About the liability and role of the compliance management
In German law, there is no explicit legal obligation to comply. Only companies in the financial sector are obliged to set up a compliance organization in accordance with Section 32 of the German Securities Trading Act. However, the duty of care pursuant to § 76 (1) and § 93 (1) of the German Stock Corporation Act (AktG) results in a duty of legality on the part of the Executive Board to comply with the law when fulfilling its obligations in the internal and external sphere of duties. Compliance responsibility lies with the overall management, i.e. the management board of an AG or the managing directors of a GmbH. In order to meet the requirements for a suitable compliance system, compliance managers are increasingly being hired to whom some of the compliance responsibility is delegated. The outsourcing of responsibility also results in a shifting of the liability risk.
The compliance manager is responsible for the introduction, further development, monitoring and documentation of the compliance management system. The manager supports and advises the management on all compliance-relevant issues and regularly reports on relevant internal incidents, violations of compliance rules and legal changes. Duties are for instance the training and informing of employees. However, he does not have the authority to issue directives or issue orders. The decision-making authority still lies with the company management.
The Federal Court of Justice Ruling
In the BSR ruling, the BGH ruled on a head of the legal department and internal auditing department of Berliner Stadtreinigungsbetriebe who deliberately perpetuated a billing error so that investors were charged excessive fees. He informed neither the Board of Management nor the Supervisory Board of this error, although this would have been absolutely necessary. Due to his position in the company, the BGH affirmed a duty of guarantor under criminal law, which establishes criminal liability for failure to disclose criminal acts, and convicted him of aiding and abetting fraud by omission. It then emphasized that compliance managers also regularly have a guarantor’s duty within the meaning of Section 13 (1) of the German Criminal Code (StGB) to prevent criminal acts committed by company employees, insofar as these are connected with the company’s activities. This is the “necessary flip side” of the duty assumed by the compliance manager to prevent criminal acts. This statement has been critically discussed in the literature, as it is primarily the compliance manager who is responsible for a functioning compliance system.