Compliance Management Systems in Germany

To ensure a monitoring system within the company that meets its needs and provides security, a sensible organizational system, known as a compliance management system (CMS), is required. On the one hand, this system must be perfectly tailored to the company and, on the other hand, it must constantly be adapted after implementation. This applies to all sectors of the economy.

A one-size-fits-all concept using a rigid, ready-made compliance management solution is not feasible due to the differing requirements arising from individual business objectives. 

As a basic principle, the requirements for compliance management systems differ according to a company's industrial sector, size, legal form and nationality (or international nature).

Functional compliance systems emphasize the corporate culture to which the company aspires. This is done by addressing concrete, existing company-specific factors (both internal and external) and representing them by means of suitable sets of rules in order to implement a model that is accepted by all employees - regardless of their level of hierarchy - and that is applicable and manageable in the daily working environment.

Most compliance systems in Germany take a similar approach in terms of their basic structures and procedures. The process of setting up a CMS includes:

1. Risk analysis phase to identify individual risks determined by the nature and character of the company in question by means of appropriate due diligence together with an analysis of existing precautions to ensure that behavior conforms to compliance requirements
2. Conception of the CMS
3. Implementation phase for the conceptual CMS
4. Monitoring phase together with any adjustments that may be required

Compliance management systems are characterized by the ensemble of established structures and measures within a company that ensure compliance (with both legal and ethical rules). This includes, but is not limited to, the following areas and measures:

• Compliance risk assessment and compliance risk management
• Export control systems
• Business partner checks
• Data protection
• Employment law
• Environmental compliance
• Product compliance/product liability
• Emergency measures and plans/pandemic plans
• Traveler compliance
• D&O insurance
• Documentation
• Internal audits
• Fulfilment of reporting requirements
• Compliance due diligence

A customized CMS helps identify possible compliance violations, breaches of duty and negligence at an early stage, making it possible to take proactive efforts in order to ward off civil and criminal liability risks and resulting severe penalties and reputational damage for companies, managers, supervisory bodies and senior executives.

Beyond being a mere legal imperative, compliance management should reflect a decision in favor of the corporate and economic value added. Ultimately, this is about safety and defending a reputation, which includes the avoidance of damage and costs such as sanctions or fines and the fostering of company-wide legally compliant behavior and a sustainable compliance culture.

Drawing on comprehensive and integrative expertise, our team of compliance experts will work with you to develop organizational and personnel measures and coordinate the compliance tools already implemented with those yet to be developed. Specifically, we will support you with:

• Setting up and optimizing a CMS
• Setting up and optimizing an ICS (internal control system)
• Setting up and optimizing a legal and compliance risk management system
• Setting up and optimizing internal auditing
• Setting up an automated compliance management
• Risk assessment
• Compliance risk analyses
• Compliance audits
• Business partner audits
• Compliance training
• Compliance due diligence
• Preventive corporate governance consulting
• Compliance tools (code of conduct, compliance policies, implementation guidance/signature matrix, management and employee training)
• Provision of an advising compliance officer
• Breaches of duty, claims for compensation, defense against liability claims
• Evaluating the compliance structure
• Disaster situations, emergency plans
• Whistleblower system/ombudsman
• Implementing a tax CMS 
• Risk control matrix 
• Explaining tax procedures
• Tax guidelines (modular by tax types)
• Audit of the tax CMS
• Optimizing the tax structure