Compliance & Corporate Criminal Law

Modern solutions for compliance and governance - goal-oriented, international and technologically innovative.

Regulatory requirements for companies are constantly increasing in a national, European and global context. This is accompanied by growing expectations of good and transparent corporate governance, non-compliance with which is increasingly associated with heavy sanctions. Corporate management therefore faces the enormous responsibility of keeping both strategic decisions and day-to-day operations continuously in line with laws, regulations and internal policies – worldwide if necessary.

Our multidisciplinary team of experienced compliance counsel can help you meet these challenges in both strategic and operational areas, and thanks to the involvement of our global compliance practice in virtually every jurisdiction around the world.

We advise companies and management on how to organize and enforce the law within the company and thus avoid liability risks – from A for foreign trade law, G for money laundering, K for anti-corruption, to P for product safety, W for whistleblowing and Z for certification, in association with our colleagues at KPMG AG. As the market leader in LegalTech, we consistently rely on modern IT solutions and innovative tools for our consulting services. To: EU Whistleblowing Directive Transposition Status in the EU Member States.

Consulting focus

  • Foreign trade law and export control compliance

    Germany is the world’s leading exporter – German companies supply their goods to markets around the globe. For every delivery that crosses the German border, a multitude of regulations from foreign trade law must be observed and often export licenses must be obtained. Failure to comply with foreign trade regulations can result in severe prison sentences and fines of up to 1 million euros for management and employees.

    We advise you on setting up internal export control audit systems that fit the specific structure of your company. We check existing systems for practicability and support you in implementing any additional measures that may be required. We create compliance guidelines in foreign trade law, support you in adhering to compliance requirements and integrating internal export control measures in the company (work instructions, guidelines and training). We place a special focus on the pragmatic integration and use of IT systems in the processing of export transactions.

    Our approach is holistic and we not only consider German and European export regulations, but also focus on other legal regulations that may be relevant, such as US export control law. To this end, we have access to our international network of specialists in foreign trade law and can advise our clients who have subsidiaries abroad on foreign trade law issues locally in the respective legal system.

  • Compliance in professional sports: investment protection in sponsoring

    Although it is said in soccer that “money doesn’t score goals”, it is nevertheless well known: In the end, money wins. Therefore, a simple formula applies throughout professional sports: More money brings more success. Of importance here are marketing revenues from licenses of all kinds – from advertising space to broadcasting rights to tickets.

    In the world of professional sports, value is determined by the attractiveness of the competition and the image of the sport, the club and the athlete. Sponsors in particular aim to achieve a positive image transfer by acquiring advertising licenses. The market for sports licenses is therefore a reputational market. For licensors, it is therefore important to avoid damage to their image; for licensees, on the other hand, it is important to protect their investment against damage to their image.

    More and more new scandals in sports make it clear: Compliance – which can be about adherence to sporting fair play as well as applicable law – poses major challenges for players in professional sports. We know how to counter them and can deliver the solutions that clubs and advertisers need to do so.

  • Compliance Due Diligence

    By conducting compliance due diligence, the buy-side avoids the unintentional “co-purchase” of compliance risks and their consequences when acquiring a company, which is not reflected in the purchase price: Fines or imprisonment for the perpetrators of criminal offenses, fines for the corporate bodies and the company – possibly in the millions in the case of breaches of supervisory duties or antitrust violations -, liability for damages of the corporate bodies vis-à-vis the company as well as the company in the case of damage to third parties, loss of approvals or permits and, last but not least, damage to reputation.

    We support the acquiring side in M&A processes in identifying and reducing or avoiding corresponding risks in the acquisition of companies. We accompany and advise our clients in every phase of an M&A process, conduct compliance due diligence with regard to such risks and also advise on appropriate hedging in the transaction purchase agreement.

  • Compliance training

    The company’s management bears the organizational and supervisory responsibility for compliance requirements within the company. A central building block for fulfilling this duty is instruction through regular training of the affected operational employees and the company’s management level.

