Amount of corporate fines depends on existence of effective compliance systems and reaction to misconduct
A company's efforts to foster compliance may lead to a reduction of fines due to employee misconduct (eg bribery). According to an important German Federal Court of Justice (Bundesgerichtshof, BGH) decision1, the existence of an effective compliance management system at the time of misconduct, and attempts to enhance the compliance system in order to prevent similar misconduct in the future, should be taken into account when determining the level of administrative fines imposed on the company.
The decision supports for the first time the widely prevailing view amongst lawyers that an effective compliance system should be relevant to fine levels. The potential mitigation of a fine due to timely action to close the gaps in any compliance system is a new development, and reinforces the importance of taking, and documenting, early remedial action. The BGH's decision provides important guidance for financial institutions' compliance practices and the approach to internal investigations, and is also likely to impact prosecutorial practice.
Bribing a government official
In 2001, a German defence company sold tanks to Greece for about EUR 200 million. A company executive with statutory authority approved, among other things, the payment of an invoice from a third party for commission of EUR 1.6 million. The court found that the executive knew that the third party had agreed to pay a bribe to a government official to facilitate the transaction. The defence company paid the invoice and recorded the sum as business expenses.
When the misconduct came to light it was already too late for German prosecutors to bring bribery charges against the executive as they were time barred. However, the executive was convicted of aiding and abetting tax evasion (and received a prison sentence) and an administrative fine of EUR 175,000 was imposed on the defence company.
Level of administrative fines
Under German law, legal entities cannot be criminally prosecuted. Administrative fines may be imposed on a company if, for example, a senior manager commits a criminal offence, which either enriches the company or causes the company to breach its duties.2 The fine may be up to EUR 10 million or higher if the economic benefits derived from the offence exceed this amount. Banks have been in the focus of such enforcement actions in Germany recently. Although the amounts of administrative fines imposed do not necessarily become public, it is well-known in the German market that financial institutions in particular recently had to pay substantial administrative fines.
In the BGH case, the amount of the administrative fine awarded against the company was challenged by the public prosecutor's office as being too low. The BGH took this opportunity to provide some guidance on sentencing and its interplay with an appropriate "compliance reaction".
BGH guidance on amount of administrative fine
Although the BGH's guidance on the administrative fine for the lower court is quite brief, the BGH emphasised three important points:
- An administrative fine should typically exceed the economic benefit the company derived from the offence.
- A relevant factor is whether the company had installed an effective compliance system designed to prevent employees from illegal conduct.
- It can be a mitigating factor if the company enhanced its compliance system and internal procedures as a result of the misconduct, so that it would be considerably more difficult for an employee to commit a similar offence. A company may benefit from this even if the modifications are made after administrative proceedings are commenced against the company.
Implications for compliance
This is the first time that the BGH has explicitly recognised that: (i) efforts in implementing an effective compliance system; and (ii) enhancing the compliance system and internal procedures in the light of earlier misconduct, are mitigating factors when determining administrative fines.
This means that a financial institution can benefit directly from: (i) being able to show that it actually has an effective compliance system; and (ii) having taken timely action to improve its compliance system once misconduct has revealed gaps.
(i) Effective compliance system
Before this decision, many legal practitioners and scholars already thought that the existence of an effective compliance system should be taken into account when determining the amount of an administrative fine. This was based on the notion that misconduct does not necessarily prove a compliance system to be ineffective. Even an effective compliance system cannot prevent misconduct entirely. Banks in Germany are required by statutory law and regulations to have an effective compliance organisation and there is also some guidance on how the compliance function should be set up. Nevertheless, there was (and still is) no statutory provision in Germany that requires the courts to take into account if, in fact, the compliance system is effective, when imposing administrative fines. The BGH's decision – which endorses this approach – is therefore welcome support for the prevailing view.
However, the meaning of 'effective' is still somewhat unclear. The BGH did not elaborate on the requirements for a compliance system to be regarded as effective. For banks in Germany, statutory rules and regulations (such as, in particular, BaFin's MaComp)3 set out certain minimum requirements for the compliance function. For the purposes of sentencing, however, the situation in Germany remains different from, for example, the U.S. where the U.S. Sentencing Guidelines set out the requirements for an "effective compliance and ethics program" and the U.S. Department of Justice publishes guidelines on the evaluation of corporate compliance programs.
Furthermore, the BGH did not give any indication as to how much impact an effective compliance system should have on the level of administrative fines. The BGH instead referred the case back to the court of first instance to reconsider the fine on the basis of the specific facts of the case.
(ii) Relevance of the appropriate reaction to employee misconduct
Financial institutions are advised to ensure that they quickly and thoroughly investigate potential misconduct and enhance their system and controls where gaps are identified. The decision of the BGH further reinforces this approach. A slow or inadequate reaction to employee misconduct might be costly. Even if the German financial regulator BaFin, tax authorities, or a public prosecutor office have already started to look into the matter, a bank should remain determined to internally investigate the misconduct (without, of course, interfering with any authorities' investigation) and seek to improve its existing systems and controls.
An appropriate "compliance reaction" to employee misconduct will therefore be even more important in the future. With the BGH decision, it is now clearer than ever before that companies should thoroughly investigate employee misconduct and take appropriate remedial actions to benefit from a potential reduction of impending administrative fines.
1. File no. 1 StR 265/16.
2. Section 30(1) Act on Administrative Offences (Ordnungswidrigkeitengesetz, OWiG).
3. Circular 4/2010 (WA) – Minimum Requirements for the Compliance Function and Additional Requirements Governing Rules of Conduct, Organisation and Transparency, which has recently been updated.
This case summary is part of the Allen & Overy Legal & Regulatory Risk Note, a quarterly publication. For more information please contact Karen Birch – firstname.lastname@example.org, or tel +44 20 3088 3710.