Especially the risks to which a company is exposed influence the design of a compliance management system. In the professional world, experts also speak of risk landscape, risk situation or risk exposure.
Procedure for compliance risk
We recommend the following procedure for setting up a compliance management system: after identifying the risks, they are assessed. The risks are divided into company-specific and general risks. Specific risks concern the industry, the size of the company, its market position and important stakeholders such as shareholders. There are also general risks that affect all companies. Risk management is closely interwoven with corporate strategy.
In particular, the risky areas in each division of the company must be identified and then measures implemented to reduce liability for the company and avoid liability for the benefit of the management body (in particular managing directors, executive board, supervisory board).
Third-party risk in connection with compliance
Systematic investigations and evaluations of group companies are part of a company’s prophylaxis against compliance risks. Risk management can be carried out on the basis of the results.
A company is not only liable for the conduct of its own employees, but also for the conduct of subsidiaries or business partners and suppliers. The boundaries of a company soften through these connections. The expert speaks of third-party risk emanating from group companies, suppliers, subcontractors or joint venture companies.
One way to identify, prevent, and ultimately mitigate the risks is to conduct risk-based due diligence on business partners.
Group privilege and Cartel Law
Antitrust law prohibits agreements between competitors that harm competition, such as agreements on prices, price changes and calculations, as well as on the behaviour of bidders and bids in tenders. The purpose of antitrust law is to ensure fair and uniform competition.
However, affiliated companies enjoy the group privilege. Intra-group agreements do not constitute an offence under cartel law. The Cartel Act therefore does not apply to sins such as price fixing as long as they take place among related companies. For large companies, cartels and mergers are attractive. In the case of joint ventures, the decisive factor for a risk analysis is how the groups are assigned and connected.
From an antitrust perspective, close monitoring is important for assessing compliance risks. With antitrust risks, the importance of compliance increases.
Areas of Law
The relevant areas of law in the individual case of compliance risk identification include in particular the following areas:
- Company law
- Banking law
- Antitrust law
- Product liability law
- Insolvency Law
- Data protection law
- Environmental law
- Labor Law
- Insurance law
It goes without saying that, after identifying the risks, we create the legal measures of a compliance management system for your specific company on an individualised basis and, for example, also integrate a whistleblowing hotline. If necessary, certification according to IDW PS 980 standard, etc. can also be carried out.