    We have many years of experience and the necessary know-how to design and implement a customized, innovative training concept for you that meets the requirements of a proper compliance organization in terms of content, selection of addressees, methodology, frequency, control as well as documentation. In addition, we support you in the selection of a suitable e-learning provider, create training materials and conduct training courses in all relevant subject areas, if desired also worldwide at any location – all from a single source, quality-assured and with the involvement of local specialists.

  • Compliance Audit

    Compliance with all laws, contractual obligations and internal regulations relevant to a company’s business activities requires compliance management appropriate to the company, which must be an integral part of risk management.

    Auditing the regularity of the compliance organization and its effectiveness in day-to-day business is one of the tasks of Internal Auditing. As an independent auditing body, it examines whether the various corporate divisions are acting in compliance with the rules. In a compliance audit, specific compliance areas are examined to determine how compliance management is implemented in individual business areas or in operational processes. The focus here is on random checks.

    The basic principles for auditing a compliance management system (CMS) are contained, among others, in the auditing standard IDW PS 980 as well as the certification standards ISO 37001 for anti-corruption management systems and ISO 37301 for compliance management systems in general. Naturally, these standards are limited to general statements on the basic elements of a CMS and their examination by external auditors. The ISO standards base the audit on the “Plan-Do-Check-Act” (PDCA) principle. Reviewing the effectiveness of compliance management in the operating business units is often also the task of Internal Audit. A compliance audit requires – based on the principle of legality control – comprehensive legal knowledge in any case.

    Taking into account the specific needs of your company, we offer you a tailored audit approach that involves specialized auditors, industry specialists and other experts from KPMG AG Wirtschaftsprüfungsgesellschaft – worldwide if required.

  • Corporate Governance & Organization: Internal Control, Risk & Compliance Management and Internal Audit

    Corporate governance is increasingly taking place in the context of internal auditing (IA), risk management (RMS), compliance management (CMS) and internal controls (ICS) – the decentralization of governance systems in all three lines of defense is the trend of the hour, especially against the backdrop of ever stronger organizational and monitoring requirements with regard to proper delegation (StaRUG, FISG, ESG). Where is corporate governance heading in the future and what role will LegalTech play?

    We support companies in the efficient and legally compliant design of their governance systems. Thanks to extensive experience and expertise, we know the requirement and the actual impact of all governance elements. We support you in setting up your governance in a legally secure manner and, especially in cooperation with the experts at KPMG AG Wirtschaftsprüfungsgesellschaft, in developing it strategically – not only in all areas of compliance law, but also in questions of supervisory and organizational law relating to governance functions.

  • Data protection compliance

    Handling personal information such as employee or customer data has become an integral part of everyday business life. In this context, all parties involved operate in a highly complex legal environment consisting of, among other things, the European General Data Protection Regulation, national data protection law in the form of the German Federal Data Protection Act (Bundesdatenschutzgesetz) or state data protection laws, sector-specific data protection regulations in many specialized laws, and a large number of court decisions. In addition, there are the various standards for ensuring appropriate technical and organizational data protection and the data protection regulations of all countries in which a company operates.

    Companies must effectively counter these risks and align their own data protection organization in such a way that violations of the law are effectively avoided.

    With our attorneys specializing in data protection compliance, we can always help you identify potential risks to your company and minimize them by implementing appropriate preventive measures. We support you

    • from the analysis and optimization of your data protection organization
    • on the information and training of those involved in the handling of personal data,
    • expert opinions on individual data protection issues or representation in and out of court in data protection matters
    • to the planning, organization and implementation of data protection-compliant internal company investigations.

    Thanks to our international KPMG network, we are also able to provide you with comprehensive support in cross-border matters, anywhere in the world.

  • EU Whistleblowing Directive Transposition Status in the EU Member States

    A whistleblower system is an early warning system for company management, ensures the necessary protection for whistleblowers and those affected as part of case management, and helps companies avoid liability risks in the event of compliance violations. The German Corporate Governance Code, the Auditing Standard 980 of the Institute of German Certified Public Accountants (IDW PS 980) and the Guidance of the U.S. Department of Justice on Compliance Programs (June 2020) regard whistleblowing systems as a hallmark of every compliance management system.

