to counter them and can deliver the solutions that clubs and advertisers need to do so.
By conducting compliance due diligence, the buy-side avoids the unintentional “co-purchase” of compliance risks and their consequences when acquiring a company, which is not reflected in the purchase price: Fines or imprisonment for the perpetrators of criminal offenses, fines for the corporate bodies and the company – possibly in the millions in the case of breaches of supervisory duties or antitrust violations -, liability for damages of the corporate bodies vis-à-vis the company as well as the company in the case of damage to third parties, loss of approvals or permits and, last but not least, damage to reputation.
We support the acquiring side in M&A processes in identifying and reducing or avoiding corresponding risks in the acquisition of companies. We accompany and advise our clients in every phase of an M&A process, conduct compliance due diligence with regard to such risks and also advise on appropriate hedging in the transaction purchase agreement.
The company’s management bears the organizational and supervisory responsibility for compliance requirements within the company. A central building block for fulfilling this duty is instruction through regular training of the affected operational employees and the company’s management level.
We have many years of experience and the necessary know-how to design and implement a customized, innovative training concept for you that meets the requirements of a proper compliance organization in terms of content, selection of addressees, methodology, frequency, control as well as documentation. In addition, we support you in the selection of a suitable e-learning provider, create training materials and conduct training courses in all relevant subject areas, if desired also worldwide at any location – all from a single source, quality-assured and with the involvement of local specialists.
Compliance with all laws, contractual obligations and internal regulations relevant to a company’s business activities requires compliance management appropriate to the company, which must be an integral part of risk management.
Auditing the regularity of the compliance organization and its effectiveness in day-to-day business is one of the tasks of Internal Auditing. As an independent auditing body, it examines whether the various corporate divisions are acting in compliance with the rules. In a compliance audit, specific compliance areas are examined to determine how compliance management is implemented in individual business areas or in operational processes. The focus here is on random checks.
The basic principles for auditing a compliance management system (CMS) are contained, among others, in the auditing standard IDW PS 980 as well as the certification standards ISO 37001 for anti-corruption management systems and ISO 37301 for compliance management systems in general. Naturally, these standards are limited to general statements on the basic elements of a CMS and their examination by external auditors. The ISO standards base the audit on the “Plan-Do-Check-Act” (PDCA) principle. Reviewing the effectiveness of compliance management in the operating business units is often also the task of Internal Audit. A compliance audit requires – based on the principle of legality control – comprehensive legal knowledge in any case.
Taking into account the specific needs of your company, we offer you a tailored audit approach that involves specialized auditors, industry specialists and other experts from KPMG AG Wirtschaftsprüfungsgesellschaft – worldwide if required.
Corporate governance is increasingly taking place in the context of internal auditing (IA), risk management (RMS), compliance management (CMS) and internal controls (ICS) – the decentralization of governance systems in all three lines of defense is the trend of the hour, especially against the backdrop of ever stronger organizational and monitoring requirements with regard to proper delegation (StaRUG, FISG, ESG). Where is corporate governance heading in the future and what role will LegalTech play?
We support companies in the efficient and legally compliant design of their governance systems. Thanks to extensive experience and expertise, we know the requirement and the actual impact of all governance elements. We support you in setting up your governance in a legally secure manner and, especially in cooperation with the experts at KPMG AG Wirtschaftsprüfungsgesellschaft, in developing it strategically – not only in all areas of compliance law, but also in questions of supervisory and organizational law relating to governance functions.
Handling personal information such as employee or customer data has become an integral part of everyday business life. In this context, all parties involved operate in a highly complex legal environment consisting of, among other things, the European General Data Protection Regulation, national data protection law in the form of the German Federal Data Protection Act (Bundesdatenschutzgesetz) or state data protection laws, sector-specific data protection regulations in many specialized laws, and a large number of court decisions. In addition, there are the various standards for ensuring appropriate technical and organizational data protection and the data protection regulations of all countries in which a company operates.
Companies must effectively counter these risks and align their own data protection organization in such a way that violations of the law are effectively avoided.
With our attorneys specializing in data protection compliance, we can always help you identify potential risks to your company and minimize them by implementing appropriate preventive measures. We support you
Thanks to our international KPMG network, we are also able to provide you with comprehensive support in cross-border matters, anywhere in the world.
