Compliance Risks

Especially the risks to which a company is exposed influence the design of a compliance management system. In the professional world, experts also speak of risk landscape, risk situation or risk exposure.

Procedure for compliance risks

We recommend the following procedure for setting up a compliance management system: after identifying the risks, they are assessed. The risks are divided into company-specific and general risks. Specific risks concern the industry, the size of the company, its market position and important stakeholders such as shareholders. There are also general risks that affect all companies. Risk management is closely interwoven with corporate strategy.

In particular, the risky areas in each division of the company must be identified and then measures implemented to reduce liability for the company and avoid liability for the benefit of the management body (in particular managing directors, executive board, supervisory board). Attorney-at-law, Engineer Michael Horak, LL.M.

Third-party risk

Systematic investigations and evaluations of group companies are part of a company’s prophylaxis against compliance risks. Risk management can be carried out on the basis of the results.

A company is not only liable for the conduct of its own employees, but also for the conduct of subsidiaries or business partners and suppliers. The boundaries of a company soften through these connections. The expert speaks of third-party risk emanating from group companies, suppliers, subcontractors or joint venture companies.

One way to identify, prevent, and ultimately mitigate risks is through risk-based due diligence on business partners.

Group privilege and cartel law

Antitrust law prohibits agreements between competitors that are detrimental to competition, such as agreements on prices, price changes and calculations as well as on bidder and offer behaviour in tenders. The purpose of antitrust law is to ensure fair and uniform competition.

However, affiliated companies enjoy the group privilege. Intra-group agreements do not constitute an offence under cartel law. The Cartel Act therefore does not apply to sins such as price fixing as long as they take place among related companies. For large companies, cartels and mergers are attractive. In the case of joint ventures, the decisive factor for a risk analysis is how the groups are assigned and connected.

From an antitrust perspective, close monitoring is important for assessing compliance risks. With antitrust risks, the importance of compliance increases.

Long-Term Advice

Areas of law

The relevant areas of law in the individual case of compliance risk identification include the following areas in particular:

After identifying the risks, we create the legal measures of a compliance management system for your specific company on an individualised basis and, for example, also integrate a whistleblowing hotline. If necessary, certification according to IDW PS 980 standard, etc. can also be carried out. Michael Horak, LL.M., Attorney at Law

Scroll to top