    Since 2022, the establishment of a whistleblowing system has been a concrete requirement for all companies with more than 50 employees as well as for public authorities, municipalities with a population of 10,000 or more, and public sector companies in the EU: The EU Directive on the Protection of Whistleblowers (RL EU 2019/1937) requires the establishment of internal reporting channels and a case management system for reporting and processing violations of European law in particular.

    We accompany you in the implementation of suitable systems and facilities in your company. In addition, we support your company with the KPMG Whistleblowing Gap Analysis – an in-depth target/actual analysis that is IT survey-based and available for all EU member states.

    In addition, we offer you the “
    EU Whistleblowing Directive
    Transposition Status in the EU Member States” , a holistic, IT-based whistleblowing solution that includes all essential steps from legally compliant implementation to regular operation. The package covers all legal aspects of the whistleblowing system from the receipt of information to internal investigations to the final report – together with our cooperation partner EQS Group, Europe’s leading provider of IT-based whistleblowing systems, you thus receive a globally applicable solution from a single source.

  • Money Laundering Compliance

    Money laundering – by organized crime, among others – and terrorist financing are offenses against which the state must protect itself and for the prevention of which it relies primarily on companies operating within its territory. However, the resulting requirements are rarely on the agenda of companies and their legal representatives.

    At the same time, companies are increasingly being abused, especially in Germany, to launder incriminated money. The number of unreported cases of money laundered in Germany each year amounts to up to 100 billion euros. The companies involved in concealing the origin of incriminated money often do not notice this, or notice it too late, which can entail considerable legal and economic risks. In such cases, there is a risk, for example, of involvement in criminal investigations, administrative offense proceedings, loss of reputation, sanctioning by business partners (blacklists) etc. The risks exist both for the company itself and for the management or money laundering officers.

    In addition to the general compliance law regulatory framework (above all Section 130 OWiG, criminal law standards), there is a special regulatory law codified in the Money Laundering Act (GwG) that contains regulations for specific addressees, so-called obligated parties. In addition to companies in the financial sector (for example, credit and financial services institutions, insurance companies, insurance intermediaries or capital managers), it is in particular companies outside the financial sector (including real estate agents and so-called dealers in goods) that are obligated parties under the AMLA.

    We provide comprehensive advice on all aspects of money laundering compliance and support you in prevention, monitoring and defense – all from a single source.

  • Capital Market Compliance

    The regulations of capital market law primarily concern the prohibition of insider trading and market manipulation as well as the handling of insider information. Violations are proven with significant fines. Sanctions can also be made public, which poses considerable reputational risks for companies and governing bodies.

    We provide comprehensive support in setting up suitable processes at an early stage to ensure that insider information is identified within the company and that the further internal process up to ad hoc notification is as smooth as possible. If necessary, we can also draw on our close network of experts, particularly with regard to the practical implementation of processes within the company.

    We also advise on reporting obligations under capital market law, such as managers’ transactions or voting rights appeals. Even if a decision to postpone publication or an ad hoc announcement becomes necessary in individual cases, we provide support based on our experience.


  • KPMG Integrity Thermometer - Measuring Compliance Culture

    The central component of a compliance management system (CMS) is the compliance culture. An essential CMS element is also its monitoring and improvement. It is therefore crucial to measure the compliance culture in the company in order to be able to derive necessary CMS improvements and at the same time increase awareness of compliance.

    For both, we use our KPMG Integrity Thermometer, which can be used company-wide as an end-to-end solution. In this validated professional and technical solution, which we offer in cooperation with the experts from KPMG Netherlands, the compliance culture is measured by means of an online survey tool, including subsequent flexible evaluations in report and dashboard format. The solution has proven itself in worldwide use for many years.

  • Crisis management and business continuity management

    As a core component of risk management, crisis management is the responsibility of the company’s management. To this end, it must maintain an appropriate business continuity management (BCM) system for crisis situations in order to fulfill its statutory organizational obligations. An appropriate organizational structure and process organization of the BCM system should be individually tailored to a company and at the same time be based on the ISO standard 22301. The legal obligation to manage crises may also directly affect representatives who do not hold a position within the company. We support companies in crisis management and coordinate all legal consulting aspects from a single source.

