Compliance: Definition, laws and fulfilment

What is Compliance?

“Compliance” is the term used to describe the adherence of companies to rules and regulations in business and legal terms. Compliance is the conformity of the behavior of companies with the requirements of laws, guidelines, shareholder requirements and the company’s own requirements.”Compliance” is the term used to describe the adherence of companies to rules and regulations in business and legal terms. Compliance is the conformity of the behavior of companies with the requirements of laws, guidelines, shareholder requirements and the company’s own requirements.

Legal compliance

The area of compliance primarily includes concepts and measures to

  • to avoid corruption,
  • for the avoidance of antitrust violations
  • for compliance with human rights
  • for equality,
  • for occupational health and safety,
  • against “Greenwashing“,
  • anti money laundering,
  • against mobbing,
  • for environmental protection,
  • for sustainable economics
  • and for data protection

as well as dealing with identified violations.

Transparency regarding the handling of these issues also falls within the scope of compliance. This is a basic requirement of any compliance work.

Company performance

But also the following criteria

  • the organizational flexibility,
  • the management of risks,
  • the efficiency expectations,
  • the profitability,
  • liquidity
  • and the equity ratio

are topics that – issued as targets by shareholders – become part of compliance. As a rule, shareholders articulate their expectations of the company’s performance in the form of overriding goals, which become a guideline for compliance work.

Corporate culture

Finally, the corporate culture, especially the desired

  • the desired social interaction within the company
  • and the way the company deals with its business environment, in particular the protection of the interests of various stakeholders and shareholders,
  • fairness,
  • internal communication,
  • the culture of error,
  • conduct in a spirit of partnership
  • and the desired manner of reporting and public presentation of the company,

fall within the scope of compliance.

Shareholders, but also board members and management can introduce corresponding missions that become part of the compliance work.

Legal basis for compliance

Executive boards or managing directors of companies are legally obliged to ensure that the companies for which they are responsible do not break any applicable laws. In Germany, this obligation is regulated in §§ 91 and 93 AktG and in § 43 GmbHG.

With regard to the offence of corruption, the British anti-corruption law Bribery Act of 2010 regulates this.

In addition to the Stock Corporation Act and the GmbH Act, in Germany there are also

  • the Control and Transparency Act (KonTraG),
  • the Act on the Further Reform of Stock Corporation and Accounting Law, on Transparency and Disclosure (TransPuG),
  • the Accounting Law Reform Act (BilReG)
  • and the Executive Board Remuneration Disclosure Act (VorstOG).

In the USA, the COSO ICIF model (Internal Control Integrated Framework) is the reference framework for compliance work. The COSO ICIF model is also a significant reference beyond the USA. In addition, all listed companies in the USA must comply with the requirements of the Sarbanes-Oxley Act (SOX).

In the UK, the Cadbury Report, the Greenbury Report, the Hampel Report and the Turnbull Report are considered authoritative references for compliance work.

In the Netherlands, the Tabaksblatt Code is used for recommendations.

In France, the Loi de Ségurité Financière, the Apef Medef Code and the MiddleNext Code are referred to.

In Switzerland and Austria, recommendations are divided into three categories. There are

  • requirements (“law”), which must be complied with,
  • binding recommendations (“comply or explain”), which can be deviated from, but the deviation has to be justified
  • and recommendations (“recommand”), from which companies can deviate without repercussions.

In order to fulfil their responsibility, board members or managing directors must be able to prove that they have introduced and implemented appropriate organisational and supervisory measures. Organisational measures include, in particular, specific instructions to staff to comply with applicable laws and policies. Supervisory measures include appropriate controls within the framework of management activities.

Consequences of breaking the law or the rules

If an employee breaks an applicable law, the company may be subject to misdemeanour proceedings. Violations of applicable laws and regulations can result in

  • claims for fines,
  • demands for compensation payments to possible injured parties
  • and reversals of transactions that violate applicable laws and regulations.

In addition to fines and damages, companies convicted of breaking the law can also be

  • the profit made by breaking the law can also be siphoned off,
  • and bear the organisation’s internal and legal costs of proceedings.

If the board or management cannot prove that appropriate organisational and supervisory measures have been taken, administrative offence proceedings can also be initiated against board members or managing directors personally.

It is important to know that administrative offence proceedings do not have to be limited to the company and its directly responsible persons. Rather, in group structures, superordinate companies, e.g. holding companies, and their responsible persons can also be included in the administrative offence proceedings. Persons in charge of superordinate companies have the personal duty to ensure that appropriate organisational and supervisory measures are regularly taken in all companies that fall within their area of responsibility.

The consequences of breaking the law or rules are regulated in Germany in §§ 9, 30 and 130 OWiG. Section 130 OWiG calls for the obligation to make compliance violations substantially more difficult. The board of directors or the management must be able to prove that they comply with this duty.

How can compliance be ensured?

The shareholders of a corporation are obliged to ensure compliance with all laws and guidelines in their company in a comprehensive, clear and unambiguous manner. For this purpose, expectations must be defined and the handling of these expectations must be regulated. Responsibilities must be clear.