A whistleblower system is an early warning system for company management, ensures the necessary protection for whistleblowers and those affected as part of case management, and helps companies avoid liability risks in the event of compliance violations. The German Corporate Governance Code, the Auditing Standard 980 of the Institute of German Certified Public Accountants (IDW PS 980) and the Guidance of the U.S. Department of Justice on Compliance Programs (June 2020) regard whistleblowing systems as a hallmark of every compliance management system.
Since 2022, the establishment of a whistleblowing system has been a concrete requirement for all companies with more than 50 employees as well as for public authorities, municipalities with a population of 10,000 or more, and public sector companies in the EU: The EU Directive on the Protection of Whistleblowers (RL EU 2019/1937) requires the establishment of internal reporting channels and a case management system for reporting and processing violations of European law in particular.
We accompany you in the implementation of suitable systems and facilities in your company. In addition, we support your company with the KPMG Whistleblowing Gap Analysis – an in-depth target/actual analysis that is IT survey-based and available for all EU member states.
In addition, we offer you the “
EU Whistleblowing Directive
Transposition Status in the EU Member States” , a holistic, IT-based whistleblowing solution that includes all essential steps from legally compliant implementation to regular operation. The package covers all legal aspects of the whistleblowing system from the receipt of information to internal investigations to the final report – together with our cooperation partner EQS Group, Europe’s leading provider of IT-based whistleblowing systems, you thus receive a globally applicable solution from a single source.
Money laundering – by organized crime, among others – and terrorist financing are offenses against which the state must protect itself and for the prevention of which it relies primarily on companies operating within its territory. However, the resulting requirements are rarely on the agenda of companies and their legal representatives.
At the same time, companies are increasingly being abused, especially in Germany, to launder incriminated money. The number of unreported cases of money laundered in Germany each year amounts to up to 100 billion euros. The companies involved in concealing the origin of incriminated money often do not notice this, or notice it too late, which can entail considerable legal and economic risks. In such cases, there is a risk, for example, of involvement in criminal investigations, administrative offense proceedings, loss of reputation, sanctioning by business partners (blacklists) etc. The risks exist both for the company itself and for the management or money laundering officers.
In addition to the general compliance law regulatory framework (above all Section 130 OWiG, criminal law standards), there is a special regulatory law codified in the Money Laundering Act (GwG) that contains regulations for specific addressees, so-called obligated parties. In addition to companies in the financial sector (for example, credit and financial services institutions, insurance companies, insurance intermediaries or capital managers), it is in particular companies outside the financial sector (including real estate agents and so-called dealers in goods) that are obligated parties under the AMLA.
We provide comprehensive advice on all aspects of money laundering compliance and support you in prevention, monitoring and defense – all from a single source.
|The regulations of capital market law primarily concern the prohibition of insider trading and market manipulation as well as the handling of insider information. Violations are proven with significant fines. Sanctions can also be made public, which poses considerable reputational risks for companies and governing bodies.|
We provide comprehensive support in setting up suitable processes at an early stage to ensure that insider information is identified within the company and that the further internal process up to ad hoc notification is as smooth as possible. If necessary, we can also draw on our close network of experts, particularly with regard to the practical implementation of processes within the company.
We also advise on reporting obligations under capital market law, such as managers’ transactions or voting rights appeals. Even if a decision to postpone publication or an ad hoc announcement becomes necessary in individual cases, we provide support based on our experience.
The central component of a compliance management system (CMS) is the compliance culture. An essential CMS element is also its monitoring and improvement. It is therefore crucial to measure the compliance culture in the company in order to be able to derive necessary CMS improvements and at the same time increase awareness of compliance.
For both, we use our KPMG Integrity Thermometer, which can be used company-wide as an end-to-end solution. In this validated professional and technical solution, which we offer in cooperation with the experts from KPMG Netherlands, the compliance culture is measured by means of an online survey tool, including subsequent flexible evaluations in report and dashboard format. The solution has proven itself in worldwide use for many years.