    Our range of consulting services includes legal support in the area of preventive crisis management in the BCM process in (1) business impact analysis, (2) resource analysis, (3) strategy derivation, (4) emergency plans and (5) BCM testing in cooperation with the specialists of KPMG AG Wirtschaftsprüfungsgesellschaft.

    On the other hand, we support companies in acute crisis management in dealing with a concretely threatening crisis or one that has already occurred. Crisis response measures are business decisions for which there is discretion under the business judgment rule. We create legal certainty for decisions in the event of a crisis and prevent negative consequences under company law and sanctions.

  • Lobbying Compliance: Lobby Register EU - Federal Government - Länder

    On January 1, 2022, the Act on the Introduction of a Lobby Register for the Representation of Interests vis-à-vis the German Bundestag and vis-à-vis the Federal Government (Lobby Register Act – LobbyRG) came into force.

    All natural persons and organizations that make contact with members of the German Bundestag or the Federal Government in order to influence political processes, or that commission such activities, must register in the lobby register if their activity exceeds a materiality threshold defined in the law and none of the exceptions provided for in the law apply. Voluntary registration is also possible.

    Anyone who fails to register or makes incorrect, incomplete or untimely entries despite an existing obligation to register commits an administrative offense that can be punished with a fine of up to 50,000 euros. Together with the entry, companies are required by the Lobby Register Act to provide extensive information on the political representation of interests to the Bundestag and the federal government. In addition, there are obligations to register in the EU Transparency Register and – in steadily increasing numbers – in lobby registers of individual German states. We support companies in implementing the registration requirements and in setting up rule processes to ensure register compliance.

  • Product Compliance

    Manufacturers, importers, distributors and, under certain circumstances, dealers of products must ensure that their products comply with the applicable legal requirements. Unsafe products can not only lead to financial losses, but can also endanger the health or even the life of end users. Therefore, when there is evidence that their products are unsafe, companies must respond quickly and appropriately. Otherwise, they may be subject to civil liability, public security measures, criminal sanctions and loss of reputation.

    We support you in all questions of product compliance, in particular

    • in the establishment or further development of a product compliance management system (PCMS) across the entire product life cycle and the entire value chain (organizational consulting),
    • on legal issues relating to product safety and product liability, for example in the event of incidents,
    • related to product recalls, such as developing and implementing a recall strategy,
    • with legal requirements along the supply chain, such as drafting contracts along the supply chain (also from the perspective of product safety and liability law), securing or enforcing or defending against warranty or recourse claims,
    • Compliance with legally binding social and environmental standards in the supply chain (German Supply Chain Compliance Act, LkSG) and the corporate processes and systems required for this purpose, as well as
    • on legal issues in the context of product development, such as product labeling obligations, environmental requirements and international market expansion.

    We combine the legal expertise of our lawyers with the technical expertise of the engineers and experts for quality management systems and ISO certifications of KPMG AG Wirtschaftsprüfungsgesellschaft and KPMG Cert GmbH. Our international KPMG network enables us to provide product compliance advice from a single source, even across national borders.

  • Relevance and risk analysis: Compliance risk assessment

    Compliance risk analysis is at the heart of preventive compliance. It is a prerequisite for the establishment of any compliance management system and must be anchored as a regular process in all companies. The company’s management has a supervisory and organizational duty under company law and sanctions to conduct a proper risk analysis in order to take the measures necessary to prevent violations of company-related duties.

    With our modular, efficient, and IT-supported approach, we support companies in risk identification, analysis, and corresponding reporting, including a recommendation of measures – for individual company units and aggregated for the entire corporate group. Our Compliance Risk Assessment covers three points:

    • The status quo assessment (governance assessment) creates a systematic overview of the status of compliance management within the framework of existing corporate governance. The status quo is the basis for management’s discretionary business judgment for the structured establishment of a compliance management system.
    • The compliance relevance analysis (horizontal risk assessment) identifies all compliance sub-areas relevant to the business model in a structured manner, based on the standard of the German Institute for Compliance (DICO). It is a prerequisite for a clear distribution of topics and roles and helps to avoid organizational negligence.
    • The compliance risk analysis (vertical risk assessment) identifies compliance risks in individual relevant topics in a structured and business process-related manner. The analysis is typically carried out via an initial assessment at business unit level by means of workshops and subsequently as an area assessment in the entire company on a tool basis with web- and database-based survey and evaluation.
  • Transparency Register

