The term “compliance” is used as an umbrella term to include statutory requirements that are supposed to prevent infringements of laws, or, if appropriate, apply sanctions. In particular in cases of corruption, as well as in the case of infringements of anti-trust law, both the company and the members of the Board personally are threatened with administrative fines and damage claims in a considerable scope unless they are able to provide evidence that they have a sustainable compliance system in place. In addition, national borders do not offer any protection at all against international or inter-continental prosecution.
Whereas for many years only major groups of companies were the focus of the investigating authorities, compliance requirements are now increasingly also affecting medium-sized businesses. In addition, corresponding obligations, especially of suppliers, often have to be entered into contractually, within the scope of the value creation chain. Appropriate, but in any case varied, measures are to be taken as a precaution, in line with the industry, the size of the company and the risk potential.
BMT assists you in analyzing your requirements, and seeks to jointly devise with you expedient steps for introducing a seamless compliance system. This equally applies should the existing compliance structure of your company require revision, due to increased demands. Appropriate and effective compliance management helps you avert damage from your company, avoid liability on the part of the Board of Directors, and maintain the company's good reputation.
Based on the expertise of our lawyers in all fields relevant to compliance, we are able to provide interdisciplinary advice. This puts us in a position to develop customised solutions extending in any and all matters of designing compliance. At BMT, expertise in IT law, data privacy, employment law, product liability law, law relating to economic offences and to tax offences, anti-trust law, competition law, company law and tax law is based on decades of legal practice. We are therefore able to design and implement compliance standards for our clients that are targeted towards the needs of their company.
We assist our clients in introducing, organizing and improving compliance systems – inclusive of accompanying training and measures to sensitise employees to this topic. In that regard, we take a preventative approach, and suggest measures which focus on avoiding and shielding against risks, rather than monitoring, discovering and repressively prosecuting violations.
A compliance system is only worthwhile if it is specifically tailored to the particular risks of the company. Based on our broad industry expertise, we provide comprehensive support in conducting company-related risk analyses (risk due diligence), proposing measures “with a sense of proportion”.
We assist our clients in developing and structuring a compliance department, as well as in selecting and training a suitable head of the compliance department (chief compliance officer). We will jointly set up notification systems (whistle-blowing systems) with you. In that respect, the lawyers at our firm will be happy to take on the role of the external ombudsperson. We also draft a code of conduct for the company as a whole, as well as compliance policies specific to particular segments, divisions, departments or units. These include, inter alia: anti-corruption policies, purchasing guidelines and policies on IT security, as well as on using e-mail and internet, data privacy and product safety, and also intellectual property rights and know-how.
The German General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz = AGG) obliges the employer to take suitable steps to protect employees from being disadvantaged. The employer can only avert damage claims if it has adopted such measures in the first place and can prove it. The latter already necessitates a “small” compliance system. We therefore recommend setting up such an entry-level system, and simultaneously using it for further compliance requirements. For example, it could be used for checking adherence to guidelines on working hours as well as to provisions on occupational health and safety, and also for creating regulations on accepting gifts, conduct in business relationships, the conduct of supervisors vis-à-vis subordinates, as well as the conduct of employees towards one another.
By means of an internal notification system, an outlet can be created, precisely in the field of employment law that has the capacity to rapidly counteract awkward developments. Mobbing and bossing, the acceptance of gifts that are recognisably too large, false travelling expense statements, discrimination and sexual harassment can, for instance, be notified.
Corruption begins at the point of exerting an influence by giving “small” gifts, and extends up to institutionalised bribery through “grease payments”, or even extortion. Whether corruption within the company constitutes a serious problem or rather a fringe phenomenon is usually dependent upon the industry in question, and especially the relevant departments. We offer assistance in identifying the areas of your company which are possibly prone to corruption, and in implementing appropriate, efficient and effective measures designed to prevent, discover and to further deal with corruption.
Büsing, Müffelmann & Theye advises its clients on proactively avoiding risks and losses arising from product liability. Under the aspect of product liability risks, product safety and product quality are to be observed at every phase of the emergence of the product and the marketing that follows. Here we look at the entire value added process, from the research and development phase to production and the instructions for use. Furthermore, we formulate strategies for overcoming product crises and product recalls, including the strategies for communicating with regulatory authorities and the public.
Anti-trust law concerns every business, both owner-operated sole proprietorships and also multinational groups. Compliance structures in the field of anti-trust law can be established in many companies without any great organisational effort. Oftentimes clear-cut rules of conduct, training and a well-designed corporate governance will do. Conversely, infringements of anti-trust law may entail serious consequences for the company and its governing bodies. BMT assists companies in implementing and realising suitable compliance measures.
Compliance in IT: The company’s internal IT departments are mostly under extreme pressure to fulfil the technical requirements specified and demanded by the operating departments. In this respect, designing the IT structure in a way so that it is in line with the compliance regulations inevitably does not always take precedence. Accordingly, it is not only traditional forms of corruption in IT procurement that need to be addressed. The market situation today can easily lead to commissioning bogus self-employed persons. Through poor licence management practices, licence violations often arise to which penal sanctions need to be applied. Data privacy and data security need to be looked into and, if necessary, improved upon, if they were not sufficiently taken into consideration at the time earlier IT solutions were designed. Compliance in IT makes it necessary to design the IT structure in a way so that it is in line with the company’s requirements and conforms to the compliance regulations, which should, not least, be set out and reflected in the corresponding contracts. IT-based compliance: It is frequently overlooked that these days almost all compliance-relevant procedures are IT-based. The introduction of a compliance system therefore also usually involves interventions in the IT. This reorganisation is termed “IT-based compliance”. It includes the services and results that are created with the help of IT. Examples of the latter are: declarations under commercial and fiscal law, adherence to legal provisions governing websites on your company’s internet presence, compliance with product legislation and industry-specific standards, and designing business processes so as to comply with data privacy regulations.