Code of Conduct

Shareholders must ensure that their company creates a code of conduct in which the desired corporate culture is described and declared to be the default. The code of conduct should specifically address the basic attitude expected of shareholders and the desired behaviours.

The binding nature of these expectations on all employees in the company must be clear from this code of conduct. The board or management must be able to demonstrate that they have made the code of conduct available to all employees and explained the rules to them. Evidence can be provided by employees signing their participation in training and their acceptance of the Code of Conduct.

Verification of compliance with the Code of Conduct starts with observing the actual behaviour of managers in their operational practice. Observed deviations from the agreed Code of Conduct must be addressed by board members or management. These discussions must be documented as evidence of compliance work.

Corporate Governance

Corporate governance is an important instrument to ensure compliance.

With a corporate governance specification, the compliance goals can be operationalised. Accordingly, such a corporate governance paper should specifically define how the company is to be managed responsibly in order to meet the compliance requirements.

The structuring of corporate governance is the responsibility of the supervisory board or the advisory board in cooperation with the management.

Essential components of corporate governance are

  • a corporate mission statement,
  • values,
  • principles,
  • rules,
  • standards,
  • guidelines,
  • (business) expectations
  • and statements of intent,

which are intended to serve as binding guidelines for corporate management in order to comply with the applicable laws and guidelines as well as the requirements of the shareholders.

Corporate governance is intended to specify concrete processes with the implementation of which the required level of risk management can be established in the company. In particular, the methods and means by which risks are to be recorded and assessed in the company and how deviations from the standards set out in the code of conduct are to be dealt with should be specified. The control mechanisms to be used should be defined in the corporate governance.

In the application of corporate governance, communication and documentation of identified deviations and how to deal with them play an important role. The requirement for an ongoing review of the compliance requirement for possible need for improvement is also a mandatory component of corporate governance.

The entire corporate governance system should be described in a comprehensible manner. In particular, the effectiveness with regard to compliance should be evident from the corporate governance paper.

Code for Compliance

In Germany, corporate governance requirements for listed companies are defined in the German Corporate Governance Code.

Internationally, corporate governance requirements are captured in the G20/OECD Principles. These codes also serve as a fund of recommendations and suggestions for non-listed companies.

Compliance-Management-System (CMS)

Compliance can be ensured with an integrated compliance management system (CMS). The requirements for such compliance management systems are captured in the standard TR CMS 101:2015 and are illustrated by a compliance guide TR CMS 100:2015. The standard specifies certain minimum elements for effective compliance management. By setting up a CMS according to this standard specification, companies can systematically track their compliance work and continuously improve it. Companies can even have their compliance system regularly audited by external assessors and certified by approved accreditation bodies. A certification of the CMS is a component of the protection of the board members or managing directors against personal liability.

Audit according to IDW PS 980

The IDW Standard PS 980 enables companies to carefully review the effectiveness of their compliance system. The review of the CMS according to IDW PD 980 by external auditors can also serve to underpin compliance in external communication and promote the trust of business partners, financiers and the public.

What you should consider when doing compliance work with the help of corporate governance

When you start your compliance work and want to introduce corporate governance for this purpose, there are a few important aspects to consider:

  • Company agreements are notarised. Regulations agreed in the course of corporate governance must not contradict the notarised articles of association. If it turns out that certain regulations should be made in deviation from the applicable articles of association, please work to ensure that the articles of association are also amended accordingly. This usually requires the consent of 100 % of the shareholders.
  • Do not ignore aspects that lead to dissent within the circle of shareholders or between the shareholders, the supervisory board or advisory board and/or the board members or managing directors, but discuss these issues and reach a result that is supported by all parties involved.
  • Formally include all issues of importance to those involved in corporate governance. Handshakes and gentlemen’s agreements are always linked to the persons acting. Think beyond the persons currently acting to possible future constellations within the circle of shareholders and beyond. Legal certainty creates legal peace.
  • Regulate how corporate governance is to be adapted in the event of changes in the framework conditions.
  • When regulating corporate governance, ensure that appropriate majority ratios are agreed upon for passing resolutions. Avoid that the company can be blocked by the requirement of 100% unanimity of the shareholders. In critical situations, decisions should be able to be made in order to keep the company capable of acting.

Benefits of effective compliance work supported by good corporate governance

Companies that carry out good compliance work benefit from various essential advantages:

  • Effective increase in legal certainty for board members or managing directors and for shareholders of companies regarding compliance with legal requirements,
  • Effective management tool to safeguard the interests of shareholders,
  • Useful process for systematically identifying the interests of shareholders, board members/managing directors, employees, customers, suppliers, service partners of the company and the public
  • Improvement of strategic and operational processes in the interests of the shareholders
  • Transparent monitoring of possible deviations from targets and effective risk management
  • Proven means of communication with capital providers that can promote trust in responsible corporate governance and secure capital commitment.

Effective compliance work, supported by good corporate governance, is not only a necessary requirement for listed corporations, but also helps shareholders and executive boards or the management of all corporations to conduct their business in a target-oriented, successful and transparent manner.


What are your challenges?

Restart Dialogue