As a core component of risk management, crisis management is the responsibility of the company’s management. To this end, it must maintain an appropriate business continuity management (BCM) system for crisis situations in order to fulfill its statutory organizational obligations. An appropriate organizational structure and process organization of the BCM system should be individually tailored to a company and at the same time be based on the ISO standard 22301. The legal obligation to manage crises may also directly affect representatives who do not hold a position within the company. We support companies in crisis management and coordinate all legal consulting aspects from a single source.
Our range of consulting services includes legal support in the area of preventive crisis management in the BCM process in (1) business impact analysis, (2) resource analysis, (3) strategy derivation, (4) emergency plans and (5) BCM testing in cooperation with the specialists of KPMG AG Wirtschaftsprüfungsgesellschaft.
On the other hand, we support companies in acute crisis management in dealing with a concretely threatening crisis or one that has already occurred. Crisis response measures are business decisions for which there is discretion under the business judgment rule. We create legal certainty for decisions in the event of a crisis and prevent negative consequences under company law and sanctions.
On January 1, 2022, the Act on the Introduction of a Lobby Register for the Representation of Interests vis-à-vis the German Bundestag and vis-à-vis the Federal Government (Lobby Register Act – LobbyRG) came into force.
All natural persons and organizations that make contact with members of the German Bundestag or the Federal Government in order to influence political processes, or that commission such activities, must register in the lobby register if their activity exceeds a materiality threshold defined in the law and none of the exceptions provided for in the law apply. Voluntary registration is also possible.
Anyone who fails to register or makes incorrect, incomplete or untimely entries despite an existing obligation to register commits an administrative offense that can be punished with a fine of up to 50,000 euros. Together with the entry, companies are required by the Lobby Register Act to provide extensive information on the political representation of interests to the Bundestag and the federal government. In addition, there are obligations to register in the EU Transparency Register and – in steadily increasing numbers – in lobby registers of individual German states. We support companies in implementing the registration requirements and in setting up rule processes to ensure register compliance.
Manufacturers, importers, distributors and, under certain circumstances, dealers of products must ensure that their products comply with the applicable legal requirements. Unsafe products can not only lead to financial losses, but can also endanger the health or even the life of end users. Therefore, when there is evidence that their products are unsafe, companies must respond quickly and appropriately. Otherwise, they may be subject to civil liability, public security measures, criminal sanctions and loss of reputation.
We support you in all questions of product compliance, in particular
We combine the legal expertise of our lawyers with the technical expertise of the engineers and experts for quality management systems and ISO certifications of KPMG AG Wirtschaftsprüfungsgesellschaft and KPMG Cert GmbH. Our international KPMG network enables us to provide product compliance advice from a single source, even across national borders.
Compliance risk analysis is at the heart of preventive compliance. It is a prerequisite for the establishment of any compliance management system and must be anchored as a regular process in all companies. The company’s management has a supervisory and organizational duty under company law and sanctions to conduct a proper risk analysis in order to take the measures necessary to prevent violations of company-related duties.
With our modular, efficient, and IT-supported approach, we support companies in risk identification, analysis, and corresponding reporting, including a recommendation of measures – for individual company units and aggregated for the entire corporate group. Our Compliance Risk Assessment covers three points:
Legal entities under private law, registered partnerships, trusts and comparable legal structures must report information on their beneficial owners to the transparency register. I.e. in particular the common legal forms GmbH, Kommanditgesellschaft / GmbH & Co. KG, Aktiengesellschaft / SE, Vereine / Stiftungen have not only to identify their beneficial owner but also to positively notify the Transparency Register for registration and to keep track of changes on an ongoing basis.
Beneficial owner – who is it?
The beneficial owner is the party that controls more than 25% of the capital shares or more than 25% of the voting rights, or exercises control in a comparable manner. If a company does not have an actual beneficial owner (shares in free float), then the legal representatives (managing directors / board of directors) are regularly the so-called fictitious beneficial owners. Special features must be observed in the case of multi-level shareholdings, but also in the case of voting rights agreements, voting rights pools, etc.
Notification to the Transparency Register
Our experts will be happy to support you in implementing the notification to the transparency register. Especially for larger groups of companies, but also for companies with scarce personnel resources, we offer a simple and user-friendly takeover of the registration and updating process to free up important capacities for your operative business. Support for reporting to the Transparency Register by KPMG Law – Transparency Register Tool by KPMG Law.
