Thu, July 30, 2020 dqsFinal_admin


Compliance is on everyone’s lips today, but: Top managers often struggle with the term and what’s behind it. Compliance means nothing less than “legally compliant, ethically correct behavior” – a matter of course, right?


Policies, Standards, Compliance, Policy, Checklist


When you translate the meaning of the English word compliance into German, everything actually seems very clear and simple, but above all, it goes without saying. Those responsible for a company just have to adhere to all relevant (legal) rules and act ethically, and compliance is already established – where’s the problem?

The answer is: the reality is different. Many managers and employees in the company do not know the rules that they should follow. Others know them well, but do not specifically comply with them. At first glance, some things may not be a rule violation, but they are not particularly ethically valuable or are hardly justifiable according to today’s CSR standards.

Quite a few companies operate in a gray area that shifts from bright to dark. However, more and more responsible people are recognizing the need to shed light on this semi-darkness – not least because of the associated liability risks.


Companies therefore need a system that ensures that all (legal) rules are known and adhered to. An effective compliance management system (CMS) creates clarity and legal certainty. And: It helps the management to establish a corporate culture that they live in, in which violations of any kind are not an option. This corporate culture pictorially referred to in America as “Tone at the Top”, is ultimately the key to effectively and appropriately penetrating the entire company with the compliance concept.


Formally ensuring compliance with the rules through an effectively implemented compliance management system also makes a significant contribution to avoiding or minimizing liability, and this can be existential for a company. This particularly affects the persons actually acting, because German criminal law has at least not yet known “corporate criminal law”.

The new corporate sanctions law, which the Federal Ministry of Justice has in the draft law, is a kind of tightened administrative offense law with compensation for consumers and new rules for “internal investigations”. This makes it clear that systematic compliance management will make things easier for companies.


The legality and legality control obligation and the duty of care of the management are derived from §§ 93, 76 AktG and § 43 GmbH law. This means that there is an obligation to organize and select employees. The management must therefore take precautions to ensure the lawful conduct of the company and its employees. In the worst-case scenario: If the management does not fulfill these obligations or does so only inadequately, they can be held liable for it – according to § 130 in conjunction with § 30 OWiG * with enormous amounts of liability of up to EUR 10 million. If a profit was made due to an illegal act, it can be confiscated in accordance with Section 29a OWiG, which can quickly grow into a three-digit million amount.

“If the management fails to fulfill its duties or does so only inadequately, it can be held liable for this.”

The top management cannot adequately fulfill its duty of control without an appropriate management system. In case of law, however, it is controversial whether a compliance management system is required. How it should be designed, however, is curiously named – District Court Munich I, the judgment of 10.12.2013, 5HK O 1387/10 (“new citizen”): “A board member … has to … ensure that the company is organized and supervised in this way, that no laws are violated. The Management Board only fulfills its corresponding organizational obligation to prevent violations of the law if it sets up a compliance organization that is geared to damage prevention and risk control and that corresponds to the risk situation. ”


From the point of view of case law, there is no way around the introduction of a CMS. In any case, this applies to companies that want to be sure about liability issues that result from violations of the rules.

However, many companies fear that another management system will have to be introduced with compliance management. However, there is still a widespread misunderstanding behind this idea, because: Basically, companies only have one management system! As a rule, the existing management system is based on ISO 9001, in which the requirements of further regulations are then integrated.

This is also one of the great advantages of the common basic structure, the so-called High-level structure (HLS), which all modern ISO management system standards have, including ISO 9001ISO 14001ISO 45001ISO 50001 and ISO 27001. The HLS makes an integrated management system significantly more efficient. Because the integration of requirements of different regulations is now possible down to the last corner of a company.


Rule, Hook, Check Mark, Hammer, Justice, Right, Wont



A CMS according to ISO 19600 can also be integrated into the existing management system. It wraps itself around all compliance issues that are addressed by other standards. So quality management is mainly about risks from product liability, environmental management is about risks from relevant environmental laws and so on.

“All information and risk analyzes of the individual areas are brought together in the CMS and thus give the company a secure legal basis for its actions.”

All legal issues and risks that have so far not been taken into account or only insufficiently taken into account are recorded, evaluated and controlled by the Compliance Management System. A higher-level code of values, further internal controls and adjustments to the risk assessment secure the company and the persons responsible. In this respect, risk analysis plays a crucial role.

It is important to work out the places and functions where violations of the law are possible that could have the most serious consequences for the company. A security system must therefore be installed in order to achieve the greatest possible degree of detection. The mere assumption that “oh, we don’t have that” seems to be of little help – and will also find little understanding in court.


  • valid analysis of compliance risks in your company
  • systematic compliance with the law
  • effective reduction of liability risks
  • improved corporate image


Clear structures ensure that compliance violations can be uncovered more quickly and that responsibilities are established. In the event of legal proceedings, compliance management will contribute to the execution. Or at least it is very likely to bring about a reduction in guilt since all reasons that speak against or for an accused are used to determine the sentence.

But one thing must be clear: “Examination standards” such as ISO 19600 are legal opinions that judges can take into account, if necessary if they are in the context of the violation of the law. However, if there is no CMS, this is in itself a breach of duty by the management, which will most likely have an aggravating effect. A well-positioned company has to deal with the issue of compliance simply because of the management’s own need for protection.


Email ID:

Ph +91 924 320 3043