    Legal entities under private law, registered partnerships, trusts and comparable legal structures must report information on their beneficial owners to the transparency register. I.e. in particular the common legal forms GmbH, Kommanditgesellschaft / GmbH & Co. KG, Aktiengesellschaft / SE, Vereine / Stiftungen have not only to identify their beneficial owner but also to positively notify the Transparency Register for registration and to keep track of changes on an ongoing basis.

    Beneficial owner – who is it?

    The beneficial owner is the party that controls more than 25% of the capital shares or more than 25% of the voting rights, or exercises control in a comparable manner. If a company does not have an actual beneficial owner (shares in free float), then the legal representatives (managing directors / board of directors) are regularly the so-called fictitious beneficial owners. Special features must be observed in the case of multi-level shareholdings, but also in the case of voting rights agreements, voting rights pools, etc.

    Notification to the Transparency Register

    Our experts will be happy to support you in implementing the notification to the transparency register. Especially for larger groups of companies, but also for companies with scarce personnel resources, we offer a simple and user-friendly takeover of the registration and updating process to free up important capacities for your operative business. Support for reporting to the Transparency Register by KPMG Law – Transparency Register Tool by KPMG Law.

    Our colleagues at KPMG Law will take the hassle out of the transparency register for you. KPMG Law not only supports you in legal matters relating to the transparency register, but also takes care of the notification of beneficial owners for you.

    Europe-wide digital solution – Our KPMG Law Transparency Register Tool

    KPMG Law has developed a digital web-based tool, especially for larger groups, that reduces your organizational effort in reporting to the Transparency Register as much as possible.

    With this cloud-based tool, we offer companies the possibility of recording the data relevant for the transparency register or comparable registers in other EU countries in a user-friendly solution. No separate, additional registration in the official transparency register is necessary – neither in Germany nor in other EU countries.

    In addition, the tool provides you with a constant overview of the current reporting status and audit-proof documentation of the reporting history. This is not offered by the official portal of the Transparency Register.

    Supervision by the Federal Office of Administration – discrepancy reports and fine proceedings

    Obligated parties under the MLA must obtain an extract from the transparency register as part of the identification of business partners and check it. If you find discrepancies with the information you have, you must submit so-called discrepancy reports. In practice, banks, notaries, but also industry now submit a not inconsiderable number of discrepancy reports in the event of anomalies or missing entries in the transparency register.

    Discrepancy reports are verified by the Federal Office of Administration (supported by the Federal Gazette). If errors or non-reports are detected, there is a risk of not inconsiderable fines. The Federal Office of Administration uses a catalog of fines linked to turnover.

    Further information & downloads and brochures

    KPMG Law Transparency Register Tool

    Your contact persons:
    Arndt Rodatz
    Christian Judis

  • Internal company investigations

    Companies and their executive bodies must comprehensively investigate violations of laws, regulatory requirements or internal guidelines if there are any grounds for suspicion. This clarification is carried out by means of internal company investigations, in which we support our clients with our experience and expertise.

    Internal company investigations serve to clarify the facts and analyze the risks, but also help the company to define the strategy for the internal management of a crisis case and for its external communication. In addition, independent investigations serve to identify claims against corporate bodies, employees or third parties and to secure evidence on the basis of which any damage incurred by the company will have to be compensated.

    We support companies in planning and conducting internal investigations, either as independent investigators or in cooperation with in-house intelligence departments. We put together an individual team of experienced lawyers, including criminal defense attorneys, for the implementation and, if necessary, also cooperate with the management consultants of KPMG AG Wirtschaftsprüfungsgesellschaft. We also support our clients in the selection and coordination of external specialists and individual defense counsel for affected employees, interview employees, conduct background research, and review files and digital data in compliance with data protection laws.