Our colleagues at KPMG Law will take the hassle out of the transparency register for you. KPMG Law not only supports you in legal matters relating to the transparency register, but also takes care of the notification of beneficial owners for you.
Europe-wide digital solution – Our KPMG Law Transparency Register Tool
KPMG Law has developed a digital web-based tool, especially for larger groups, that reduces your organizational effort in reporting to the Transparency Register as much as possible.
With this cloud-based tool, we offer companies the possibility of recording the data relevant for the transparency register or comparable registers in other EU countries in a user-friendly solution. No separate, additional registration in the official transparency register is necessary – neither in Germany nor in other EU countries.
In addition, the tool provides you with a constant overview of the current reporting status and audit-proof documentation of the reporting history. This is not offered by the official portal of the Transparency Register.
Supervision by the Federal Office of Administration – discrepancy reports and fine proceedings
Obligated parties under the MLA must obtain an extract from the transparency register as part of the identification of business partners and check it. If you find discrepancies with the information you have, you must submit so-called discrepancy reports. In practice, banks, notaries, but also industry now submit a not inconsiderable number of discrepancy reports in the event of anomalies or missing entries in the transparency register.
Discrepancy reports are verified by the Federal Office of Administration (supported by the Federal Gazette). If errors or non-reports are detected, there is a risk of not inconsiderable fines. The Federal Office of Administration uses a catalog of fines linked to turnover.
Further information & downloads and brochures
Companies and their executive bodies must comprehensively investigate violations of laws, regulatory requirements or internal guidelines if there are any grounds for suspicion. This clarification is carried out by means of internal company investigations, in which we support our clients with our experience and expertise.
Internal company investigations serve to clarify the facts and analyze the risks, but also help the company to define the strategy for the internal management of a crisis case and for its external communication. In addition, independent investigations serve to identify claims against corporate bodies, employees or third parties and to secure evidence on the basis of which any damage incurred by the company will have to be compensated.
We support companies in planning and conducting internal investigations, either as independent investigators or in cooperation with in-house intelligence departments. We put together an individual team of experienced lawyers, including criminal defense attorneys, for the implementation and, if necessary, also cooperate with the management consultants of KPMG AG Wirtschaftsprüfungsgesellschaft. We also support our clients in the selection and coordination of external specialists and individual defense counsel for affected employees, interview employees, conduct background research, and review files and digital data in compliance with data protection laws.
In August 2019, the German Federal Ministry of Justice and Consumer Protection (BMJV) presented its long-announced draft bill for an “Act to Combat Corporate Crime.” The core is the draft for a new Association Sanctions Act (VerSanG-E), on the basis of which companies and other associations can be sanctioned more drastically for criminal offenses than is currently the case under the OWiG. At the same time, explicit incentives are to be created for companies to prevent criminal behavior in advance and to independently investigate crimes that have been committed. The bill is subject to discontinuity in 2021 when the legislative session ends.
However, the discussion about sanctioning companies has been given a new lease of life by the current federal government. Accordingly, the core points of the draft Association Sanctions Act are also taken up in the coalition agreement of the traffic light coalition with the following formulation:
“We are protecting honest companies from competitors who are unfaithful to the law. We are revising the rules of corporate sanctions, including the level of sanctions, to improve the legal certainty of companies with regard to compliance obligations and provide a precise legal framework for internal investigations.”
It therefore remains to be seen whether there will be a renewed attempt at an association sanctions law or whether there will merely be a revision of the already existing administrative offences law. We will keep you up to date.
A violation of insider law regulations can quickly result in substantial fines. Good preparation and support by experienced persons can serve as precaution against this avoidable risk.
Update: Excessive reporting requirements for foreign companies
Update: Excessive reporting requirements for foreign companies
New countries and a first birthday
KPMG Law assists in the verification of the beneficial owner and, if requested, subsequently makes the notification to the transparency register.
KPMG Law supports you in checking beneficial ownership and, upon request, can then notify the Transparency Register.
EU Whistleblowing Directive - Transposition Status in the EU Member States
Stuttgart Site Manager
Head of Compliance & Corporate Criminal Law
tel: 0711 781923418
© 2023 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit https://home.kpmg/governance.
KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.