  • Association sanctions

    In August 2019, the German Federal Ministry of Justice and Consumer Protection (BMJV) presented its long-announced draft bill for an “Act to Combat Corporate Crime.” The core is the draft for a new Association Sanctions Act (VerSanG-E), on the basis of which companies and other associations can be sanctioned more drastically for criminal offenses than is currently the case under the OWiG. At the same time, explicit incentives are to be created for companies to prevent criminal behavior in advance and to independently investigate crimes that have been committed. The bill is subject to discontinuity in 2021 when the legislative session ends.

    However, the discussion about sanctioning companies has been given a new lease of life by the current federal government. Accordingly, the core points of the draft Association Sanctions Act are also taken up in the coalition agreement of the traffic light coalition with the following formulation:

    “We are protecting honest companies from competitors who are unfaithful to the law. We are revising the rules of corporate sanctions, including the level of sanctions, to improve the legal certainty of companies with regard to compliance obligations and provide a precise legal framework for internal investigations.”

    It therefore remains to be seen whether there will be a renewed attempt at an association sanctions law or whether there will merely be a revision of the already existing administrative offences law. We will keep you up to date.

Explore #more

19.03.2024 | Business Performance & Resilience, KPMG Law Insights

CSDDD: Provisional agreement on the EU Supply Chain Directive

15.02.2024 | KPMG Law Insights

Data compliance management: How to implement it in practice

08.01.2024 | KPMG Law Insights

These legislative changes will affect companies in 2024

22.12.2023 | KPMG Law Insights

Single-use plastic fund law: New levy to reduce single-use plastic

20.12.2023 | KPMG Law Insights

EU adopts 12th sanctions package against Russia

06.10.2023 | KPMG Law Insights, KPMG Law Insights

Implement CSRD and standards: a lot of work, little time

18.07.2023 | KPMG Law Insights

Data loss with MOVEit Transfer: This is how companies should act now

28.06.2023 | KPMG Law Insights

Podcast series “KPMG Law on air”: The Whistleblower Protection Act is coming

12.05.2023 | KPMG Law Insights

Bundestag and Bundesrat pass whistleblower protection law

09.05.2023 | KPMG Law Insights

UPDATE Transparency register and real estate in Germany – escalating reporting requirements for foreign companies

KPMG Integrity Service - individual whistleblower system

An effective whistleblower system helps protect your company’s reputation.

Read now

KPMG Law on air: Podcast episodes on compliance

In our podcasts, our experts provide information on legal issues that companies are looking for answers to today and in the future.

Listen now


The GbR in the transparency register network

Effects of the MoPeG on reporting and transparency obligations

Capital Market Compliance – Pitfalls in Insider Law

A violation of insider law regulations can quickly result in substantial fines. Good preparation and support by experienced persons can serve as precaution against this avoidable risk.

Transparency Register and Real Estate in Germany

Update: Excessive reporting requirements for foreign companies

German Transparency Register

Update: Excessive reporting requirements for foreign companies


German Transparency Register

Update: Excessive reporting requirements for foreign companies

05.05.2023 | Compliance and white-collar crime
16.05.2024 | Criminal Tax Law
07.02.2023 | Compliance and white-collar crime, Criminal Tax Law

Meldepflicht zum Transparenzregister

KPMG Law unterstützt bei der Prüfung des wirtschaftlich Berechtigten und nimmt auf Wunsch anschließend die Meldung an das Transparenzregister vor.

01.03.2023 | Compliance and white-collar crime, Criminal Tax Law

Obligation to notify the Transparency Register

KPMG Law supports you in checking beneficial ownership and, upon request, can then notify the Transparency Register.


Whistleblowing – International Update

EU Whistleblowing Directive – Transposition Status in the EU Member States

Your contact persons

Dr. Bernd Federmann

Stuttgart Site Manager
Head of Compliance & Corporate Criminal Law

Theodor-Heuss-Straße 5
70174 Stuttgart

tel: 0711 781923418

Anne-Kathrin Gillig

Frankfurt am Main Site Manager
Head of Compliance and Business Criminal Law

THE SQUAIRE Am Flughafen
60549 Frankfurt am Main

tel: +49 69 951195013

© 2024 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit

 KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.